Lesson 2

Question 1

What is a vulnerability scan?

Answer 1

Testing of the external or internal interfaces of a system in order to identify obvious vulnerabilities.

Question 2

What are the different types of vulnerability scans?

Answer 2

Penetration Testing
Ad Hoc Testing
Social Engineering
War Dialing

Question 3

What is penetration testing?

Answer 3

Ethical Hacking
White-hat hacking
Security hacking
Red Team Testing
Attack and penetration strategies

Provided by an objective team that will act as malicious hackers. Uses vulnerability scans and other types of pen tests to find a way to penetrate or gain access to a system.

Question 4

What is Ad Hoc Testing

Answer 4

Search for less apparent vulnerabilities.

Question 5

Social Engineering

Answer 5

Assessing an organization’s security training, policies, and procedures by attempting to gain unauthorized access through human element.

Question 6

What is War Dialing?

Answer 6

Way of threatening an organization’s assets by gaining access to information systems or control systems through unprotected modems.

Consists of:
- Identifying all org phone numbers with modems attached (Footprinting)
- Determining Vulnerabilities of various modems (Preparation)
- Gaining access to systems through vulnerable modems.

Question 7

What are some Network Vulnerability Prevention Methods?

Answer 7

Test security controls
Identify vulnerabilities by running vulnerability scan
Identify missing security controls
Locate and fix common configuration issues
Apply patches continuously
Encrypt all data
Harden devices and systems on the network
Restrict physical network access- ports, wires
Avoid use of weaker protocols (FTP/Telnet)
Watch all network entry/exit