,Solution manual for Hands-On Ethical Hacking and
Network Defense, 4th Edition Rob S. Wilson
Notes
1- The file is chapter after chapter.
2- We have shown you 10 pages.
3- The file contains all Appendix and Excel
sheet if it exists.
4- We have all what you need, we make
update at every time. There are many new
editions waiting you.
5- If you think you purchased the wrong file
You can contact us at every time, we can
replace it with true one.
Our email:
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
Solution and Answer Guide
Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
Table of Contents
Hands-On Activities ....................................................................................................................................... 1
Activity 1-1: Determining the Corporate Need for IT Security Professionals ............................................. 1
Activity 1-2: Examining the Top 25 Most Dangerous Software Flaws....................................................... 2
Activity 1-3: Identifying Computer Statutes in Your State or Country ...................................................... 2
Activity 1-4: Examining Federal and International Computer Crime Laws ................................................ 3
Review Questions .......................................................................................................................................... 3
Case Projects ................................................................................................................................................. 8
Case Project 1-1: Determining Legal Requirements for Penetration Testing ............................................ 8
Case Project 1-2: Researching Hacktivists at Work ................................................................................... 9
Ethical Hacking for Life: Module 1 Ethical Hacking Overview ...................................................................... 10
Grading Rubric for Ethical Hacking for Life .............................................................................................. 11
Reflection: Module 1 ................................................................................................................................... 11
Grading Rubric for Reflection .................................................................................................................. 11
Hands-On Activities
Activity 1-1: Determining the Corporate Need for IT Security
Professionals
Time Required: 10 minutes
Objective: Examine corporations looking to employ IT security professionals.
Description: Many companies are eager to employ or contract security testers for their corporate
networks. In this activity, you search the Internet for job postings, using the keywords “IT Security,” and
read some job descriptions to determine the IT skills (as well as any non-IT skills) most companies want
an applicant to possess.
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 1
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
1. Start your web browser and go to indeed.com.
2. In the What search box, type IT Security. In the Where search box, enter the name of a major
city near you, and then press Enter.
3. Note the number of jobs. Select three to five job postings and read the job description in each
posting.
4. When you’re finished, exit your web browser.
Answer: Student should complete activity in their web browser. No submitted response is required.
Activity 1-2: Examining the Top 25 Most Dangerous
Software Flaws
Time Required: 15 minutes
Objective: Examine the SANS list of the most common network exploits.
Description: As fast as IT security professionals attempt to correct network vulnerabilities, someone
creates new exploits, and network security professionals must keep up to date on these exploits. In this
activity, you examine some current exploits used to attack networks. Don’t worry—you won’t have to
memorize your findings. This activity simply gives you an introduction to the world of network security.
1. Start your web browser and go to www.sans.org.
2. Under Resources, click the Top 25 Programming Errors link. (Because websites change
frequently, you might have to search to find this link.)
3. Read the contents of the Top 25 list. (This document changes often to reflect the many new
exploits created daily.) The Top 25 list is also known as the Top 25 Most Dangerous Software
Errors. Links in the list explain the scoring system and framework used to rank these errors.
4. Investigate the first few flaws by clicking the CWE-# link. For each flaw, note the description,
applicable platform, and consequences.
5. When you’re finished, exit your web browser.
Answer: Student should complete activity in their web browser. No submitted response is required.
Activity 1-3: Identifying Computer Statutes in Your State
or Country
Time Required: 30 minutes
Objective: Learn what laws might prohibit you from conducting a network penetration test in your state
or country.
Description: For this activity, you use Internet search engines to gather information on computer crime
in your state or country (or a location selected by your instructor). You have been hired by ExecuTech, a
security consulting company, to gather information on any new statutes or laws that might affect the
security testers it employs. Write a one-page memo to Liang Choi, director of security and operations,
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 2
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
listing applicable statutes or laws and offering recommendations to management. For example, you
might note in your memo that conducting a denial-of-service attack on a company’s network is illegal
because your state’s penal code prohibits this type of attack unless authorized by the owner.
Answer: Answers will vary. The memo should include state laws that might affect how a penetration test
could be conducted as well as problems that might arise because of state laws. The memo could also ask
that management draw up a contract addressing any risks or possible network degradation that might
occur during testing.
Activity 1-4: Examining Federal and International Computer
Crime Laws
Time Required: 30 minutes
Objective: Increase your understanding of U.S. federal and international laws related to computer
crime.
Description: For this activity, use Internet search engines to gather information on U.S. Code, Title 18,
Sec. 1030, which covers fraud and related activity in connection with computers. Also, research the
Convention on Cybercrime (the Budapest Convention). Write a summary explaining how these laws can
affect ethical hackers and security testers.
Answer: Answers will vary. The summary should mention some key elements, such as (a)(2)
“intentionally accesses a computer without authorization or exceeds authorized access, and thereby
obtains ….” Section (g) states: “Any person who suffers damage or loss by reason of a violation of this
section may maintain a civil action against the violator.” The summary might also mention the possibility
of a lawsuit. Students need to understand that this federal law addresses government computers and
financial systems. Students should mention what nations are part of the Convention on Cybercrime
(Budapest Convention).
Review Questions
1. The U.S. Department of Justice defines a hacker as which of the following?
a. A person who accesses a computer or network without the owner’s permission
b. A penetration tester
c. A person who uses phone services without payment
d. A person who accesses a computer or network system with the owner’s permission
Answer: a. A person who accesses a computer or network without the owner’s permission
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 3
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
2. A penetration tester is which of the following?
a. A person who breaks into a computer or network without permission from the owner
b. A person who uses telephone services without payment
c. A security professional hired to break into a network to discover vulnerabilities
d. A hacker who breaks into a system without permission but doesn’t delete or destroy files
Answer: c. A security professional hired to hack into a network to discover vulnerabilities
3. Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or
programs as which of the following? (Choose all that apply.)
a. Script monkeys
b. Packet kiddies
c. Packet monkeys
d. Script kiddies
Answer: c. Packet monkeys d. Script kiddies
4. What three models do penetration or security testers use to conduct tests?
Answer: white box, black box, gray box
5. A team composed of people with varied skills who attempt to penetrate a network is called which of
the following?
a. Green team
b. Blue team
c. Black team
d. Red team
Answer: d. Red team
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 4
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
6. How can you find out which computer crime laws are applicable in your state? (Choose all that apply.)
a. Contact your local law enforcement agencies.
b. Contact your ISP provider.
c. Contact your local computer store vendor.
d. Research online for the laws in your area.
Answer: a. Contact your local law enforcement agencies. d. Research online for the laws in your area.
7. What portion of your ISP contract might affect your ability to conduct a penetration test over the
Internet?
a. Scanning policy
b. Port access policy
c. Acceptable use policy
d. Warranty policy
Answer: c. Acceptable use policy
8. If you run a program in New York City that uses network resources to the extent that a user is denied
access to them, what type of law have you violated?
a. City
b. State
c. Local
d. Federal
Answer: d. Federal
9. Which federal law prohibits unauthorized access of classified information?
a. Computer Fraud and Abuse Act, Title 18
b. Electronic Communication Privacy Act
c. Stored Wire and Electronic Communications and Transactional Records Act
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 5
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
d. Fifth Amendment
Answer: a. Computer Fraud and Abuse Act, Title 18
10. Which federal law prohibits intercepting any communication, regardless of how it was transmitted?
a. Computer Fraud and Abuse Act, Title 18
b. Electronic Communication Privacy Act
c. Stored Wire and Electronic Communications and Transactional Records Act
d. Fourth Amendment
Answer: b. Electronic Communication Privacy Act
11. Which federal law amended Chapter 119 of Title 18, U.S. Code?
a. Computer Fraud and Abuse Act, Title 18
b. Electronic Communication Privacy Act
c. Stored Wire and Electronic Communications and Transactional Records Act
d. U.S. PATRIOT Act, Sec. 217: Interception of Computer Trespasser Communication
Answer: d. U.S. PATRIOT Act, Sec. 217: Interception of Computer Trespasser Communications
12. What is the Budapest Convention?
a. A hacking convention held in Europe
b. The first international treaty seeking to address Internet and computer crime
c. International rules governing penetration testing
d. A European treaty governing the protection of personal information
Answer: b. The first international treaty seeking to address Internet and computer crime
13. What organization offers the CEH certification exam?
a. a. ISC2
b. b. EC-Council
c. c. CompTIA
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 6
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
d. d. GIAC
Answer: b. EC-Council
14. What organization offers the PenTest1 certification exam?
a. ISC2
b. CompTIA
c. SANS Institute
d. GIAC
Answer: b. CompTIA
15. What is an OSCP?
a. Open Security Consultant Professional
b. Offensive Security Certified Professional
c. Official Security Computer Programmer
d. OSSTMM Security Certified Professional
Answer: b. Offensive Security Certified Professional
16. As a security tester, what should you do before installing hacking software on your computer?
(Choose all that apply.)
a. Check with local law enforcement agencies.
b. Contact your hardware vendor.
c. Contact your ISP.
d. Research online for the laws in your area.
Answer: a. Check with local law enforcement agencies. d. Research online for the laws in your area.
17. Before using hacking software over the Internet, you should contact which of the following? (Choose
all that apply.)
a. Your ISP
b. Your vendor
c. Local law enforcement authorities to check for compliance
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 7
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
d. The FBI
Answer: a. Your ISP c. c. Local law enforcement authorities to check for compliance
18. Which organization issues the Top 25 list of software errors?
a. SANS Institute
b. ISECOM
c. EC-Council
d. OPST
Answer: a. SANS Institute
19. A written contract isn’t necessary when a friend recommends a client. True or False?
Answer: False
20. A security tester should have which of the following attributes? (Choose all that apply.)
a. Good listening skills
b. Knowledge of networking and computer technology
c. Good verbal and written communication skills
d. An interest in securing networks and computer systems
Answer: a., b., c., and d.
Case Projects
Case Project 1-1: Determining Legal Requirements for
Penetration Testing
Time Required: 45 minutes
Objective: Increase your understanding of state and federal laws related to computer crime.
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 8
website, in whole or in part.
Network Defense, 4th Edition Rob S. Wilson
Notes
1- The file is chapter after chapter.
2- We have shown you 10 pages.
3- The file contains all Appendix and Excel
sheet if it exists.
4- We have all what you need, we make
update at every time. There are many new
editions waiting you.
5- If you think you purchased the wrong file
You can contact us at every time, we can
replace it with true one.
Our email:
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
Solution and Answer Guide
Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
Table of Contents
Hands-On Activities ....................................................................................................................................... 1
Activity 1-1: Determining the Corporate Need for IT Security Professionals ............................................. 1
Activity 1-2: Examining the Top 25 Most Dangerous Software Flaws....................................................... 2
Activity 1-3: Identifying Computer Statutes in Your State or Country ...................................................... 2
Activity 1-4: Examining Federal and International Computer Crime Laws ................................................ 3
Review Questions .......................................................................................................................................... 3
Case Projects ................................................................................................................................................. 8
Case Project 1-1: Determining Legal Requirements for Penetration Testing ............................................ 8
Case Project 1-2: Researching Hacktivists at Work ................................................................................... 9
Ethical Hacking for Life: Module 1 Ethical Hacking Overview ...................................................................... 10
Grading Rubric for Ethical Hacking for Life .............................................................................................. 11
Reflection: Module 1 ................................................................................................................................... 11
Grading Rubric for Reflection .................................................................................................................. 11
Hands-On Activities
Activity 1-1: Determining the Corporate Need for IT Security
Professionals
Time Required: 10 minutes
Objective: Examine corporations looking to employ IT security professionals.
Description: Many companies are eager to employ or contract security testers for their corporate
networks. In this activity, you search the Internet for job postings, using the keywords “IT Security,” and
read some job descriptions to determine the IT skills (as well as any non-IT skills) most companies want
an applicant to possess.
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 1
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
1. Start your web browser and go to indeed.com.
2. In the What search box, type IT Security. In the Where search box, enter the name of a major
city near you, and then press Enter.
3. Note the number of jobs. Select three to five job postings and read the job description in each
posting.
4. When you’re finished, exit your web browser.
Answer: Student should complete activity in their web browser. No submitted response is required.
Activity 1-2: Examining the Top 25 Most Dangerous
Software Flaws
Time Required: 15 minutes
Objective: Examine the SANS list of the most common network exploits.
Description: As fast as IT security professionals attempt to correct network vulnerabilities, someone
creates new exploits, and network security professionals must keep up to date on these exploits. In this
activity, you examine some current exploits used to attack networks. Don’t worry—you won’t have to
memorize your findings. This activity simply gives you an introduction to the world of network security.
1. Start your web browser and go to www.sans.org.
2. Under Resources, click the Top 25 Programming Errors link. (Because websites change
frequently, you might have to search to find this link.)
3. Read the contents of the Top 25 list. (This document changes often to reflect the many new
exploits created daily.) The Top 25 list is also known as the Top 25 Most Dangerous Software
Errors. Links in the list explain the scoring system and framework used to rank these errors.
4. Investigate the first few flaws by clicking the CWE-# link. For each flaw, note the description,
applicable platform, and consequences.
5. When you’re finished, exit your web browser.
Answer: Student should complete activity in their web browser. No submitted response is required.
Activity 1-3: Identifying Computer Statutes in Your State
or Country
Time Required: 30 minutes
Objective: Learn what laws might prohibit you from conducting a network penetration test in your state
or country.
Description: For this activity, you use Internet search engines to gather information on computer crime
in your state or country (or a location selected by your instructor). You have been hired by ExecuTech, a
security consulting company, to gather information on any new statutes or laws that might affect the
security testers it employs. Write a one-page memo to Liang Choi, director of security and operations,
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 2
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
listing applicable statutes or laws and offering recommendations to management. For example, you
might note in your memo that conducting a denial-of-service attack on a company’s network is illegal
because your state’s penal code prohibits this type of attack unless authorized by the owner.
Answer: Answers will vary. The memo should include state laws that might affect how a penetration test
could be conducted as well as problems that might arise because of state laws. The memo could also ask
that management draw up a contract addressing any risks or possible network degradation that might
occur during testing.
Activity 1-4: Examining Federal and International Computer
Crime Laws
Time Required: 30 minutes
Objective: Increase your understanding of U.S. federal and international laws related to computer
crime.
Description: For this activity, use Internet search engines to gather information on U.S. Code, Title 18,
Sec. 1030, which covers fraud and related activity in connection with computers. Also, research the
Convention on Cybercrime (the Budapest Convention). Write a summary explaining how these laws can
affect ethical hackers and security testers.
Answer: Answers will vary. The summary should mention some key elements, such as (a)(2)
“intentionally accesses a computer without authorization or exceeds authorized access, and thereby
obtains ….” Section (g) states: “Any person who suffers damage or loss by reason of a violation of this
section may maintain a civil action against the violator.” The summary might also mention the possibility
of a lawsuit. Students need to understand that this federal law addresses government computers and
financial systems. Students should mention what nations are part of the Convention on Cybercrime
(Budapest Convention).
Review Questions
1. The U.S. Department of Justice defines a hacker as which of the following?
a. A person who accesses a computer or network without the owner’s permission
b. A penetration tester
c. A person who uses phone services without payment
d. A person who accesses a computer or network system with the owner’s permission
Answer: a. A person who accesses a computer or network without the owner’s permission
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 3
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
2. A penetration tester is which of the following?
a. A person who breaks into a computer or network without permission from the owner
b. A person who uses telephone services without payment
c. A security professional hired to break into a network to discover vulnerabilities
d. A hacker who breaks into a system without permission but doesn’t delete or destroy files
Answer: c. A security professional hired to hack into a network to discover vulnerabilities
3. Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or
programs as which of the following? (Choose all that apply.)
a. Script monkeys
b. Packet kiddies
c. Packet monkeys
d. Script kiddies
Answer: c. Packet monkeys d. Script kiddies
4. What three models do penetration or security testers use to conduct tests?
Answer: white box, black box, gray box
5. A team composed of people with varied skills who attempt to penetrate a network is called which of
the following?
a. Green team
b. Blue team
c. Black team
d. Red team
Answer: d. Red team
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 4
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
6. How can you find out which computer crime laws are applicable in your state? (Choose all that apply.)
a. Contact your local law enforcement agencies.
b. Contact your ISP provider.
c. Contact your local computer store vendor.
d. Research online for the laws in your area.
Answer: a. Contact your local law enforcement agencies. d. Research online for the laws in your area.
7. What portion of your ISP contract might affect your ability to conduct a penetration test over the
Internet?
a. Scanning policy
b. Port access policy
c. Acceptable use policy
d. Warranty policy
Answer: c. Acceptable use policy
8. If you run a program in New York City that uses network resources to the extent that a user is denied
access to them, what type of law have you violated?
a. City
b. State
c. Local
d. Federal
Answer: d. Federal
9. Which federal law prohibits unauthorized access of classified information?
a. Computer Fraud and Abuse Act, Title 18
b. Electronic Communication Privacy Act
c. Stored Wire and Electronic Communications and Transactional Records Act
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 5
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
d. Fifth Amendment
Answer: a. Computer Fraud and Abuse Act, Title 18
10. Which federal law prohibits intercepting any communication, regardless of how it was transmitted?
a. Computer Fraud and Abuse Act, Title 18
b. Electronic Communication Privacy Act
c. Stored Wire and Electronic Communications and Transactional Records Act
d. Fourth Amendment
Answer: b. Electronic Communication Privacy Act
11. Which federal law amended Chapter 119 of Title 18, U.S. Code?
a. Computer Fraud and Abuse Act, Title 18
b. Electronic Communication Privacy Act
c. Stored Wire and Electronic Communications and Transactional Records Act
d. U.S. PATRIOT Act, Sec. 217: Interception of Computer Trespasser Communication
Answer: d. U.S. PATRIOT Act, Sec. 217: Interception of Computer Trespasser Communications
12. What is the Budapest Convention?
a. A hacking convention held in Europe
b. The first international treaty seeking to address Internet and computer crime
c. International rules governing penetration testing
d. A European treaty governing the protection of personal information
Answer: b. The first international treaty seeking to address Internet and computer crime
13. What organization offers the CEH certification exam?
a. a. ISC2
b. b. EC-Council
c. c. CompTIA
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 6
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
d. d. GIAC
Answer: b. EC-Council
14. What organization offers the PenTest1 certification exam?
a. ISC2
b. CompTIA
c. SANS Institute
d. GIAC
Answer: b. CompTIA
15. What is an OSCP?
a. Open Security Consultant Professional
b. Offensive Security Certified Professional
c. Official Security Computer Programmer
d. OSSTMM Security Certified Professional
Answer: b. Offensive Security Certified Professional
16. As a security tester, what should you do before installing hacking software on your computer?
(Choose all that apply.)
a. Check with local law enforcement agencies.
b. Contact your hardware vendor.
c. Contact your ISP.
d. Research online for the laws in your area.
Answer: a. Check with local law enforcement agencies. d. Research online for the laws in your area.
17. Before using hacking software over the Internet, you should contact which of the following? (Choose
all that apply.)
a. Your ISP
b. Your vendor
c. Local law enforcement authorities to check for compliance
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 7
website, in whole or in part.
, Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network
Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
d. The FBI
Answer: a. Your ISP c. c. Local law enforcement authorities to check for compliance
18. Which organization issues the Top 25 list of software errors?
a. SANS Institute
b. ISECOM
c. EC-Council
d. OPST
Answer: a. SANS Institute
19. A written contract isn’t necessary when a friend recommends a client. True or False?
Answer: False
20. A security tester should have which of the following attributes? (Choose all that apply.)
a. Good listening skills
b. Knowledge of networking and computer technology
c. Good verbal and written communication skills
d. An interest in securing networks and computer systems
Answer: a., b., c., and d.
Case Projects
Case Project 1-1: Determining Legal Requirements for
Penetration Testing
Time Required: 45 minutes
Objective: Increase your understanding of state and federal laws related to computer crime.
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 8
website, in whole or in part.
