Ethical Hacking Revised Exam, Exams of Information Technology

Ethical Hacking Revised Exam Ethical Hacking Revised Exam Ethical Hacking Revised Exam

Typology: Exams

2024/2025

Available from 07/01/2025

Prof.Lorraine-Dixon
Prof.Lorraine-Dixon ๐Ÿ‡ฌ๐Ÿ‡ง

848 documents

1 / 12

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Ethical Hacking Revised Exam
Ethical Hacking (Legal Hacking) - Correct answer Perpetrating exploits
against a system with the intent to find vulnerabilities so that security
weaknesses can be addresses and the system can be made more secure.
Penetration Testing - Correct answer The practice of finding vulnerabilities
and risks with the purpose of securing the computer or network system.
Red team - Correct answer An offensive security team that attempts to
discover vulnerabilities in a network or computer system.
Blue team - Correct answer A defensive security team that attempts to
close vulnerabilities and stop the red team.
Purple team - Correct answer A mixture of both the red and blue teams.
Steps of Hacking - Correct answer 1. Reconnaissance (Preparatory
phase)
2. Scanning and enumeration
3. Gaining access
4. Maintain access
5. Cover tracks
Reconnaissance - Correct answer Known as foot-printing. The phase
where the hacker begins to gather information on their target. Information
can include gathering publicly available information, using social
engineering techniques, and dumpster diving
Scanning/Enumeration - Correct answer Being actively engaged with the
target. Using various tools to gather in-depth information about the network,
computer systems, live systems, open ports, and more.
Enumeration - Correct answer Extracting information such as usernames,
computer names, network resources, shares, and services.
Gain access - Correct answer Taking information gathered through
reconnaissance and scanning to exploit the vulnerabilities found.
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Ethical Hacking Revised Exam and more Exams Information Technology in PDF only on Docsity!

Ethical Hacking Revised Exam

Ethical Hacking (Legal Hacking) - Correct answer Perpetrating exploits against a system with the intent to find vulnerabilities so that security weaknesses can be addresses and the system can be made more secure. Penetration Testing - Correct answer The practice of finding vulnerabilities and risks with the purpose of securing the computer or network system. Red team - Correct answer An offensive security team that attempts to discover vulnerabilities in a network or computer system. Blue team - Correct answer A defensive security team that attempts to close vulnerabilities and stop the red team. Purple team - Correct answer A mixture of both the red and blue teams. Steps of Hacking - Correct answer 1. Reconnaissance (Preparatory phase)

  1. Scanning and enumeration
  2. Gaining access
  3. Maintain access
  4. Cover tracks Reconnaissance - Correct answer Known as foot-printing. The phase where the hacker begins to gather information on their target. Information can include gathering publicly available information, using social engineering techniques, and dumpster diving Scanning/Enumeration - Correct answer Being actively engaged with the target. Using various tools to gather in-depth information about the network, computer systems, live systems, open ports, and more. Enumeration - Correct answer Extracting information such as usernames, computer names, network resources, shares, and services. Gain access - Correct answer Taking information gathered through reconnaissance and scanning to exploit the vulnerabilities found.

Maintain access - Correct answer Create ways to stay in their system. Install backdoors, rootkits, or trojan horses. Penetration testing types - Correct answer Black box White box Gray box Black box - Correct answer When the hacker has no information about the target or network. Simulates outside attacks and ignores insider threats. Major drawback: Takes more time and money because more goes into the reconnaissance and scanning phases. White box test - Correct answer The hacker is given full knowledge of the network, computer systems, and infrastructure. Unrealistic as a real hacker most likely does not have all the information. Comprehensive and thorough. Gray box test - Correct answer Simulates an insider threat. Hacker has partial information about the network and computer systems. Information could include: IP configurations, email lists, computer names, and other information that can be obtained. Requires less reconnaissance and scanning but not all information is given. Open Web Application Security Project (OWASP) - Correct answer Describes techniques for testing the most common web applications and web service security issues. Advanced Persistent Threat (APT) - Correct answer A stealthy computer network attack in which a person or group gains unauthorized access to a network and remains undetected for an extended period of time.

Risk Assessment - Correct answer Identify vulnerable areas within an organization's network. Should look at all areas including: high-value data, network systems, web applications, online information, and physical security, including operating systems and web servers. Risk Management - Correct answer Avoidance Transference Mitigation Acceptance Avoidance - Correct answer When a risk is identified and it can be avoided. Mitigation (Reduction) - Correct answer Steps to reduce damage that might occur. Social Engineering - Correct answer The art of deceiving and manipulating others into doing what you want. An attack involving human interaction. Payment Card Industry Data Security Standards (PCI-DSS) - Correct answer Security standards for any organization that handles cardholder information for debit cards, credit cards, prepaid cards, and other types of payment cards. Defines the security standards for any organization that handles cardholder information. Health Insurance Portability and Accountability Act (HIPAA) - Correct answer A set of standards that ensures a person's health information is kept safe and shared only with the patient and medical professionals who need it. ISO/IEC 27001 - Correct answer A set of processes and requirements for an organization's information security management systems. Defines the processes and requirements for an organization's information security management systems.

Compliance-based penetration test - Correct answer This test ensures that the organizations are in compliance with federal laws and regulations. These laws and regulations would include PCI DSS, HIPPA, ISO/IEC 27001, the Sarbanes Oxley Act (SOX), DMCA, and FISMA. Bring Your Own Device (BYOD) - Correct answer Policies that govern an organization's rules and regulations regarding support of employee-owned smart phones, tablets, and similar devices. Master Service Agreement (MSA) - Correct answer A contract where parties agree to the terms that will govern future actions. This makes future services and contracts easier to handle and define. Non-disclosure Agreement (NDA) - Correct answer A common legal contract that outlines confidential material or information that will be shared during a security assessment and what restrictions are placed on information. Permission to test - Correct answer A document that explains what the penetration tester is doing and that their work is authorized. This document is sometimes referred to as the "Get Out Of Jail Free Card" Footprinting - Correct answer Similar to stalking, but in a social engineering context. Pretexting - Correct answer A fictitious scenario to persuade someone to perform an action or give information. Preloading - Correct answer Influencing a target's thoughts, opinions, and emotions before something happens. SMiShing - Correct answer phishing through text messages (SMS) Impersonation - Correct answer Pretending to be somebody else and approaching a target to extract information 3 steps of a social engineering attack - Correct answer 1. Research

  1. Development
  2. Exploitation

On-Path Attacks - Correct answer Attackers position themselves in the communication stream between a client and server. A browser on-path attack is when the malware is operating on the victim's system. ARP Poisoning - Correct answer an attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker's machine ARP spoofing - Correct answer An attack in which the attacker's MAC address is associated with the IP address of a target's device. DNS Poisoning - Correct answer An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device. Host File - Correct answer A flat file that contains on each line a network address followed by the host name it can be referred to as. Bettercap - Correct answer is a powerful and modular network attack framework that enables security professionals to perform various network- based attacks, including ARP poisoning, network sniffing, and session hijacking, for testing and assessment purposes. Port Stealing - Correct answer Is a man-in-the-middle attack that exploits the binding between the port and the MAC address. The principle behind port stealing is that an attacker sends numerous packets with the source IP address of the victim and the destination MAC address of the attacker. This attack applies to broadcast networks built from switches. SSL Stripping - Correct answer An attack where a website's encryption is tricked into presenting the user with a HTTP connection instead of a HTTPS connection. iptables - Correct answer A user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores Brute Force Attack Methodologies - Correct answer Password Guessing Default Passwords Cracking

Phishing Hash Types - Correct answer - Message Digest 5 (Oldest, 128bit hash) -NTML (Re-encoded text hashed with MD4, Windows OS) -Net NTML (Improved version of NTML, uses salting and time stamps against PTH)

  • Secure Hash Algorithm 1 (Outdated, 160 bit hash)
  • Secure Hash Algorithm 2 (SHA-2, 256-512 bit hash) Password attack methods - Correct answer -Brute-force -Dictionary -Mutated Dictionary -Rainbow Tables -RAR/ZIP cracking Defense Methods - Correct answer -Strong Passwords, Login Attempt limitation, Fail2Ban Offline Password Cracking - Correct answer JTR(John the Ripper/CPU - John Jumbo/GPU, Jumbo/many hash types), Hashcat(Fastest password cracking), Crunch(Pass. list generator), CUPP(Creates wordlist based on prior knowledge of victim) Online Password Cracking - Correct answer Hydra(Remote and web formats), Medusa(thread-based remote auth.), Ncrack (fastest & most reliable for remote auth.) Social Engineering Process - Correct answer The social engineering process -Preparation: Choose a target and perform a background check to determine an attack method -Deceive to connect: Contact a target and take control over a session -Winning info: Expand the foothold to start the attack, use business activity as a cover, and phish for data -Cover the Tracks: Leave no trace of the activities by cover the trails Social Engineering Methods - Correct answer Phishing, Scareware, Vishing, Baiting, Water holing

Msfvenom - Correct answer is a combination of msfpayload and msfencode, putting both of these tools into a single framework. It can be used to generate malware as a standalone .exe file Lateral Movement - Correct answer The process by which an attacker is able to move from one part of a computing environment to another. Eternal Blue Exploit - Correct answer Attacker recognizes the target's OS and Version Attacker loads the module and payload Attacker executes the attack and get a remote shell Windows Priv. Escalation - Correct answer Local(Guest User, Regular User, Admin, NT Authority) Domain(Regular User, Delegated Admin, Domain Admin, Enterprise Admin) NET.EXE (Command Line Tools) - Correct answer Manages user, groups, services, network connections Privilege Escalation via Winlogon - Correct answer Launching CMD with NT Authority clearance created by mounting malicious code or changing file Offline Windows PE Mitigations - Correct answer BIOS PASS: Protects computer against boot order changing Encrypt the Drive: Prevents an external live OS from accessing the drive Physical Access: Limit of physical access to hardware Online Windows PE Mitigations - Correct answer -Principle of Least Priv. -Remote Local Admin Rights -Account Audits -Applocker -Software -Code -Tokens Linux Boot Order - Correct answer MBR(Master Boot Record), GRUB(Grand Unified Bootloader), Kernel(Sys. Core), Init(First Process), Run Level(After Boot)

GRUB - Correct answer allows user to choose which OS to load in Linux systems Traffic interception tools - Correct answer Burp Suite: web proxy written in JAVA, used for web app security testing Fiddler: Web debugging proxy that enables HTTP traffic examination for development OWASP Zap: Combined ZAP's Pentesting project with OWASP projects for a complete solution Burp Suite Tools - Correct answer Repeater: Repeatedly sends packets and tracks changes in responses used to observe server reactions Intruder: Brute-force module,sends parameters and manipulates them Sequencer: Sends a payload and examines the randomness of the request Decoder: Performs conversion of various data types Comparer: Comparison of data within Burp, with other data XSS types - Correct answer Reflected XSS: Most Common Stored XSS: Most Devistating DOM(Document Object Model) XSS: Most Complex XSS Consequences - Correct answer Defacing Cookie Theft Clickjacking Trojan Delivery session hijacking attack - Correct answer An attack where the attacker exploits a legitimate session to obtain unauthorized access to an organization's network or services. Steal the cookie - Correct answer Uses ajax to allow for asynchronous communication to retrieve the target's cookie and send it to another address XSS Mitigation - Correct answer Regex: Typically used in programming to provide search patterns HTML SpecialChars: Sterilizes data and replaces dangerous characters