Fill This Form To Receive Instant Help
Fill This Form To Receive Instant Help
Homework answers / question archive / Drew University IS MISC Quiz 1 Question1)Penetration testing involves simulating an attack in order to determine what would happen to an organization if an actual attack occurs
Drew University
IS MISC
Quiz 1
Question1)Penetration testing involves simulating an attack in order to determine what would happen to an organization if an actual attack occurs.
White-hat hackers are sometimes referred to as ethical hackers.
Over the past few years, the hacking community has engaged in more "lone wolf" types of hacking activities as opposed to working as teams.
Gwen is investigating a security incident. She discovered evidence that the attacker obtained a sensitive file and sent it to a cloud service. What stage of the attack does this evidence address?
In the ethical hacking and security process, all assets are considered to have equal value for an organization.
Hacktivism is considered an ethical form of hacking.
Ethical hacking does not always require the explicit permission of the owner of the target.
Planning, discovery, attack, and reporting are considered .
Which of the following refers to hacking that is carried out to bring attention to a cause or to achieve ideological goals?
The more secure a system becomes, the more convenient it tends to be
In black-box penetration testing, advanced knowledge is provided to the testing team.
The first phase of penetration testing is to plan the test.
Criminal hackers are typically information security (InfoSec) professionals who engage in hacking activities to uncover vulnerabilities in hopes of fixing them and making systems more secure.
Inside attacks against an organization do not cause a serious threat because users do not have adequate system access.
Hacking has always been motivated by causing damage or stealing information.
When performing a penetration test, the team should generally include members with .
Which type of penetration test is designed to simulate an attack against technology from either the inside or the outside depending on the goals and intentions of the client?
A major difference between a malicious hacker and an ethical hacker is the .
A system can be considered completely secure once it passes an IT audit.
An ethical hacker must strive to maintain the integrity of the Confidentiality, Integrity, and Availability (C-I-A) triad.
Which of the following is NOT considered one of the three types of controls you can use to mitigate risk?
Which type of penetration test is designed to find loopholes or shortcomings in how tasks and operational processes are performed?
Maria is conducting a security investigation and has identified a suspect. The suspect is an employee of the organization who had access to a file share containing sensitive information. The employee routinely accesses that share during the normal course of business but is suspected of stealing sensitive information from it and sending it to a competitor. Which element of a crime has Maria NOT yet established?
Ryan received a security audit that included a finding that the organization lacked sufficient administrative controls in their security program. What action could he take to address this finding?
Which type of penetration test includes anything that targets equipment or facilities and can also include actions against people, such as social engineering–related threats?
Reconnaissance, scanning, infiltration and escalation, exfiltration, access extension, assault, and obfuscation are considered .
During the planning phase of a penetration test, the aim should be to .
Which of the following refers to the structured and methodical means of investigating, uncovering, attacking, and reporting on a target system's strengths and vulnerabilities?
Harry is planning to hire a consultant to perform a penetration test. He would like the test to simulate a real attack as closely as possible. What test type should he use?
The Robin Hood ideal is a hacker justification for stealing software and other media from "rich" companies and delivering them to "poor" consumers.
A vulnerability assessment is a survey of a system to identify as many vulnerabilities as possible.
Acme Widgets recently experienced an attack in which the attacker broke into a file server and stole product plans. Which of the following is a goal of information security that was violated?
The ethical hacker is tasked with evaluating the overall state of the foundational tenets of InfoSec security. The core principles involve preserving all of the following except .
Breaking the trust a client has placed in an ethical hacker can lead to the .
It is possible for a penetration test to result in systems or services shutting down and completely stopping a company's operations.
Which of the following refers to a piece of software, a tool, or a technique that targets or takes advantage of a vulnerability?
Penetration testing requires rules to be agreed upon in advance.
Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are considered
physical controls.
If an ethical hacker breaks a limit placed upon a penetration test, there may be sufficient cause for a client to take legal action against the ethical hacker.
Which of the following statements is true regarding ethical hackers?
