Drew University IS MISC Quiz 1 Question1)Penetration testing involves simulating an attack in order to determine what would happen to an organization if an actual attack occurs

Drew University

IS MISC

Quiz 1

Question1)Penetration testing involves simulating an attack in order to determine what would happen to an organization if an actual attack occurs.

Question 2

White-hat hackers are sometimes referred to as ethical hackers.

Question 3

Over the past few years, the hacking community has engaged in more "lone wolf" types of hacking activities as opposed to working as teams.

Question 4

Gwen is investigating a security incident. She discovered evidence that the attacker obtained a sensitive file and sent it to a cloud service. What stage of the attack does this evidence address?

Question 5

In the ethical hacking and security process, all assets are considered to have equal value for an organization.

Question 6

Hacktivism is considered an ethical form of hacking.

Question 7

Ethical hacking does not always require the explicit permission of the owner of the target.

Question 8

Planning, discovery, attack, and reporting are considered                               .

Question 9

Which of the following refers to hacking that is carried out to bring attention to a cause or to achieve ideological goals?

Question 10

The more secure a system becomes, the more convenient it tends to be

Question 11

In black-box penetration testing, advanced knowledge is provided to the testing team.

Question 12

The first phase of penetration testing is to plan the test.

Question 13

Criminal hackers are typically information security (InfoSec) professionals who engage in hacking activities to uncover vulnerabilities in hopes of fixing them and making systems more secure.

Question 14

Inside attacks against an organization do not cause a serious threat because users do not have adequate system access.

Question 15

Hacking has always been motivated by causing damage or stealing information.

Question 16

When performing a penetration test, the team should generally include members with                          .

Question 17

Which type of penetration test is designed to simulate an attack against technology from either the inside or the outside depending on the goals and intentions of the client?

Question 18

A major difference between a malicious hacker and an ethical hacker is the                                  .

Question 19

A system can be considered completely secure once it passes an IT audit.

Question 20

An ethical hacker must strive to maintain the integrity of the Confidentiality, Integrity, and Availability (C-I-A) triad.

Question 21

Which of the following is NOT considered one of the three types of controls you can use to mitigate risk?

Question 22

Which type of penetration test is designed to find loopholes or shortcomings in how tasks and operational processes are performed?

Question 23

Maria is conducting a security investigation and has identified a suspect. The suspect is an employee of the organization who had access to a file share containing sensitive information. The employee routinely accesses that share during the normal course of business but is suspected of stealing sensitive information from it and sending it to a competitor. Which element of a crime has Maria NOT yet established?

Question 24

Ryan received a security audit that included a finding that the organization lacked sufficient administrative controls in their security program. What action could he take to address this finding?

Question 25

Which type of penetration test includes anything that targets equipment or facilities and can also include actions against people, such as social engineering–related threats?

Quesion 26

Reconnaissance, scanning, infiltration and escalation, exfiltration, access extension, assault, and obfuscation are considered                                                         .

Question 27

During the planning phase of a penetration test, the aim should be to                            .

Question 28

Which of the following refers to the structured and methodical means of investigating, uncovering, attacking, and reporting on a target system's strengths and vulnerabilities?

Question 29

Harry is planning to hire a consultant to perform a penetration test. He would like the test to simulate a real attack as closely as possible. What test type should he use?

Question 30

The Robin Hood ideal is a hacker justification for stealing software and other media from "rich" companies and delivering them to "poor" consumers.

Question 31

A vulnerability assessment is a survey of a system to identify as many vulnerabilities as possible.

Question 32

Acme Widgets recently experienced an attack in which the attacker broke into a file server and stole product plans. Which of the following is a goal of information security that was violated?

Question 33

The ethical hacker is tasked with evaluating the overall state of the foundational tenets of InfoSec security. The core principles involve preserving all of the following except                                                             .

Question 34

Breaking the trust a client has placed in an ethical hacker can lead to the                                .