CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [14]
7. What are the three phases of a security evaluation plan? (Choose three answers.)
A. Conduct Security Evaluation
B. Preparation
C. Conclusion
D. Final
E. Reconnaissance
F. Design Security
G. Vulnerability Assessment
8. Hacking for a cause is called
A. Active hacking
B. Hacktivism
C. Activism
D. Black-hat hacking
9. Which federal law is most commonly used to prosecute hackers?
A. Title 12
B. Title 18
C. Title 20
D. Title 2
10. When a hacker attempts to attack a host via the Internet it is known as what type of attack?
A. Remote attack
B. Physical access
C. Local access
D. Internal attack
Answers to Review Questions
1. A. Explanation: A white-hat hacker is a "good" guy who uses his skills for defensive purposes.
2. C. Explanation: White-box testing is a security audit performed with internal knowledge of the systems.
3. D. Explanation: Reconnaissance is gathering information necessary to perform the attack.
4. D. Explanation: Physical access tests access to the physical infrastructure.
5. B. Explanation: As security increases it makes it more difficult to use and less functional.
6. A. Explanation: Disgruntled employees have information which can allow them to launch a powerful attack.
7. A, B, C. Explanation: The three phases of a security evaluation plan are preparation, conduct security evaluation, and conclusion.
8. B. Explanation: Hacktivism is performed by individual who claim to be hacking for a political or social cause.
9. B. Explanation: Title 18 of the U.S. Code of law is most commonly used to prosecute hackers
10. A. Explanation: An attack from the Internet is known as a remote attack.
• • • • and
Social • •
CEH EXAM OBJECTIVES COVERED IN THIS CHAPTER:
✓ Footprinting
Define the Term Footprinting
Describe Information Gathering Methodology
■ Describe Competitive Intelligence
Understand DNS Enumeration
Understand Whois and ARIN Lookup
■ Identify Different Types of DNS Records
Understand How Traceroute Is Used in Footprinting
Understand How E-Mail Tracking Works
Understand How Web Spiders Work
✓ Social Engineering
■ What Is Social Engineering?
What Are the Common Types of Attacks?
Understand Dumpster Diving
Understand Reverse Social Engineering
Understand Insider attacks
• Understand Identity Theft
Describe Phishing Attacks
■ Understand Online Scams
■ Understand URL Obfuscation
Social Engineering Countermeasures
This chapter addresses the first part of the hacking process, which involves information gathering or footprinting. Foot- printing is the process of gathering all available information about an organization. This information can then be used later in the hacking process. Sometimes the information can be used to launch a social engineering attack. In the alternative social engineering can be used to obtain more information about an organization, which can ultimately lead to an attack.
In this chapter, we'll look at both of these hacking methods in detail and cover the most important topics you as a CEH should be familiar with.
Footpri nti ng
Footprinting is part of the preparatory pre-attack phase and involves accumulating data regarding a target's environment and architecture, usually for the purpose of finding ways to intrude into that environment. Footprinting can reveal system vulnerabilities and identify the ease with which they can be exploited. This is the easiest way for hackers to gather information about computer systems and the companies they belong to. The purpose of this preparatory phase is to learn as much as you can about a system, its remote access capabilities, its ports and services, and any specific aspects of its security.
Define the Term Footprinting
Footprinting is defined as the process of creating a blueprint or map of an organization's network and systems. Information gathering is also known as footprinting an organization. Footprinting begins by determining the target system, application, or physical location of the target. Once this information is known, specific information about the organization