• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/10

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

10 Cards in this Set

  • Front
  • Back
The absence or weakness in a system that may possibly be exploited is called a(n)?

A. Threat
B. Exposure
C. Vulnerability
D. Risk
Vulnerability
What tool do you use to determine whether a host is vulnerable to known attacks?

A. Padded Cells
B. Vulnerability analysis
C. Honey Pots
D. IDS
Vulnerability analysis
Which of the following statements pertaining to ethical hacking is incorrect?

A. An organization should use ethical hackers who do not sell auditing, consulting, hardware, software, firewall, hosting, and/or
networking services
B. Testing should be done remotely
C. Ethical hacking should not involve writing to or modifying the target systems
D. Ethical hackers should never use tools that have potential of exploiting vulnerabilities in the organizations IT system.
Ethical hackers should never use tools that have potential of exploiting vulnerabilities in the organizations IT system.
Why would an information security policy require that communications test equipment be controlled?

A. The equipment is susceptible to damage
B. The equipment can be used to browse information passing on a network
C. The equipment must always be available for replacement if necessary
D. The equipment can be used to reconfigure the network multiplexers
The equipment can be used to browse information passing on a network
Management can expect penetration tests to provide all of the following EXCEPT

A. identification of security flaws
B. demonstration of the effects of the flaws
C. a method to correct the security flaws.
D. verification of the levels of existing infiltration resistance
demonstration of the effects of the flaws
Which one of the following is a characteristic of a penetration testing project?

A. The project is open-ended until all known vulnerabilities are identified.
B. The project schedule is plotted to produce a critical path.
C. The project tasks are to break into a targeted system.
D. The project plan is reviewed with the target audience.
The project tasks are to break into a targeted system.
Which one of the following is the PRIMARY objective of penetration testing?

A. Assessment
B. Correction
C. Detection
D. Protection
Assessment
Open box testing, in the Flaw Hypothesis Methodology of Penetration Testing applies to the analysis of

A. Routers and firewalls
B. Host-based IDS systems
C. Network-based IDS systems
D. General purpose operating systems
General purpose operating systems
What is the FIRST step that should be considered in a penetration test?

A. The approval of change control management.
B. The development of a detailed test plan.
C. The formulation of specific management objectives.
D. The communication process among team members.
The formulation of specific management objectives.
Penetration testing will typically include

A. Generally accepted auditing practices.
B. Review of Public Key Infrastructure (PKI) digital certificate, and encryption.
C. Social engineering, configuration review, and vulnerability assessment.
D. Computer Emergency Response Team (CERT) procedures.
Social engineering, configuration review, and vulnerability assessment.