ITN 261 STUDY GUIDE MID-TERM
QUESTIONS & ANSWERS 100% SOLVED
Ryan received a security audit that included a finding that the organization lacked
sufficient physical controls in its security program. What action is Ryan most likely to
take?
a) Install a new firewall
b) Upgrade an existing fence
c) Enhance an existing policy
d) Upgrade existing encryption - ANSWERUpgrade an existing fence
Which hacking methodology is defined as an attacker wanting to cover their tracks by
erasing any traces of their presence in the target system?
a) Assault
b) Exfiltration
c) Infiltration and escalation
d) Obfuscation - ANSWERObfuscation
Which method of preventing port scanning from returning useful information to an
attacker uses the same tools as the attacker?
a) Deny all
b) Firewall testing
c) Port scanning
d) Proper design - ANSWERPort scanning
True or False? The first step in active reconnaissance is the gathering of information
about software in use by the target.
a) True
b) False - ANSWERFalse
Maria is conducting a security investigation and has identified a suspect. The suspect is
an employee of the organization who had access to a server file share containing
sensitive information. The employee routinely accesses that share during the normal
course of business but is suspected of stealing sensitive information from it and sending
it to a competitor. Which element of a crime has Maria not yet established?
a) Motive
b) Opportunity
c) Means
d) Ownership - ANSWERMotive
, Which of the following refers to the structured and methodical means of investigating,
identifying, attacking, and reporting on a target system's strengths and vulnerabilities?
a) Auditing
b) Penetration Testing
c) Authentication
d) Reconnaissance - ANSWERPenetration Testing
Which of the following is not a common use of live Linux distributions?
a) Increasing random access memory (RAM) on a system
b) Testing new software
c) Evaluating hardware configuration
d) Multibooting - ANSWERIncreasing random access memory (RAM) on a system
Which of the following techniques is used to mark the presence of access points with
special symbols and glyphs used to inform others who might follow about the presence
of a Wi-Fi network?
a) Warflying
b) Warwalking
c) Warjogging
d) Warchalking - ANSWERWarchalking
True or False? The hacking community engages in more "lone wolf" types of hacking
activities as opposed to working as teams.
a) True
b) False - ANSWERFalse
Planning, discovery, attack, and reporting are considered:
a) Antivirus steps
b) Penetration testing steps
c) Intrusion Detection steps
d) Auditing steps - ANSWERPenetration testing steps
True or False? Penetration testing involves simulating an attack in order to determine
what would happen to an organization if an actual attack occurred.
a) True
b) False - ANSWERTrue
1. True or False? The more secure a system becomes, the more convenient it tends to
be.
a) True
b) False - ANSWERFalse
True or False? In black-box penetration testing, advanced knowledge is provided to the
testing team.
a) True
b) False - ANSWERFalse
QUESTIONS & ANSWERS 100% SOLVED
Ryan received a security audit that included a finding that the organization lacked
sufficient physical controls in its security program. What action is Ryan most likely to
take?
a) Install a new firewall
b) Upgrade an existing fence
c) Enhance an existing policy
d) Upgrade existing encryption - ANSWERUpgrade an existing fence
Which hacking methodology is defined as an attacker wanting to cover their tracks by
erasing any traces of their presence in the target system?
a) Assault
b) Exfiltration
c) Infiltration and escalation
d) Obfuscation - ANSWERObfuscation
Which method of preventing port scanning from returning useful information to an
attacker uses the same tools as the attacker?
a) Deny all
b) Firewall testing
c) Port scanning
d) Proper design - ANSWERPort scanning
True or False? The first step in active reconnaissance is the gathering of information
about software in use by the target.
a) True
b) False - ANSWERFalse
Maria is conducting a security investigation and has identified a suspect. The suspect is
an employee of the organization who had access to a server file share containing
sensitive information. The employee routinely accesses that share during the normal
course of business but is suspected of stealing sensitive information from it and sending
it to a competitor. Which element of a crime has Maria not yet established?
a) Motive
b) Opportunity
c) Means
d) Ownership - ANSWERMotive
, Which of the following refers to the structured and methodical means of investigating,
identifying, attacking, and reporting on a target system's strengths and vulnerabilities?
a) Auditing
b) Penetration Testing
c) Authentication
d) Reconnaissance - ANSWERPenetration Testing
Which of the following is not a common use of live Linux distributions?
a) Increasing random access memory (RAM) on a system
b) Testing new software
c) Evaluating hardware configuration
d) Multibooting - ANSWERIncreasing random access memory (RAM) on a system
Which of the following techniques is used to mark the presence of access points with
special symbols and glyphs used to inform others who might follow about the presence
of a Wi-Fi network?
a) Warflying
b) Warwalking
c) Warjogging
d) Warchalking - ANSWERWarchalking
True or False? The hacking community engages in more "lone wolf" types of hacking
activities as opposed to working as teams.
a) True
b) False - ANSWERFalse
Planning, discovery, attack, and reporting are considered:
a) Antivirus steps
b) Penetration testing steps
c) Intrusion Detection steps
d) Auditing steps - ANSWERPenetration testing steps
True or False? Penetration testing involves simulating an attack in order to determine
what would happen to an organization if an actual attack occurred.
a) True
b) False - ANSWERTrue
1. True or False? The more secure a system becomes, the more convenient it tends to
be.
a) True
b) False - ANSWERFalse
True or False? In black-box penetration testing, advanced knowledge is provided to the
testing team.
a) True
b) False - ANSWERFalse
