EXAM QUESTIONS AND
CORRECT ANSWERS
GRADED A+ 2025-2026
Black Box Model - ANS-A model for penetration testing in which management doesn't
divulge to IT security personnel that testing will be conducted or give the testing team
a description of the network topology. In other words, tests are on their own.
Certified Ethical Hacker (CEH) - ANS-A certification designated by the EC-Council.
Certified Information Systems Security Professional (CISSP) - ANS-Non-vendor-specific
certification issued by the International Information Systems Security Certification
Consortium, Inc. (ISC2).
crackers - ANS-Hackers who break into systems with the intent of doing harm or
destroying data.
ethical hackers - ANS-Users who attempt to break into a computer system or network
with the owner's permission.
Global Information Assurance Certification (GIAC) - ANS-An organization founded by
the SANS Institute in 1999 to validate the skills of security professionals. GIAC
certifications encompass many areas of expertise in the security field.
gray box model - ANS-A hybrid of the black box and white box models for penetration
testing.
, hacker - ANS-A user who attempts to break into a computer system or network without
authorization from the owner.
hacktivist - ANS-A hacker who breaks into a computer system or network for political
or ideological reasons.
Institute for Security and Open Methodologies (ISECOM) - ANS-A nonprofit
organization that provides training and certification programs for security
professionals.
Offensive Security Certified Professional (OCSP) - ANS-An ethical hacking certification
that requires participants to demonstrate their ability to use specific hacking tools.
Open Source Security Testing Methodology Manual (OSSTMM) - ANS-This security
manual developed by Peter Herzog has become one of the most widely used security-
testing methodologies to date.
OSSTMM Professional Security Tester (OPST) - ANS-An ISECOM-designated certification
for penetration and security testers. See also Institute for Security and Open
Methodologies (ISECOM).
packet monkeys - ANS-A derogatory term for unskilled crackers or hackers who steal
program code and use it in denial of service attacks instead of creating the programs
themselves.
penetration test - ANS-A test done by security professionals to break into a network
(with permission from the owner) in an effort to discover vulnerabilities; penetration
testers are also called "ethical hackers."
red team - ANS-A group of penetration testers who work together to break into a
network.
script kiddies - ANS-Similar to packet monkeys, a term for unskilled hackers or
crackers who use scripts or programs written by others to penetrate networks.