CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [92]
D. To get passwords
2. Security assessment categories include which of the following? (Choose all that apply.)
A. White-hat assessments
B. Vulnerability assessments
C. Penetration testing
D. Security audits
E. Black-hat assessments
3. What type of testing is the best option for an organization that can benefit from the experience of a security professional?
A. Automated testing tools
B. White-hat and black-hat testing
C. Manual testing
D. Automated testing
4. Which type of audit tests the security implementation and access controls in an organization?
A. A firewall test
B. A penetration test
C. An asset audit
D. A systems audit
5. What is the objective of ethical hacking from the hacker's prospective?
A. Determine the security posture of the organization.
B. Find and penetrate invalid parameters.
C. Find and steal available system resources.
D. Leave marks on the network to prove they gained access.
6. What is the first step of a pen test?
A. Create a map of the network by scanning.
B. Locate the remote access connections to the network.
C. Sign a scope of work, NDA, and liability release document with the client.
D. Perform a physical security audit to ensure the physical site is secure.
7. Which tools are not essential in a pen tester's toolbox?
A. Password crackers
B. Port scanning tools
C. Vulnerability scanning tools
D. Web testing tools
E. Database assessment tools
F. None of the above
8. What are not the results to be expected from a pre-attack passive reconnaissance phase? (Choose all that apply.)
A. Directory mapping
B. Competitive intelligence gathering
C. Asset classification
D. Acquiring the target
E. Product/service offerings
F. Executing, implanting, and retracting
G. Social engineering
9. Once the target has been acquired, what is the next step for a company that wants to confirm the vulnerability was exploited? (Choose all that apply.)
A. Use tools that will exploit a vulnerability and leave a mark.
B. Create a report that tells management where the vulnerability exists.
C. Escalate privileges on a vulnerable system.
D. Execute a command on a vulnerable system to communicate to another system on the network and leave a mark.
10. An assessment report for management may include suggested fixes or corrective measures.
A. True
B. False
Answers to Review Questions
1. C. A penetration test is designed to test the overall security posture of an organization and to see if it responds according to the security policies.
2. B, C, D. Security assessments can be security audits, vulnerability assessments, or penetration testing.
3. C. Manual testing is best, because knowledgeable security professionals can plan, test designs, and do diligent documentation to capture test results.
4. B. A penetration test produces a report of findings on the security posture of an organization.
5. A. An ethical hacker is trying to determine the security posture of the organization.
6. C. The first step of a pen test should always be to have the client sign a scope of work, NDA, and liability release document.
7. F. All these tools must be used to discover vulnerabilities in an effective security assessment.
8. D, F. Acquiring the target and executing, implanting, and retracting are part of the active reconnaissance pre-attack phase.
9. A, D. The next step after target acquisition is to use tools that will exploit a vulnerability and leave a mark or execute a command on a vulnerable system to communicate to another system on the network and leave a mark.
10. A. An assessment may include corrective suggestions to fix the vulnerability.
0=
Access Control List (ACL) A table that maintains a detailed list of permissions or access rights granted to users or groups with respect to file directory, individual file, or network resource access.
access point (AP) A piece of wireless communications hardware that creates a central point of wireless connectivity.
active attack An attack that can be detected