CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [13]
Section 1030, "Fraud and related activity in connection with computers," prohibits accessing protected computers without permission and causing damage. This statute criminalizes the spreading of viruses and worms and breaking into computer systems by unauthorized individuals.
Exam Essentials
Understand essential hacker terminology. Make sure you're familiar with and can define the terms threat, exploit, vulnerability, target of evaluation, and attack.
Understand the difference between ethical hackers and crackers. Ethical hackers are security professionals who act defensively. Crackers are malicious hackers who choose to inflict damage on a target system.
Know the classes of hackers. It's critical to know the differences among black-hat, whitehat, and grey-hat hackers for the exam. Know who the good guys are and who the bad guys are in the world of hacking.
Know the phases of hacking. Passive and active reconnaissance, scanning, gaining access, maintaining access, and covering tracks are the five phases of hacking. Know the order of the phases and what happens during each phase.
Be aware of the types of attacks. Understand the differences between active and passive and inside and outside attacks. The ability to be detected is the difference between active and passive attacks. The location of the attacker is the difference between inside and outside attacks.
Know the ethical hacking types. Hackers can attack the network from a remote network, a remote dial-up network, or a local network, or through social engineering, stolen equipment, or physical access.
The full text of the Section 1029 and 1030 laws is included as an appendix in this book for your reference.
Understand the security testing types Ethical hackers can test a network using black-box, white-box, or grey-box testing techniques.
Know the contents of an ethical hacking report. An ethical hacking report contains information on the hacking activities performed, network or system vulnerabilities discovered, and countermeasures that should be implemented.
Know the legal implications involved in hacking. The Cyber Security Enhancement Act of 2002 can be used to prosecute ethical hackers who recklessly endanger the lives of others.
Be aware of the laws and punishment applicable to computer intrusion. Title 18 sections 1029 and 1030 of the U.S. Code carry strict penalties for hacking, no matter what the intent.
Review Questions
1. Which of the following statements best describes a white-hat hacker?
A. Security professional
B. Former black hat
C. Former grey hat
D. Malicious hacker
2. A security audit performed on the internal network of an organization by the network administration is also known as
A. Grey-box testing
B. Black-box testing
C. White-box testing
D. Active testing
E. Passive testing
3. What is the first phase of hacking?
A. Attack
B. Maintaining access
C. Gaining access
D. Reconnaissance
E. Scanning
4. What type of ethical hack tests access to the physical infrastructure?
A. Internal network
B. Remote network
C. External network
D. Physical access
5. The security, functionality, and ease of use triangle illustrates which concept?
A. As security increases, functionality and ease of use increase.
B. As security decreases, functionality and ease of use increase.
C. As security decreases, functionality and ease of use decrease.
D. Security does not affect functionality and ease of use.
6. Which type of hacker represents the highest risk to your network?
A. Disgruntled employees
B. Black-hat hackers
C. Grey-hat hackers
D. Script kiddies