C 701 ETHICAL HACKING PRE-ASSESSMENT – QUESTION AND ANSWERS | 2022 LATEST UPDATE

Because attackers break into systems for various reasons, it is important for information security professionals to understand how malicious hackers exploit systems and the probable reasons behind the attacks. True False Information security refers to or information and information systems that use, store, and transmit information from unauthorized access, disclosure, alteration, and destruction. Duplicating / saving Compiling / securing Protecting / safeguarding Imaging / shielding Information is not the critical asset that organizations need to secure. False True An example of is when a hacker derives great satisfaction from breaking down the toughest network security, which not everyone can do. Vulnerability Hack value Payload Exploit Is a security loophole that allows an attacker to enter the System by bypassing various user authentications. A hack value An exploit A payload A vulnerability Refers to malicious software or commands that can cause unanticipated behavior of legitimate software or hardware through attackers taking advantage of the vulnerabilities. A payload A hack value An infected program An exploit Is the part of a malware or an exploit that performs the intended malicious actions, which can include creating backdoor access to a victim’s machine, damaging or deleting files, and data theft? Hack value Payload Vulnerability Exploit In a , the attacker exploits vulnerabilities in a computer application before the software developer can release a patch for them. Zero-day attack Payload Hack value vulnerability Involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information. A zero-day attack Doxing A bot Daisy chaining Refers to gathering and publishing personally identifiable information such as an individual’s name and email address, or other sensitive information pertaining to an entire organization. A bot A zero-day attack Doxing Daisy chaining Are used as agents that carry out malicious activity over the Internet. Zero-day attacks Robots Bots Data breaches Information security is defined as “a state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low and tolerable.” False True Information security relies on four major elements: confidentiality, integrity, availability, and authenticity. True False Is the assurance that the information is accessible only to those authorized to have access. Availability Confidentiality Authenticity Integrity Confidentiality controls include data classification, data encryption, and proper equipment disposal. True False Is trustworthiness of data or resources in the prevention of improper and unauthorized changes—the assurance that information is sufficiently accurate for its purpose. Availability Confidentiality Authenticity Integrity Measures to maintain data integrity may include a checksum and access control. True False Is the assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users? Availability Authenticity Confidentiality Integrity Measures to maintain data availability do not include redundant systems’ disk array and clustered machines, antivirus software to stop worms from destroying networks, and distributed denial-ofservice (DDoS) prevention systems. True False The major role of is to confirm that a user is who he or she claims to be. Availability Authentication Integrity Confidentiality Controls such as biometrics, smart cards, and digital certificates ensure the authenticity of data, transactions, communications, or documents. True False Is a way to guarantee that the sender of a message cannot later deny having sent the message, and that the recipient cannot deny having received the message. Integrity Non-repudiation Confidentiality Authenticity Individuals and organizations use digital signatures to ensure non- repudiation. False True Hacking is defined as the exploitation of vulnerabilities of computer systems and networks. False True Automated tools and codes make it possible for anyone to succeed at hacking. True False Which of the following is not an information security category? Network threats Attack vectors Application threats Revenge For attackers, motives are the same as: Ideas Goals Ethics Values There is/are type(s) of information security. 1 2 3 4 A collection of computers and other hardware connected by Communication channels to share resources and information is also known as . A host threat A bot An insider attack A network Host threats target a particular system on which valuable information resides, where attackers try to breach the security of the information system resource. False True Host threats include all of the following except: Backdoor attacks Malware attacks Footprinting Password-based attacks Applications might be vulnerable if proper security measures are not taken while developing, deploying, and maintaining them. True False The term information warfare or InfoWar refers to the use of information and communication technologies (ICT) for competitive advantages over an opponent. False True Examples of information-warfare weapons include all of the following except: Penetration exploits Anti-virus applications Malware Electronic jamming Information warfare is divided into categories. Four Seven Six Five Each category of information warfare consists of both offensive and defensive strategies. False True Defensive Information Warfare refers to all strategies and actions to defend against attacks on ICT assets. False True Offensive Information Warfare refers to the information warfare assets of an opponent. False True Techniques include creat