Ethical Hacking Quiz — Modules 1–3

A flaw in software, hardware, or procedures is known as what?

The CIA triad includes all the following except?

At what stage of the pen-test process would Evan utilize programs such as Nmap and OpenVas?

The cyber kill chain is a seven-step process describing the normal process of cyber attacks. Which step is described as "Intruder transmits weapon to target"?

SpearTrax Inc. has decided to include their own IT department in the pen-testing preparation process. Which color is the appropriate label for these personnel?

Novelie is working with Livia to monitor network traffic for the wireless network. Livia suggests using tcpdump, but Novelie prefers a GUI interface for monitoring. Which tool would allow them to visually view the live network traffic as it is captured?

Robyn has identified several Bluetooth devices that are attempting to connect to the point-of-sale system. Which of the following tools would Robyn best employ to simulate an attack on the point-of-sale system?

During which stage of the pen-test process does an individual perform active and passive reconnaissance of the target?

Disrupting communications of company data to an attacker is a defensive action that could be used to decrease the amount of damage caused by an attack. By doing so, which portion of the CIA triad is the company trying to protect most?

During a pen-test, Jason is utilizing a password cracker. To speed the process up, Jason wants to use a tool to generate a word list that he can then use with John the Ripper. Which tool would be able to perform such action?

During a penetration test, Natalia and her team are focused on using tactics to exploit the weaknesses of the organization. Which team is Natalia part of?

Darren attempts an internal pen-test for his organization and finds that he cannot view certain network devices due to a permission violation. Darren changes his group membership and now finds he can access the entire network, including the finance server. He then decides to copy several files from the finance server. What should Darren have done in this situation to avoid a potential issue or trouble?

When training for penetration testing, a sandbox environment is commonly used. Which of the following best describes a sandbox?

A virtualization platform is used to accomplish what?

To find the ip configuration of a Linux operating system node, which of the following commands should be run in Terminal?

Domain controllers are best described as what?

Which of the following best describes the term "end of life" as it relates to software and operating systems?

Which tool from Microsoft is used to download official ISOs from the company?

The plan specifying what activities will be performed and what resources will be targeted during a pen test are included in which one of these documents?

Compliance requires an organization to conform to all the following that pertain to the company's business area except for what?

A procedure that research and experience have shown to produce optimal results and has been proposed for widespread adoption is known as a what?

Which of the following is not suggested by the PCI DSS testing guidelines?

The GDPR requires an organization to meet several requirements as part of the regulation. One of these requirements includes the organization's data collection practices. This includes notifying the consumer how the data is collected and used by the organization. This ensures the customer can do what regarding their own data?

Which regulation governs how firms handle private and sensitive health information without a patient's consent or knowledge?

A statement of work document contains five core elements. These include the services and metrics used to measure that expectations are met. Also included are the responsibilities of each party and actions if those expectations and services are not met. The final element outlines certain authorizations by the client and what other entities?

Providing details of threat activities, techniques, and models is the purpose of which of the following frameworks?

A peer reviewed methodology that is maintained by the Institute for Security and Open Methodologies (ISECOM) that guides the process of assessing systems, processes, and people within regulatory and industry requirements defines which framework or methodology?

A black box test means that a pen tester has been provided what information about the targets and network?

Social engineering attacks are commonly used as an entry point to exploit an organization and its systems. Sending fraudulent emails to elicit usernames, passwords, or other information that could lead to a security concern is an example of which type of social engineering attack?