Home > Articles

  • Print
  • + Share This
This chapter is from the book

Exam Preparation Tasks

As mentioned in the section “How to Use This Book” in the Introduction, you have a couple of choices for exam preparation: the exercises here, Chapter 13, “Final Preparation,” and the exam simulation questions in the Pearson Test Prep Software Online.

Review All Key Topics

Review the most important topics in this chapter, noted with the Key Topic icon in the outer margin of the page. Table 1-3 lists a reference of these key topics and the page numbers on which each is found.

Table 1-3 Key Topics for Chapter 1

Key Topic Element


Page Number


Goals of security



Security testing



Categories of hackers



Required skills of an ethical hacker



Getting approval



Ethical hacking report



Ethics and legality


Define Key Terms

Define the following key terms from this chapter and check your answers in the glossary:

  • asset

  • availability

  • black box testing

  • confidentiality

  • denial of service (DoS)

  • exploit

  • gray box testing

  • integrity

  • RAID

  • risk

  • target of engagement (TOE)

  • threat

  • vulnerability

  • and white box testing

Hands-On Labs

As an ethical hacker, it is important to not only be able to test security systems but also understand that a good policy structure drives effective security. While this chapter discusses policy, laws, and rules of engagement, now is a good time to review the SANS Information Security Policy Templates page. These templates should be useful when you are helping an organization promote the change to a more secure setting.

Equipment Needed

A computer and Internet connection

Estimated Time: 15 minutes

Lab 1-1 Examining Security Policies

  • Step 1. Go to the SANS Information Security Policy Templates page located at https://www.sans.org/security-resources/policies.

  • Step 2. Click the Network Security category, and then click the Acquisition Assessment Policy hyperlink.

  • Step 3. Click the PDF hyperlink and review the Acquisition Assessment Policy. It defines responsibilities regarding corporate acquisitions and the minimum requirements of an acquisition assessment to be completed by the information security group.

  • Step 4. Return to the main Policy Templates page, click the Old/Retired category, click the Risk Assessment Policy hyperlink, click PDF, and review the template. This policy template defines the requirements and provides the authority for the information security team to identify, assess, and remediate risks to the organization’s information infrastructure associated with conducting business.

  • Step 5. Return to the main Policy Templates page, click the General category, click the Ethics Policy hyperlink, click PDF, and review the template. This template discusses ethics and defines the means to establish a culture of openness, trust, and integrity in the organization.

Review Questions

  1. You have been asked to perform a penetration test for a local company. You have had several meetings with the client and are now almost ready to begin the assessment. Which of the following is the document that would contain verbiage which describes what type of testing is allowed and when you will perform testing and limits your liabilities as a penetration tester?

    1. Nondisclosure agreement

    2. Rules of engagement

    3. Service-level agreement

    4. Project scope

  2. Which of the following addresses the secrecy and privacy of information?

    1. Integrity

    2. Confidentially

    3. Availability

    4. Authentication

  3. You are part of a pen testing team that has been asked to assess the risk of an online service. Management is concerned as to what the cost would be if there was an outage and how frequent these outages might be. Your objective is to determine whether there should be additional countermeasures. Given the following variables, which of the following amounts is the resulting annualized loss expectancy (ALE)?

    Single loss expectancy = $2,500

    Exposure factor = .9

    Annual rate of occurrence = .4

    Residual risk = $300

    1. $960

    2. $120

    3. $1,000

    4. $270

  4. Who are the individuals who perform legal security tests while sometimes performing questionable activities?

    1. Gray hat hackers

    2. Ethical hackers

    3. Crackers

    4. White hat hackers

  5. Which of the following is the most important step for the ethical hacker to perform during the pre-assessment?

    1. Hack the web server.

    2. Obtain written permission to hack.

    3. Gather information about the target.

    4. Obtain permission to hack.

  6. Which of the following is one primary difference between a malicious hacker and an ethical hacker?

    1. Malicious hackers use different tools and techniques than ethical hackers use.

    2. Malicious hackers are more advanced than ethical hackers because they can use any technique to attack a system or network.

    3. Ethical hackers obtain permission before bringing down servers or stealing credit card databases.

    4. Ethical hackers use the same methods but strive to do no harm.

  7. This type of security test might seek to target the CEO’s laptop or the organization’s backup tapes to extract critical information, usernames, and passwords.

    1. Insider attack

    2. Physical entry

    3. Stolen equipment

    4. Outsider attack

  8. Which of the following best describes an attack that altered the contents of two critical files?

    1. Integrity

    2. Confidentially

    3. Availability

    4. Authentication

  9. Which individuals believe that hacking and defacing websites can promote social change?

    1. Ethical hackers

    2. Gray hat hackers

    3. Black hat hackers

    4. Hactivists

  10. After the completion of the pen test, you have provided the client with a list of controls to implement to reduce the identified risk. What term best describes the risk that remains after the controls have been implemented?

    1. Gap analysis

    2. Total risk

    3. Inherent risk

    4. Residual risk

  11. This type of security test usually takes on an adversarial role and looks to see what an outsider can access and control.

    1. Penetration test

    2. High-level evaluation

    3. Network evaluation

    4. Policy assessment

  12. Assume you performed a full backup on Monday and then an incremental backup on Tuesday and Wednesday. If there was on outage on Thursday, what would you need to restore operations?

    1. The full backup from Monday

    2. Both incremental backups from Tuesday and Wednesday

    3. The full backup from Monday and Wednesday’s incremental backup

    4. The full backup from Monday and both incremental backups from Tuesday and Wednesday

  13. During a security review you have discovered that there are no documented security policies for the area you are assessing. Which of the following would be the most appropriate course of action?

    1. Identify and evaluate current practices

    2. Create policies while testing

    3. Increase the level of testing

    4. Stop the audit

  14. Your company performs PCI-DSS audits and penetration testing for third-party clients. During an approved pen test you have discovered a folder on an employee’s computer that appears to have hundreds of credit card numbers and other forms of personally identifiable information (PII). Which of the following is the best course of action?

    1. Contact the employee and ask why they have the data.

    2. Make a copy of the data and store it on your local machine.

    3. Stop the pen test immediately and contact management.

    4. Continue the pen test and include this information in your report.

  15. During which step of the incident response process would you be tasked with building the team, identifying roles, and testing the communication system?

    1. Containment

    2. Recovery

    3. Preparation

    4. Notification

  16. Clark is a talented coder and as such has found a vulnerability in a well-known application. Unconcerned about the ethics of the situation, he has developed an exploit that can leverage this unknown vulnerability. Based on this information, which of the following is most correct?

    1. Clark is a suicide hacker.

    2. Clark has violated U.S. Code Section 1027.

    3. Clark has developed a zero day.

    4. Clark is a white hat hacker.

  17. Your ethical hacking firm has been hired to conduct a penetration test. Which of the following documents limits what you can discuss publicly?

    1. Nondisclosure agreement

    2. PCI-DSS

    3. Memorandum of understanding

    4. Terms of engagement

  18. Which of the following is a common framework applied by business management and other personnel to identify potential events that may affect the enterprise, manage the associated risks and opportunities, and provide reasonable assurance that objectives will be achieved?

    1. NIST SP 800-37

    2. Qualitative risk assessment

    3. PC-DSS

    4. Risk management framework

  19. Your ethical hacking firm has been hired to conduct a penetration test. Which of the following documents limits the scope of your activities?

    1. Nondisclosure agreement

    2. PCI-DSS

    3. Memorandum of understanding

    4. Terms of engagement

  20. Which of the following is a proprietary information security standard that requires organizations to follow security best practices and use 12 high-level requirements, aligned across six goals?

    1. SOX

    2. FISMA

    3. PCI-DSS

    4. Risk Management Framework

Suggested Reading and Resources

https://www.eccouncil.org/programs/certified-ethical-hacker-ceh: EC-Council CEH certification details

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/: Top IT security breaches

http://searchnetworking.techtarget.com/tutorial/Network-penetration-testing-guide: Guide to penetration testing

https://www.rapid7.com/resources/how-to-respond-to-an-incident/: Incident response methodologies

http://securityaffairs.co/wordpress/49624/hacking/cyber-red-team-blue-team.html: Description of hacking teams including pen testers, blue teams, and red teams

http://www.hackerlaw.org/?page_id=55: U.S. hacker laws

https://tools.ietf.org/html/rfc1087: Ethics and the Internet

https://www.owasp.org/index.php/Main_Page: The Open Web Application Security Project

https://www.owasp.org/index.php/Penetration_testing_methodologies: Various pen testing methodologies

http://blogs.getcertifiedgetahead.com/quantitative-risk-assessment/: Quantitative risk assessment

https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf: A guide to PCI-DSS

  • + Share This
  • 🔖 Save To Your Account