ITN 261 MIDTERM QUESTIONS &
ANSWERS (RATED A+)
A Trojan horse is an example of malicious code. - ANSWERTrue
Denial of service (DoS) attacks overload a system's resources so it cannot provide the
required services. - ANSWERTrue
Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are
considered physical controls. - ANSWERFalse
Inside attacks against an organization do not cause a serious threat because they are
rarely effective. - ANSWERFalse
White-hat hackers are sometimes referred to as ethical hackers. - ANSWERTrue
Hacking has always been motivated by causing damage or stealing information. -
ANSWERFalse
Over the past few years, the hacking community has engaged in more "lone wolf" types
of hacking activities as opposed to working as teams. - ANSWERFalse
Hacktivism is considered an ethical form of hacking. - ANSWERFalse
Penetration testing involves simulating an attack in order to determine what would
happen to an organization if an actual attack had occurred. - ANSWERTrue
Hoax viruses are those designed to make the user take action even though no infection
or threat exists. - ANSWERTrue
Logic bombs are relatively easy to detect. - ANSWERFalse
Modern antivirus software is not equipped to deal with the problems polymorphic
viruses pose. - ANSWERFalse
If any part of a multipartite virus is not eradicated from the infected system, it can re-
infect the system. - ANSWERTrue
Antivirus software cannot detect suspicious behavior of applications on a system. -
ANSWERFalse
,Worms require user intervention for their infection to take place; viruses do not. -
ANSWERFalse
In black-box testing, advanced knowledge is provided to the testing team. -
ANSWERFalse
A system can be considered completely secure once it passes an IT audit. -
ANSWERFalse
Security and convenience work hand in hand—the more secure a system becomes, the
more convenient it tends to be. - ANSWERFalse
An ethical hacker strives to maintain the integrity of disclosure, alteration, and
disruption. - ANSWERFalse
In the ethical hacking and security process, all assets are considered to have equal
value for an organization. - ANSWERFalse
Planting a backdoor on a system allows an attacker to regain access at a later time. -
ANSWERTrue
Penetration testing requires rules to be agreed upon in advance. - ANSWERTrue
The first step in penetration testing is to actually perform the attack. - ANSWERFalse
Employees should always be notified in advance that a penetration test is going to be
performed. - ANSWERFalse
If an ethical hacker breaks a limit placed upon a test, there may be sufficient cause for a
client to take legal action against the ethical hacker. - ANSWERTrue
Which of the following refers to a piece of code designed to cause harm that is
intentionally inserted into a software system and will activate upon the occurrence of
some predetermined data, time, or event? - ANSWERLogic Bomb
Denial of service (DoS) and distributed denial of service (DDoS) attacks have the same
effect; however, a distributed denial of service (DDos) attack: - ANSWERis launched
from large numbers of hosts that have been compromised and act after receiving a
particular command.
While "hacker" has become a universal term for people who break the law or break into
systems without authorization, these people are more correctly known as: -
ANSWERcrackers.
, Which of the following refers to a piece of software, a tool, or a technique that targets or
takes advantage of a vulnerability? - ANSWERExploit
Which of the following is NOT considered one of the three types of controls you can use
in risk mitigation? - ANSWERDistribution
Which of the following refers to hacking that is carried out to bring attention to a cause,
group, or political ideology? - ANSWERHacktivism
Accessing a system of computers without authorization is considered to be: -
ANSWERa network intrusion.
Which of the following statements is true regarding ethical hackers? - ANSWEREthical
hackers engage in their activities only with the permission of the asset owner.
Which of the following refers to the structured and methodical means of investigating,
uncovering, attacking, and reporting on a target system's strengths and vulnerabilities? -
ANSWERPenetration testing
What type of penetration testing is most often used when an organization wants to
closely simulate how an attacker views a system? - ANSWERBlack-box testing
The ethical hacker is tasked with evaluating the overall state of security. The core
principles of security involve preserving all of the following except: -
ANSWERdisclosure.
A major difference between a hacker and an ethical hacker is the: - ANSWERcode of
ethics to which each subscribes.
Footprinting, scanning, enumeration, system hacking, escalation of privilege, covering
tracks, and planting backdoors are considered: - ANSWERhacking steps.
Planning, discovery, attack, and reporting are considered: - ANSWERethical hacking
steps.
Which of the following tests is designed to simulate an attack against technology from
either the inside or the outside depending on the goals and intentions of the client? -
ANSWERTechnical attack
Which of the following tests is designed to find loopholes or shortcomings in how tasks
and operational processes are performed? - ANSWERAdministrative attack
Which of the following tests includes anything that targets equipment or facilities and
can also include actions against people, such as social engineering-related threats? -
ANSWERPhysical attack
ANSWERS (RATED A+)
A Trojan horse is an example of malicious code. - ANSWERTrue
Denial of service (DoS) attacks overload a system's resources so it cannot provide the
required services. - ANSWERTrue
Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are
considered physical controls. - ANSWERFalse
Inside attacks against an organization do not cause a serious threat because they are
rarely effective. - ANSWERFalse
White-hat hackers are sometimes referred to as ethical hackers. - ANSWERTrue
Hacking has always been motivated by causing damage or stealing information. -
ANSWERFalse
Over the past few years, the hacking community has engaged in more "lone wolf" types
of hacking activities as opposed to working as teams. - ANSWERFalse
Hacktivism is considered an ethical form of hacking. - ANSWERFalse
Penetration testing involves simulating an attack in order to determine what would
happen to an organization if an actual attack had occurred. - ANSWERTrue
Hoax viruses are those designed to make the user take action even though no infection
or threat exists. - ANSWERTrue
Logic bombs are relatively easy to detect. - ANSWERFalse
Modern antivirus software is not equipped to deal with the problems polymorphic
viruses pose. - ANSWERFalse
If any part of a multipartite virus is not eradicated from the infected system, it can re-
infect the system. - ANSWERTrue
Antivirus software cannot detect suspicious behavior of applications on a system. -
ANSWERFalse
,Worms require user intervention for their infection to take place; viruses do not. -
ANSWERFalse
In black-box testing, advanced knowledge is provided to the testing team. -
ANSWERFalse
A system can be considered completely secure once it passes an IT audit. -
ANSWERFalse
Security and convenience work hand in hand—the more secure a system becomes, the
more convenient it tends to be. - ANSWERFalse
An ethical hacker strives to maintain the integrity of disclosure, alteration, and
disruption. - ANSWERFalse
In the ethical hacking and security process, all assets are considered to have equal
value for an organization. - ANSWERFalse
Planting a backdoor on a system allows an attacker to regain access at a later time. -
ANSWERTrue
Penetration testing requires rules to be agreed upon in advance. - ANSWERTrue
The first step in penetration testing is to actually perform the attack. - ANSWERFalse
Employees should always be notified in advance that a penetration test is going to be
performed. - ANSWERFalse
If an ethical hacker breaks a limit placed upon a test, there may be sufficient cause for a
client to take legal action against the ethical hacker. - ANSWERTrue
Which of the following refers to a piece of code designed to cause harm that is
intentionally inserted into a software system and will activate upon the occurrence of
some predetermined data, time, or event? - ANSWERLogic Bomb
Denial of service (DoS) and distributed denial of service (DDoS) attacks have the same
effect; however, a distributed denial of service (DDos) attack: - ANSWERis launched
from large numbers of hosts that have been compromised and act after receiving a
particular command.
While "hacker" has become a universal term for people who break the law or break into
systems without authorization, these people are more correctly known as: -
ANSWERcrackers.
, Which of the following refers to a piece of software, a tool, or a technique that targets or
takes advantage of a vulnerability? - ANSWERExploit
Which of the following is NOT considered one of the three types of controls you can use
in risk mitigation? - ANSWERDistribution
Which of the following refers to hacking that is carried out to bring attention to a cause,
group, or political ideology? - ANSWERHacktivism
Accessing a system of computers without authorization is considered to be: -
ANSWERa network intrusion.
Which of the following statements is true regarding ethical hackers? - ANSWEREthical
hackers engage in their activities only with the permission of the asset owner.
Which of the following refers to the structured and methodical means of investigating,
uncovering, attacking, and reporting on a target system's strengths and vulnerabilities? -
ANSWERPenetration testing
What type of penetration testing is most often used when an organization wants to
closely simulate how an attacker views a system? - ANSWERBlack-box testing
The ethical hacker is tasked with evaluating the overall state of security. The core
principles of security involve preserving all of the following except: -
ANSWERdisclosure.
A major difference between a hacker and an ethical hacker is the: - ANSWERcode of
ethics to which each subscribes.
Footprinting, scanning, enumeration, system hacking, escalation of privilege, covering
tracks, and planting backdoors are considered: - ANSWERhacking steps.
Planning, discovery, attack, and reporting are considered: - ANSWERethical hacking
steps.
Which of the following tests is designed to simulate an attack against technology from
either the inside or the outside depending on the goals and intentions of the client? -
ANSWERTechnical attack
Which of the following tests is designed to find loopholes or shortcomings in how tasks
and operational processes are performed? - ANSWERAdministrative attack
Which of the following tests includes anything that targets equipment or facilities and
can also include actions against people, such as social engineering-related threats? -
ANSWERPhysical attack
