Crowdly

Before an attack

After an attack to evaluate damage

To provide a basis for remediation

Jim

has been contracted to perform a penetration test of a bank’s primary branch.

In order to make the test as real as possible, he has not been given any

information about the bank other than its name and address. What type of

penetration test has Jim agreed to perform?

crystal box penetration test

white box penetration test

black box penetration test

gray box penetration test

Which of the following is the best definition of a

hacker?

A person who uses computer skills to defend networks

Initially, a person who was intellectually curious

about computer systems and then took on the definition of a person who uses

offensive skills to attack computer systems

A person who uses computer skills to play games

A person with computer skills who intends to do no

harm

Which one of the following is not

a typical goal of a hacker in the “acquiring access” phase of

malicious hacking?

Installing rootkits and sniffers

Access the operating system

Obtain elevated or escalated privileges

Launch buffer overflow attacks

Dumpster diving is usually performed in what phase of

malicious hacking?

Preparation

Reconnaissance

Gaining access

Maintaining access

In th

event of a security incident, one of the primary objectives of the operations

staff is to ensure that

the attackers are detected and stopped

there is minimal disruption to the organization’s mission

appropriate documentation about the event is maintained as chain of

evidence

the affected systems are immediately shut off to limit to the impact

In hacking, the two types of reconnaissance are:

Active and invasive

Preliminary and invasive

Preliminary and active

Active and passive

The fundamental tenets of information security are:

Confidentiality, integrity, and assessment

Security, integrity, and confidentiality

Integrity, authorization, and availability

Confidentiality, integrity, and availability

Which one of the following best describes information warfare?

Delays in processing that lead to reduced income,

penalties, or additional expenses

Computer-related attacks for military or economic

purposes

Theft, fraud, physical damage

Theft of data, modification of data, loss of data

A hacker that has the necessary computing expertise to

carry out harmful attacks on information systems is called a:

Blue hat hacker

White hat hacker

Gray hat hacker

Black hat hacker