Midterm Flashcards
What penetration model should be used when a company’s management team does not wish to disclose that penetration testing is being conducted?
Black box
What security certification did the “The International Council of Electronic Commerce Consultants” (EC-Council) develop?
Certified Ethical Hacker (CEH
As a security tester, you can make a network impenetrable (True or False)
False
What type of testing procedure involves the tester(s) analyzing the company’s security policy and procedures, and reporting any vulnerabilities to management?
Security Test
Penetration testers and security testers need technical skills to perform their duties effectively. (True or False)
True
What organization disseminates research documents on computer and network security worldwide at no cost?
ISECOM
Port scanning is a noninvasive, nondestructive, and legal testing procedure that is protected by federal law. (True or False)
False
Penetration testing can create ethical, technical, and privacy concerns for a company’s management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?
create a contractual agreement
If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals?
red team
What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system?
gray box
What professional level security certification requires five years of experience and is designed to focus on an applicant’s security-related managerial skills?
Certified Information Systems Security Professional
What name is given to people who break into computer systems with the sole purpose to steal or destroy data?
crackers
An ethical hacker is a person who performs most of the same activities a hacker does, but with the owner or company’s permission.
true
What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system?
Vulnerability
What subject area is not one of the 22 domains tested during the CEH exam?
Trojan hijacking
What term best describes a person who hacks computer systems for political or social reasons?
Hacktivists
Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing?
scripts
Even though the Certified Information Systems Security Professional (CISSP) certification is not geared toward the technical IT professional, it has become one of the standards for many security professionals.
True
What derogatory title do experienced hackers, who are skilled computer operators, give to inexperienced hackers?
script kiddies
What acronym represents the U.S. Department of Justice new branch that addresses computer crime?
CHIP
What professional level security certification did the “International Information Systems Security Certification Consortium” (ISC2) develop?
Certified Information Systems Security Professional (CISSP)
What policy, provide by a typical ISP, should be read and understood before performing any port scanning outside of your private network?
Acceptable Use Policy
What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted?
Electronic Communication Privacy Ac
What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?
Hacking