2
Ethical Hacking Final Exam Study Guide questions with
|| || || || || || || ||
verified detailed answers || ||
Which of the following is a non-profit organization that is in favor of hacking in the
|| || || || || || || || || || || || || || || ||
traditional sense and advocates for the expression of electronic freedom?
|| || || || || || || || ||
a) Freetonic
||
b) Free Internet
|| ||
c) Electronic Frontier Foundation
|| || ||
d) Anonymous - ✔✔Electronic Frontier Foundation
|| || || || ||
is considered a hacktivist group.
|| || || ||
a) Skids
||
b) Free Internet
|| ||
c) Hack Justice
|| ||
d) WikiLeaks - ✔✔WikiLeaks
|| || ||
For the U.S. Department of Justice, which of the following is not treated the same with
|| || || || || || || || || || || || || || || ||
regard to the law for combatting cybercrimes because their activities may not break the law?
|| || || || || || || || || || || || || ||
a) Hackers
|| ||
b) Crackers
||
c) Packet monkeys
|| ||
d) None of the above - ✔✔None of the above
|| || || || || || || || ||
Which of the following is not considered a type of social engineering activity that an ethical
|| || || || || || || || || || || || || || || ||
hacking can conduct? || ||
a) Sending phishing email to a company's employees.
|| || || || || || ||
,2
b) Making phone calls targeting a company's employees in attempt to test the likelihood
|| || || || || || || || || || || || || ||
that some of them may give away login credentials
|| || || || || || || ||
c) Using the kindness card when talking to a company's employees in an attempt make
|| || || || || || || || || || || || || || ||
them comfortable and reveal secrets that may jeopardize the company's network security
|| || || || || || || || || || ||
d) Contacting companies' employees through social media to establish trust with the goal of
|| || || || || || || || || || || || ||
getting them to reveal sensitive information
|| || || || || ||
e) None of the above - ✔✔None of the above
|| || || || || || || || ||
Analyzing computer programs manually trying to discover bad programming that is done
|| || || || || || || || || || || ||
without security in mind is part of what ethical hackers do.
|| || || || || || || || || ||
a) True
||
b) False - ✔✔True
|| || ||
This is called code review.
|| || || ||
Which of the following should be used to scan a Windows-based computer in order to
|| || || || || || || || || || || || || || ||
generate a report showing the applications installed and the potential exposures?
|| || || || || || || || || ||
a) Netsparker
||
b) AirCrack
||
c) MBSA
||
d) All of the above - ✔✔MBSA
|| || || || || ||
Netsparker is a scanner for scanning Web applications for vulnerabilities. AirCrack is packet
|| || || || || || || || || || || ||
sniffer a key cracking tool for wireless networks.
|| || || || || || || ||
Which of the following is typically automated using computer-based tools? (Choose the best
|| || || || || || || || || || || ||
answer?
||
a) A Security test
|| || ||
b) A penetration test
|| || ||
c) A vulnerability assessment
|| || ||
, 2
d) Shoulder surfing - ✔✔A vulnerability assessment
|| || || || || ||
Vulnerability assessment is an activity that security testers conduct in order to know about
|| || || || || || || || || || || || || ||
potential systems' vulnerabilities before engaging in their testing. Penetration testing
|| || || || || || || || || ||
involves probing or attacking a system in order to exploit potential vulnerabilities. One of
|| || || || || || || || || || || || || ||
the differences between penetration testing and security testing is that security testing
|| || || || || || || || || || || ||
involves analyzing a company's security policies in order to find potential weaknesses that
|| || || || || || || || || || || || ||
may jeopardize security.
|| ||
Which of the following may not be included in a penetration test report?
|| || || || || || || || || || || ||
a) How risks of exploiting exposures are rated
|| || || || || || ||
b) Recommendations about dealing with potential exposures
|| || || || || ||
c) Technical details about vulnerabilities, and possible mitigation options
|| || || || || || || ||
d) Details about attacks conducted
|| || || ||
e) None of the above - ✔✔None of the above
|| || || || || || || || ||
A ________________________ can help determine that a company's specific security
|| || || || || || || || || ||
procedures are not implemented. || || ||
a) Penetration testing
|| ||
b) Security testing
|| || ||
c) Vulnerability assessment
|| ||
d) Only a and b - ✔✔Security testing
|| || || || || || ||
An ethical hacker can launch a denial of service attack against a company's server.
|| || || || || || || || || || || || ||
a) True
||
b) False - ✔✔True
|| || ||
Ethical Hacking Final Exam Study Guide questions with
|| || || || || || || ||
verified detailed answers || ||
Which of the following is a non-profit organization that is in favor of hacking in the
|| || || || || || || || || || || || || || || ||
traditional sense and advocates for the expression of electronic freedom?
|| || || || || || || || ||
a) Freetonic
||
b) Free Internet
|| ||
c) Electronic Frontier Foundation
|| || ||
d) Anonymous - ✔✔Electronic Frontier Foundation
|| || || || ||
is considered a hacktivist group.
|| || || ||
a) Skids
||
b) Free Internet
|| ||
c) Hack Justice
|| ||
d) WikiLeaks - ✔✔WikiLeaks
|| || ||
For the U.S. Department of Justice, which of the following is not treated the same with
|| || || || || || || || || || || || || || || ||
regard to the law for combatting cybercrimes because their activities may not break the law?
|| || || || || || || || || || || || || ||
a) Hackers
|| ||
b) Crackers
||
c) Packet monkeys
|| ||
d) None of the above - ✔✔None of the above
|| || || || || || || || ||
Which of the following is not considered a type of social engineering activity that an ethical
|| || || || || || || || || || || || || || || ||
hacking can conduct? || ||
a) Sending phishing email to a company's employees.
|| || || || || || ||
,2
b) Making phone calls targeting a company's employees in attempt to test the likelihood
|| || || || || || || || || || || || || ||
that some of them may give away login credentials
|| || || || || || || ||
c) Using the kindness card when talking to a company's employees in an attempt make
|| || || || || || || || || || || || || || ||
them comfortable and reveal secrets that may jeopardize the company's network security
|| || || || || || || || || || ||
d) Contacting companies' employees through social media to establish trust with the goal of
|| || || || || || || || || || || || ||
getting them to reveal sensitive information
|| || || || || ||
e) None of the above - ✔✔None of the above
|| || || || || || || || ||
Analyzing computer programs manually trying to discover bad programming that is done
|| || || || || || || || || || || ||
without security in mind is part of what ethical hackers do.
|| || || || || || || || || ||
a) True
||
b) False - ✔✔True
|| || ||
This is called code review.
|| || || ||
Which of the following should be used to scan a Windows-based computer in order to
|| || || || || || || || || || || || || || ||
generate a report showing the applications installed and the potential exposures?
|| || || || || || || || || ||
a) Netsparker
||
b) AirCrack
||
c) MBSA
||
d) All of the above - ✔✔MBSA
|| || || || || ||
Netsparker is a scanner for scanning Web applications for vulnerabilities. AirCrack is packet
|| || || || || || || || || || || ||
sniffer a key cracking tool for wireless networks.
|| || || || || || || ||
Which of the following is typically automated using computer-based tools? (Choose the best
|| || || || || || || || || || || ||
answer?
||
a) A Security test
|| || ||
b) A penetration test
|| || ||
c) A vulnerability assessment
|| || ||
, 2
d) Shoulder surfing - ✔✔A vulnerability assessment
|| || || || || ||
Vulnerability assessment is an activity that security testers conduct in order to know about
|| || || || || || || || || || || || || ||
potential systems' vulnerabilities before engaging in their testing. Penetration testing
|| || || || || || || || || ||
involves probing or attacking a system in order to exploit potential vulnerabilities. One of
|| || || || || || || || || || || || || ||
the differences between penetration testing and security testing is that security testing
|| || || || || || || || || || || ||
involves analyzing a company's security policies in order to find potential weaknesses that
|| || || || || || || || || || || || ||
may jeopardize security.
|| ||
Which of the following may not be included in a penetration test report?
|| || || || || || || || || || || ||
a) How risks of exploiting exposures are rated
|| || || || || || ||
b) Recommendations about dealing with potential exposures
|| || || || || ||
c) Technical details about vulnerabilities, and possible mitigation options
|| || || || || || || ||
d) Details about attacks conducted
|| || || ||
e) None of the above - ✔✔None of the above
|| || || || || || || || ||
A ________________________ can help determine that a company's specific security
|| || || || || || || || || ||
procedures are not implemented. || || ||
a) Penetration testing
|| ||
b) Security testing
|| || ||
c) Vulnerability assessment
|| ||
d) Only a and b - ✔✔Security testing
|| || || || || || ||
An ethical hacker can launch a denial of service attack against a company's server.
|| || || || || || || || || || || || ||
a) True
||
b) False - ✔✔True
|| || ||
