Indicate the answer choice that best completes the statement or answers the question.

Name: Class: Date: Module 1 - Ethical Hacking Overview Powered by Cognero Page 1 Indicate the answer choice that best completes the statement or answers the question.

1.What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management?

• penetration test
• security test
• hacking test
• ethical hacking test

2.What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?

• Hacking
• Cracking
• Security testing
• Packet sniffing

3.What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system?

• gray box
• white box
• black box
• red box

4.What advanced professional security certification requires applicants to demonstrate hands-on abilities to earn their certificate?

• Offensive Security Certified Professional
• Certified Ethical Hacker
• Certified Information Systems Security Professional
• CompTIA Security+

5.What common term is used by security testing professionals to describe vulnerabilities in a network?

• bytes
• packets
• bots
• holes

6.What term refers to a person who performs most of the same activities a hacker does, but with the owner or company's permission?

• cracker
• script kiddie
• ethical hacker

Hands-On Ethical Hacking and Network Defense, 4e Rob S. Wilson (Test Bank All Chapters, 100% Original Verified, A+ Grade) 1 / 4

Name:

Class:

Date:

Module 1 - Ethical Hacking Overview

Powered by Cognero Page 2

• hacktivist

• What derogatory title do experienced hackers give to inexperienced hackers who copy code or use tools

created by knowledgeable programmers without understanding how the tools work?

• copy kiddie
• red team member
• packet monkey
• cracker

• What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an

application or on a system?

• health
• technical
• vulnerability
• network

• Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on

a computer system. What type of resource are these penetration testers utilizing?

• kiddies
• packets
• scripts
• tasks

• How can a security tester ensure a network is nearly impenetrable?

• install a vendor's latest security patch
• update the operating systems
• eliminate unnecessary applications or services
• unplug the network cable

• What penetration model should be used when a company's management team does not wish to disclose that

penetration testing is being conducted?

• black box
• white box
• red box
• silent box

• Why might companies prefer black box testing over white box testing?
• The white box model puts the burden on the tester to find information about the technologies a

company is using.

• If a company knows that it's being monitored to assess the security of its systems, employees might

behave more carelessly and not adhere to existing procedures.

• Black box testing involves a collaborative effort between a company's security personnel and 2 / 4

Name:

Class:

Date:

Module 1 - Ethical Hacking Overview

Powered by Cognero Page 3

penetration testers.

• Many companies don't want a false sense of security.

• What penetration model would likely provide a network diagram showing all the company's routers,

switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?

• black box
• white box
• red box
• blue box

• What is the difference between penetration tests and security tests?
• These terms are synonymous
• In a penetration test, an ethical hacker attempts to break into a company's network or applications to

find weak links. In a security test, testers do more than attempt to break in; they also analyze a company's security policy and procedures and report any vulnerabilities to management.

• Penetration testing takes security testing to a higher level
• In a security test, an ethical hacker attempts to break into a company's network or applications to find

weak links. In a penetration test, testers do more than attempt to break in; they also analyze a company's security policy and procedures and report any vulnerabilities to management.

• Why should a company employ an ethical hacker?
• The benefit of an ethical hacker discovering vulnerabilities outweighs the cost of paying for the

penetration/security test services.

• A company can hire an ethical hacker to promote political or social ideologies.
• Ethical hackers can help make a network impenetrable.
• Companies should never hire hackers.

• Which penetration model allows for an even distribution of time and resources along with a fairly

comprehensive test?

• White box
• Black box
• Gray box
• Red box

• What is critical to remember when studying for a network security certification exam?

• Memorize answers to questions to ensure you pass.
• Security certifications are always relevant because it is a static profession.
• Certifications prove only technical skills are necessary to perform the job of a security professional

effectively.

• Following the laws and behaving ethically are more important than passing an exam.

• / 4

Name:

Class:

Date:

Module 1 - Ethical Hacking Overview

Powered by Cognero Page 4

• What can be inferred about successful security professionals?
• Successful security professionals have strong technical skills.
• Successful security professionals have strong soft skills.
• Successful security professionals have a combination of technical and soft skills.
• Successful security professionals have multiple certifications.

• With which type of laws should a penetration tester or student learning hacking techniques be familiar?
• local
• state
• federal
• all of the above

• What policy, provided by a typical ISP, should be read and understood before performing any port scanning

outside of your private network?

• Port Scanning Policy
• Acceptable Use Policy
• ISP Security Policy
• Hacking Policy

• What acronym represents the U.S. Department of Justice branch that addresses computer crime?
• GIAC
• OPST
• CHIP
• CEH

• What federal law makes it illegal to intercept any type of communication, regardless of how it was

transmitted?

• The No Electronic Theft Act
• U.S. PATRIOT Act
• Electronic Communication Privacy Act
• The Computer Fraud Act

• Which of the following statements about port scanning is true?
• Port scanning violates the U.S. Constitution.
• Some states consider port scanning as noninvasive or nondestructive in nature and deem it legal.
• If you are found innocent of criminal port scanning charges, there are no financial repercussions.
• Port scanning while connected to a VPN will only allow you to scan your own personal network.

• Why have some judges dismissed charges for those accused of port scanning?

• Networks are private property.
• Usually, no damages are done when port scanning.
• / 4