Module 1 - Introduciton to Ethical
Hacking Test Questions and Correct
Answers
Information Security ✅A state of well-being of information and infrastructure in which
the possibility of THEFT, TAMPERING and DISRUPTION OF INFORMATION AND
SERVICES is low or tolerable
Elements of Information Security (EIS) ✅(Confidentiality -> Integrity - > Availability) ->
Authenticity -> Non-repudiation
Confidentiality (EIS) ✅Assurance tha the information is accessible only to those
AUTHORIZED TO HAVE ACCESS
Integrity (EIS) ✅The TRUSTWORTHINESS OF DATA OR RESOURCES in terms of
preventing improper or unauthorized changes. Hashing algorithms fall in this category
Availibility (EIS) ✅Assurance that the systems responsible for delivering, storing, and
processing information are accessible when REQUIRED BY THE AUTHORIZED
USERS
Authenticity (EIS) ✅Refers to teh characteristic of a communication, document, or any
data that ensures the QUALITY OF BEING GENUINE
Digital signatures fall in this category.
Non-Repudiation ✅A GUARANTEE that the sender of a message cannot later deny
having sent the message and that the recipient cannot deny having received the
message
Attacks ✅Motive(Goal) + Method + Vulnerability
Motive ✅The TARGET SYSTEM STORES OR PROCESSES something valuable, and
this leads to the threat of an attack on the system
How do hackers hack? ✅They try various tools and attack techniques to EXPLOIT
VULNERABILITIES in a computer system or its security policy and controls in order to
fulfill their motives
1. Passive Attacks (Classification of Attacks) ✅- Do not tamper with the data and
involve intercepting and MONITORING NETWORK TRAFFICE and data flow on the
target network
-Examples include sniffing and eavesdropping
, 2. Active Attacks (Classification of Attacks) ✅- Tamper with data in transit or DISRUPT
THE COMMUNICATION or services between the systems to bypass or break into
secured systems
-Examples include DoS, Man in the Middle, session hijacking, and SQL injection
3. Close-in Attacks (Classification of Attacks) ✅-Performed when the attacker is in
close physical proximity with the target system or network in order to gather, modify, or
DISRUPT ACCESS to information
-Examples include social engineering such as eavesdropping, shoulder surfing, and
dumpster diving
4. Insider Attacks (Classification of Attacks) ✅-Using privileged access to VIOLATE
RULES or intentionally cause a threat to the organization's information or information
systems
-Examples include theft of physical devices and planting keyloggers, backdoors, and
malware
5. Distribution Attacks ✅-Attackers tamper with hardware or software prior to
installation
-Attackers tamper with hardware or software at its source or in transit
Information Warfare ✅Use of information and communication technologies (ICT) to
gain competitive advantages over an opponent
Defensive Information Warfare (PREPDAD) ✅Refers to all strategies adn actions
designed to defend against attacks on ICT assets
Prevention, Deterrence, Alerts, Detection, Emergency Preparedness, and Response
Offensive Information Warfare (SWWMM) ✅Refers to information warfare that invovles
attacks against the ICT assets of an opponent
Web application attacks, web server attacks, malware attacks, MITM attacks, system
hacking
Cyber Kill Chain Methodology ✅Component of intelligence-driven defense for the
identification and PREVENTION of MALICIOUS INTRUSION ACTIVITIES
Cyber Kill Chain Insights ✅Provides insights into attack phases, which helps security
professionals to understand the adversary's tactics, techniques, and procedures
beforehand
Cyber Kill Chain (CKC) (7 Steps) WACRIDE ✅Reconnaissance -> Weaponization ->
Delivery -> Exploitation -> Installation -> Command and Control -> Actions on
Objectives
Hacking Test Questions and Correct
Answers
Information Security ✅A state of well-being of information and infrastructure in which
the possibility of THEFT, TAMPERING and DISRUPTION OF INFORMATION AND
SERVICES is low or tolerable
Elements of Information Security (EIS) ✅(Confidentiality -> Integrity - > Availability) ->
Authenticity -> Non-repudiation
Confidentiality (EIS) ✅Assurance tha the information is accessible only to those
AUTHORIZED TO HAVE ACCESS
Integrity (EIS) ✅The TRUSTWORTHINESS OF DATA OR RESOURCES in terms of
preventing improper or unauthorized changes. Hashing algorithms fall in this category
Availibility (EIS) ✅Assurance that the systems responsible for delivering, storing, and
processing information are accessible when REQUIRED BY THE AUTHORIZED
USERS
Authenticity (EIS) ✅Refers to teh characteristic of a communication, document, or any
data that ensures the QUALITY OF BEING GENUINE
Digital signatures fall in this category.
Non-Repudiation ✅A GUARANTEE that the sender of a message cannot later deny
having sent the message and that the recipient cannot deny having received the
message
Attacks ✅Motive(Goal) + Method + Vulnerability
Motive ✅The TARGET SYSTEM STORES OR PROCESSES something valuable, and
this leads to the threat of an attack on the system
How do hackers hack? ✅They try various tools and attack techniques to EXPLOIT
VULNERABILITIES in a computer system or its security policy and controls in order to
fulfill their motives
1. Passive Attacks (Classification of Attacks) ✅- Do not tamper with the data and
involve intercepting and MONITORING NETWORK TRAFFICE and data flow on the
target network
-Examples include sniffing and eavesdropping
, 2. Active Attacks (Classification of Attacks) ✅- Tamper with data in transit or DISRUPT
THE COMMUNICATION or services between the systems to bypass or break into
secured systems
-Examples include DoS, Man in the Middle, session hijacking, and SQL injection
3. Close-in Attacks (Classification of Attacks) ✅-Performed when the attacker is in
close physical proximity with the target system or network in order to gather, modify, or
DISRUPT ACCESS to information
-Examples include social engineering such as eavesdropping, shoulder surfing, and
dumpster diving
4. Insider Attacks (Classification of Attacks) ✅-Using privileged access to VIOLATE
RULES or intentionally cause a threat to the organization's information or information
systems
-Examples include theft of physical devices and planting keyloggers, backdoors, and
malware
5. Distribution Attacks ✅-Attackers tamper with hardware or software prior to
installation
-Attackers tamper with hardware or software at its source or in transit
Information Warfare ✅Use of information and communication technologies (ICT) to
gain competitive advantages over an opponent
Defensive Information Warfare (PREPDAD) ✅Refers to all strategies adn actions
designed to defend against attacks on ICT assets
Prevention, Deterrence, Alerts, Detection, Emergency Preparedness, and Response
Offensive Information Warfare (SWWMM) ✅Refers to information warfare that invovles
attacks against the ICT assets of an opponent
Web application attacks, web server attacks, malware attacks, MITM attacks, system
hacking
Cyber Kill Chain Methodology ✅Component of intelligence-driven defense for the
identification and PREVENTION of MALICIOUS INTRUSION ACTIVITIES
Cyber Kill Chain Insights ✅Provides insights into attack phases, which helps security
professionals to understand the adversary's tactics, techniques, and procedures
beforehand
Cyber Kill Chain (CKC) (7 Steps) WACRIDE ✅Reconnaissance -> Weaponization ->
Delivery -> Exploitation -> Installation -> Command and Control -> Actions on
Objectives
