Computer Fraud and Abuse

Question 1

Which federal law amended Chapter 119 of Title 18, U.S. Code?

Answer 1

U.S. PATRIOT Act, Sec. 217: Interception of Computer Trespasser Communications

Question 2

To determine whether scanning is illegal in your area, you should do which of the following?

Answer 2

Refer to State Laws

Question 3

The U.S. Department of Justice defines a hacker as which of the following?

Answer 3

A person who accesses a computer or network without the owner’s permission

Question 4

What professional level security certification requires five years of experience and is designed to focus an applicant’s security-related managerial skills?

Answer 4

Certified Information Systems Security Professional

Question 5

What specific term does the U.S Department of Justice use to label all illegal access to a computer or network systems?

Answer 5

Hacking

Question 6

A written contract isn’t necessary when a friend recommends a client. True or False?

Answer 6

False

Question 7

What term best describes a person who hacks computer systems for political or social reasons?

Answer 7

Hacktivist

Question 8

What is OSCP?

Answer 8

Offensive Security Certified Professional

Question 9

What organization disseminates research documents on the computer and network security worldwide at no cost?

Answer 9

SANS

Question 10

Which federal law prohibits intercepting any communication, regardless of how it was transmitted?

Answer 10

Electronic Communication Privacy Act

Question 11

If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals?

Answer 11

Red Team

Question 12

What policy, provided by a typical ISP, should be read and understood before performing any port scanning outside of your private network?

Answer 12

Acceptable Use Policy

Question 13

Which organization issues the Top 25 list of software errors?

Answer 13

SANS institute

Question 14

What security certification did the “The International Council of Electronic Commerce Consultants” (EC-Council) develop?

Answer 14

Certified Ethical Hacker (CEH)

Question 15

Many experienced penetration testers will write a set of instructions that run in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing?

Answer 15

Scripts

Question 16

What penetration model should be used when a company’s management team does not wish to disclose that penetration testing is being conducted?

Answer 16

Black Box

Question 17

As a security tester, you can make a network impenetrable

Answer 17

False

Question 18

What portion of your ISP contract might affect your ability to conduct a penetration test over the Internet?

Answer 18

Acceptable use policy

Question 19

Which federal law prohibits unauthorized access of classified information?

Answer 19

Computer Fruad and Abuse Act, Title 18

Question 20

How can you find out which computer crime laws are applicable in your state?

Answer 20

Contact your local law enforcement agencies

Question 21

If you run a program in New York City that uses network resources to the extent that a user is denied access to them, what type of law have you violated?

Answer 21

Federal

Question 22

What organization designates a person as a CISSP?

Answer 22

ISC2

Question 23

What penetration model should a company use if they only want to allow the penetration testers partial or incomplete information regarding their network system?

Answer 23

Gray Box

Question 24

What type of testing procedure involves the testers analyzing the company’s security policy and procedures, and reporting any vulnerabilities to management?

Answer 24

Security Test

Question 25

Penetration testing can create ehtical, technical, and privacy concerns for a company’s management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?

Answer 25

Create a contractual agreement

Question 26

A security tester should have which of the following attributes?

Answer 26

Good verbal and written communcation skills
Good listening skills
An interest in securing networks and computer systems
Knowledge of networking and computer technology

Question 27

A penetration tester is which of the following?

Answer 27

A security professional who’s hired to break into a network to discover vulnerabilities

Question 28

What professional security certification requires applicants to demonstrate hands-on abilities to earn thier certificate?

Answer 28

Offensive Security Certified Professional

Question 29

What penetration model would likely provide a network diagram showing all the company’s router, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?

Answer 29

White Box

Question 30

What common term is used by security testing professionals to describe vulnerabilities in a network?

Answer 30

Holes