38389412
Description
Quiz by JANET MORENO CANO, updated more than 1 year ago
|
Created by JANET MORENO CANO
about 3 years ago
|
|
Question 1
Question
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of
securing a computer or network. Penetration testing falls under which all-encompassing term?
Answer
-
Blue teaming
-
Network scanning
-
Ethical hacking
-
Red teaming
Question 2
Question
Heather is performing a penetration test. She has gathered a lot of valuable information about
her target already. Heather has used some hacking tools to determine that, on her target
network, a computer named Production Workstation has port 445 open. Which step in the
ethical hacking methodology is Heather performing?
Answer
-
Gain access
-
Scanning and enumeration
-
Maintain access
-
Reconnaissance
Question 3
Question
Which of the following is the third step in the ethical hacking methodology?
Answer
-
Gain access
-
Reconnaissance
-
Scanning and enumeration
-
Clear your tracks
Question 4
Question
Miguel is performing a penetration test on his client's web-based application. Which
penetration test frameworks should Miguel utilize?
Answer
-
NIST SP 800-115
-
OSSTMM
-
OWASP
-
ISO/IEC 27001
Question 5
Question
The penetration testing life cycle is a common methodology used when performing a
penetration test. This methodology is almost identical to the ethical hacking methodology.
Which of the following is the key difference between these methodologies?
Answer
-
Reporting
-
Gain access
-
Reconnaissance
-
Maintain access
Question 6
Question
You are executing an attack in order to simulate an outside attack. Which type of penetration
test are you performing?
Answer
-
White box
-
Black hat
-
Black box
-
White hat
Question 7
Question
Which of the following best describes a gray box penetration test?
Answer
-
The ethical hacker has no information regarding the target or network.
-
The ethical hacker is given full knowledge of the target or network.
-
The ethical hacker is given strict guidelines about what can be targeted.
-
The ethical hacker has partial information about the target or network.
Question 8
Question
Randy was just hired as a penetration tester for the red team. Which of the following best
describes the red team?
Answer
-
Is a team of specialists that focus on the organization's defensive security.
-
Performs offensive security tasks to test the network's security.
-
Acts as a pipeline between teams and can work on any side.
-
Is responsible for establishing and implementing policies.
Question 9
Question
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's
industrial infrastructure. This worm was probably active for about five years before being
discovered. During this time, the attacker had access to the target. Which type of attack was
Stuxnet?
Answer
-
Virus
-
Trojan horse
-
APT
-
Logic bomb
Question 10
Question
Which type of threat actor only uses skills and knowledge for defensive purposes?
Answer
-
Script kiddie
-
Gray hat
-
Hacktivist
-
White hat
Question 11
Question
Which statement best describes a suicide hacker?
Answer
-
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
-
This hacker may cross the line of what is ethical, but usually has good intentions and isn't being malicious.
-
This hacker is motivated by religious or political beliefs and wants to create severe disruption or widespread fear.
-
This hacker's main purpose is to protest an event and draw attention to their views and opinions.
Question 12
Question
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that
he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously
alerted the owner and instructed him how to secure the system. What type of hacker is Miguel
in this scenario?
Answer
-
Gray hat
-
Script kiddie
-
State-sponsored
-
White hat
Question 13
Question
The process of analyzing an organization's security and determining its security holes is known
as:
Answer
-
Ethical hacking
-
Enumeration
-
penetration testing
-
Threat modeling
Question 14
Question
Which of the following best describes a script kiddie?
Answer
-
A hacker whose main purpose is to draw attention to their political views.
-
A hacker willing to take more risks because the payoff is a lot higher.
-
A hacker who helps companies see the vulnerabilities in their security.
-
A hacker who uses scripts written by much more talented individuals.
Question 15
Question
Any attack involving human interaction of some kind is referred to as:
Answer
-
Attacker manipulation
-
A white hat hacker
-
Social engineering
-
An opportunistic attack
Question 16
Question
Using a fictitious scenario to persuade someone to perform an action or give information they
aren't authorized to share is called:
Answer
-
Pretexting
-
Preloading
-
Footprinting
-
Impersonation
Question 17
Question
You are instant messaging a coworker, and you get a malicious link. Which type of social
engineering attack is this?
Answer
-
Spim
-
Surf
-
Spam
-
Hoax
Question 18
Question
Brandon is helping Fred with his computer. He needs Fred to enter his username and password
into the system. Fred enters the username and password while Brandon is watching him.
Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in
usernames or passwords. Which type of social engineering attack is Fred referring to?
Answer
-
Eavesdropping
-
Keyloggers
-
Shoulder surfing
-
Spam and spim
Question 19
Question
Which of the following best describes an inside attacker?
Answer
-
An unintentional threat actor; the most common threat.
-
A good guy who tries to help a company see their vulnerabilities.
-
An agent who uses their technical knowledge to bypass security.
-
An attacker with lots of resources and money at their disposal.
Question 20
Question
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which
social engineering technique?
Answer
-
Elictitation
-
Interrogation
-
Preloading
-
Impersonation
Question 21
Question
You get a call from one of your best customers. The customer is asking about your company's
employees, teams, and managers. What should you do?
Answer
-
You should not provide any information except your manager's name and number.
-
You should provide the information as part of quality customer service.
-
You should not provide any information and forward the call to the help desk.
-
You should put the caller on hold and then hang up.
Question 22
Question
Jason is at home, attempting to access the website for his music store. When he goes to the
website, it has a simple form asking for name, email, and phone number. This is not the music
store website. Jason is sure the website has been hacked. How did the attacker accomplish this
hack?
Answer
-
DNS cache poisoning
-
Host file modification
-
Social networking
-
Feigning ignorance
Question 23
Question
An attack that targets senior executives and high-profile victims is referred to as:
Answer
-
Scrubbing
-
Pharming
-
Vishing
-
Whaling
Question 24
Question
While reviewing video files from your organization's security cameras, you notice a suspicious
person using piggybacking to gain access to your building. The individual in question did not
have a security badge. Which of the following would you most likely implement to keep this
from happening in the future?
Answer
-
Mantraps
-
Cable locks
-
Anti-passback
-
Scrubbing
Question 25
Question
Implementing emergency lighting that runs on protected power and automatically switches on
when the main power goes off is part of which physical control?
Answer
-
Physical access logs
-
Employee and visitor safety
-
Physical access controls
-
Perimeter barriers
Question 26
Question
Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an
investigative tool (to record events for later playback). Which camera is more vandal-resistant
than other cameras?
Answer
-
A Pan Tilt Zoom camera
-
A bullet camera
-
A c-mount camera
-
A dome camera
Question 27
Question
Important aspects of physical security include which of the following?
Answer
-
Influencing the target's thoughts, opinions, and emotions before something happens.
-
Preventing interruptions of computer services caused by problems such as fire.
-
Implementing adequate lighting in parking lots and around employee entrances.
-
Identifying what was broken into, what is missing, and the extent of the damage.
Question 28
Question
A person in a dark grey hoodie has jumped the fence at your research center. A security guard
has detained this person, denying him physical access. Which of the following areas of physical
security is the security guard currently in?
Answer
-
Security factors
-
Layered defense
-
Security sequence
-
Physical control
Question 29
Question
On her way to work, Angela accidentally left her backpack with a company laptop at the coffee
shop. What type of threat has she caused the company?
Answer
-
Environmental threat
-
Cloud threat
-
External threat
-
Man-made threat
Question 30
Question
The U.S. Department of Commerce has an agency with the goal of protecting organizational
operations, assets, and individuals from threats such as malicious cyber-attacks, natural
disasters, structural failures, and human errors. Which of the following agencies was created for
this purpose?
Answer
-
NIST
-
CAPEC
-
NVD
-
JPCERT
Want to create your own Quizzes for free with GoConqr? Learn more.