Indicate the answer choice that best completes the statement or answers the question.

Module 1 - Ethical Hacking Overview

Powered by Cognero Page 1

Indicate the answer choice that best completes the statement or answers the question.

• What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures,

and reporting any vulnerabilities to management?

• penetration test
• security test
• hacking test
• ethical hacking test

• What specific term does the U.S. Department of Justice use to label all illegal access to computer or network

systems?

• Hacking
• Cracking
• Security testing
• Packet sniffing

• What penetration model should a company use if they only want to allow the penetration tester(s) partial or

incomplete information regarding their network system?

• gray box
• white box
• black box
• red box

• What advanced professional security certification requires applicants to demonstrate hands-on abilities to

earn their certificate?

• Offensive Security Certified Professional
• Certified Ethical Hacker
• Certified Information Systems Security Professional
• CompTIA Security+

• What common term is used by security testing professionals to describe vulnerabilities in a network?
• bytes
• packets
• bots
• holes

• What term refers to a person who performs most of the same activities a hacker does, but with the owner or

company's permission?

• cracker
• script kiddie
• ethical hacker

(Hands-On Ethical Hacking and Network Defense, 4e Rob Wilson) (Test Bank, Answer at the end of each Chapter) 1 / 4

Name:

Class:

Date:

Module 1 - Ethical Hacking Overview

Powered by Cognero Page 2

• hacktivist

• What derogatory title do experienced hackers give to inexperienced hackers who copy code or use tools

created by knowledgeable programmers without understanding how the tools work?

• copy kiddie
• red team member
• packet monkey
• cracker

• What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an

application or on a system?

• health
• technical
• vulnerability
• network

• Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on

a computer system. What type of resource are these penetration testers utilizing?

• kiddies
• packets
• scripts
• tasks

• How can a security tester ensure a network is nearly impenetrable?

• install a vendor's latest security patch
• update the operating systems
• eliminate unnecessary applications or services
• unplug the network cable

• What penetration model should be used when a company's management team does not wish to disclose that

penetration testing is being conducted?

• black box
• white box
• red box
• silent box

• Why might companies prefer black box testing over white box testing?
• The white box model puts the burden on the tester to find information about the technologies a

company is using.

• If a company knows that it's being monitored to assess the security of its systems, employees might

behave more carelessly and not adhere to existing procedures.

• Black box testing involves a collaborative effort between a company's security personnel and 2 / 4

Name:

Class:

Date:

Module 1 - Ethical Hacking Overview

Powered by Cognero Page 3

penetration testers.

• Many companies don't want a false sense of security.

• What penetration model would likely provide a network diagram showing all the company's routers,

switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?

• black box
• white box
• red box
• blue box

• What is the difference between penetration tests and security tests?
• These terms are synonymous
• In a penetration test, an ethical hacker attempts to break into a company's network or applications to

find weak links. In a security test, testers do more than attempt to break in; they also analyze a company's security policy and procedures and report any vulnerabilities to management.

• Penetration testing takes security testing to a higher level
• In a security test, an ethical hacker attempts to break into a company's network or applications to find

weak links. In a penetration test, testers do more than attempt to break in; they also analyze a company's security policy and procedures and report any vulnerabilities to management.

• Why should a company employ an ethical hacker?
• The benefit of an ethical hacker discovering vulnerabilities outweighs the cost of paying for the

penetration/security test services.

• A company can hire an ethical hacker to promote political or social ideologies.
• Ethical hackers can help make a network impenetrable.
• Companies should never hire hackers.

• Which penetration model allows for an even distribution of time and resources along with a fairly

comprehensive test?

• White box
• Black box
• Gray box
• Red box

• What is critical to remember when studying for a network security certification exam?

• Memorize answers to questions to ensure you pass.
• Security certifications are always relevant because it is a static profession.
• Certifications prove only technical skills are necessary to perform the job of a security professional

effectively.

• Following the laws and behaving ethically are more important than passing an exam.

• / 4

Name:

Class:

Date:

Module 1 - Ethical Hacking Overview

Powered by Cognero Page 4

• What can be inferred about successful security professionals?
• Successful security professionals have strong technical skills.
• Successful security professionals have strong soft skills.
• Successful security professionals have a combination of technical and soft skills.
• Successful security professionals have multiple certifications.

• With which type of laws should a penetration tester or student learning hacking techniques be familiar?
• local
• state
• federal
• all of the above

• What policy, provided by a typical ISP, should be read and understood before performing any port scanning

outside of your private network?

• Port Scanning Policy
• Acceptable Use Policy
• ISP Security Policy
• Hacking Policy

• What acronym represents the U.S. Department of Justice branch that addresses computer crime?
• GIAC
• OPST
• CHIP
• CEH

• What federal law makes it illegal to intercept any type of communication, regardless of how it was

transmitted?

• The No Electronic Theft Act
• U.S. PATRIOT Act
• Electronic Communication Privacy Act
• The Computer Fraud Act

• Which of the following statements about port scanning is true?
• Port scanning violates the U.S. Constitution.
• Some states consider port scanning as noninvasive or nondestructive in nature and deem it legal.
• If you are found innocent of criminal port scanning charges, there are no financial repercussions.
• Port scanning while connected to a VPN will only allow you to scan your own personal network.

• Why have some judges dismissed charges for those accused of port scanning?

• Networks are private property.
• Usually, no damages are done when port scanning.
• / 4