Review 4 Flashcards
(11 cards)
Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials?
Question options:
A company social media policy
A printed materials policy
An employee social media policy
An internet policy
A printed materials policy
When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in?
Question options:
Gaining access
Scanning
Target Intelligence
Reconnaissance
Reconnaissance
Which of the following statements is NOT true.
Question options:
The Wayback Machine is a nonprofit catalog of old site snapshots.
Google Hacking is illegal.
Google Hacking is legal.
Ethical hackers obtain permission prior to hacking a system.
Google Hacking is illegal
Which network footprinting tool can gather information about ownership, IP addresses, domain name, location, server type, and the date a site was created?
Question options:
Nslookup
ARIN
Whois
Maltego
Whois
Which of the following services is most targeted during the reconnaissance phase of a hacking attack?
Question options:
DNS
TLS
DHCP
DoS
DNS
Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking?
Question options:
Information types
Permission and documentation
Information gathering techniques
Establishing access
Information gathering techniques
Which internet research tool is an open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information?
Question options:
Wayback Machine
Echosec
Google Earth
Maltsego
Maltsego
A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees?
Question options:
Contact names, phone numbers, email addresses, fax numbers, and addresses
Geographical information, entry control systems, employee routines, and vendor traffic
Intellectual property, critical business functions, and management hierarchy
Operating systems, applications, security policies, and network mapping
Contact names, phone numbers, email addresses, fax numbers, and addresses
From a security standpoint, why is it important to disable unneeded services on a computer?
Question options:
Unneeded services negatively impact performance.
A hacker is able to gain a wealth of information about a computer by learning what services are running, and with that information they can then determine how to attack it.
If an unneeded service crashes, that could create an opportunity for a hacker to gain access to a system.
None of the above
A hacker is able to gain a wealth of information about a computer by learning what services are running, and with that information they can then determine how to attack it.
What is the key difference between an ethical hacker and a criminal hacker?
Question options:
The ethical hacker doesn’t attempt to cover their tracks.
The ethical hacker always obtains permission.
The ethical hacker doesn’t attempt to cause harm.
The ethical hacker is being paid to hack the target system.
The ethical hacker always obtains permission.
