Exam 1: Ethical Hacking Overview

Penetration testing can create ethical,technical,and privacy concerns for a company's management team.What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?

What type of testing procedure involves the tester(s)analyzing the company's security policy and procedures,and reporting any vulnerabilities to management?

What penetration model would likely provide a network diagram showing all the company's routers,switches,firewalls,and intrusion detection systems,or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?

List at least five domains tested for the Certified Ethical Hacker (CEH)exam.

Match each item with a statement below. -An individual who breaks into a company's computer system legally when employed or contracted by that company

Port scanning is a noninvasive,nondestructive,and legal testing procedure that is protected by federal law.

When a security professional is presented with a contract drawn up by a company's legal department,which allows them to "hack" the company's network,they should proceed by performing what precautionary step?

Why should a security professional or student learning hacking techniques be aware of the local,state,and federal laws that apply to their field of study?

What professional level security certification did the "International Information Systems Security Certification Consortium" (ISC2)develop?

What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system?

Even though the Certified Information Systems Security Professional (CISSP)certification is not geared toward the technical IT professional,it has become one of the standards for many security professionals.

What name is given to people who break into computer systems with the sole purpose to steal or destroy data?

What security certification did the "The International Council of Electronic Commerce Consultants" (EC-Council)develop?

What acronym represents the U.S.Department of Justice new branch that addresses computer crime?

Why is it a challenge and concern for an ethical hacker to avoid breaking any laws?

Why are employees sometimes not told that the company's computer systems are being monitored?

Match each item with a statement below. -A person who breaks into systems to steal or destroy data

An ethical hacker is a person who performs most of the same activities a hacker does,but with the owner or company's permission.

A Security professional may think they are following the requirements set forth by the client who hired them to perform a security test,don't assume that management will be happy with the test results.Provide an example of an ethical hacking situation that might upset a manager.

What professional level security certification requires five years of experience and is designed to focus on an applicant's security-related managerial skills?