- "Do I Know This Already?" Quiz
- Foundation Topics
- Exam Preparation Tasks
Exam Preparation Tasks
As mentioned in the section “How to Use This Book” in the Introduction, you have a couple of choices for exam preparation: the exercises here, Chapter 13, “Final Preparation,” and the exam simulation questions in the Pearson Test Prep Software Online.
Review All Key Topics
Review the most important topics in this chapter, noted with the Key Topic icon in the outer margin of the page. Table 1-3 lists a reference of these key topics and the page numbers on which each is found.
Table 1-3 Key Topics for Chapter 1
Key Topic Element |
Description |
Page Number |
Section |
Goals of security |
6 |
Section |
Security testing |
13 |
List |
Categories of hackers |
17 |
Section |
Required skills of an ethical hacker |
20 |
Section |
Getting approval |
27 |
Section |
Ethical hacking report |
28 |
Section |
Ethics and legality |
29 |
Define Key Terms
Define the following key terms from this chapter and check your answers in the glossary:
asset
availability
black box testing
confidentiality
denial of service (DoS)
exploit
gray box testing
integrity
RAID
risk
target of engagement (TOE)
threat
vulnerability
and white box testing
Hands-On Labs
As an ethical hacker, it is important to not only be able to test security systems but also understand that a good policy structure drives effective security. While this chapter discusses policy, laws, and rules of engagement, now is a good time to review the SANS Information Security Policy Templates page. These templates should be useful when you are helping an organization promote the change to a more secure setting.
Equipment Needed
A computer and Internet connection
Estimated Time: 15 minutes
Lab 1-1 Examining Security Policies
Step 1. Go to the SANS Information Security Policy Templates page located at https://www.sans.org/security-resources/policies.
Step 2. Click the Network Security category, and then click the Acquisition Assessment Policy hyperlink.
Step 3. Click the PDF hyperlink and review the Acquisition Assessment Policy. It defines responsibilities regarding corporate acquisitions and the minimum requirements of an acquisition assessment to be completed by the information security group.
Step 4. Return to the main Policy Templates page, click the Old/Retired category, click the Risk Assessment Policy hyperlink, click PDF, and review the template. This policy template defines the requirements and provides the authority for the information security team to identify, assess, and remediate risks to the organization’s information infrastructure associated with conducting business.
Step 5. Return to the main Policy Templates page, click the General category, click the Ethics Policy hyperlink, click PDF, and review the template. This template discusses ethics and defines the means to establish a culture of openness, trust, and integrity in the organization.
Review Questions
You have been asked to perform a penetration test for a local company. You have had several meetings with the client and are now almost ready to begin the assessment. Which of the following is the document that would contain verbiage which describes what type of testing is allowed and when you will perform testing and limits your liabilities as a penetration tester?
Nondisclosure agreement
Rules of engagement
Service-level agreement
Project scope
Which of the following addresses the secrecy and privacy of information?
Integrity
Confidentially
Availability
Authentication
You are part of a pen testing team that has been asked to assess the risk of an online service. Management is concerned as to what the cost would be if there was an outage and how frequent these outages might be. Your objective is to determine whether there should be additional countermeasures. Given the following variables, which of the following amounts is the resulting annualized loss expectancy (ALE)?
Single loss expectancy = $2,500
Exposure factor = .9
Annual rate of occurrence = .4
Residual risk = $300
$960
$120
$1,000
$270
Who are the individuals who perform legal security tests while sometimes performing questionable activities?
Gray hat hackers
Ethical hackers
Crackers
White hat hackers
Which of the following is the most important step for the ethical hacker to perform during the pre-assessment?
Hack the web server.
Obtain written permission to hack.
Gather information about the target.
Obtain permission to hack.
Which of the following is one primary difference between a malicious hacker and an ethical hacker?
Malicious hackers use different tools and techniques than ethical hackers use.
Malicious hackers are more advanced than ethical hackers because they can use any technique to attack a system or network.
Ethical hackers obtain permission before bringing down servers or stealing credit card databases.
Ethical hackers use the same methods but strive to do no harm.
This type of security test might seek to target the CEO’s laptop or the organization’s backup tapes to extract critical information, usernames, and passwords.
Insider attack
Physical entry
Stolen equipment
Outsider attack
Which of the following best describes an attack that altered the contents of two critical files?
Integrity
Confidentially
Availability
Authentication
Which individuals believe that hacking and defacing websites can promote social change?
Ethical hackers
Gray hat hackers
Black hat hackers
Hactivists
After the completion of the pen test, you have provided the client with a list of controls to implement to reduce the identified risk. What term best describes the risk that remains after the controls have been implemented?
Gap analysis
Total risk
Inherent risk
Residual risk
This type of security test usually takes on an adversarial role and looks to see what an outsider can access and control.
Penetration test
High-level evaluation
Network evaluation
Policy assessment
Assume you performed a full backup on Monday and then an incremental backup on Tuesday and Wednesday. If there was on outage on Thursday, what would you need to restore operations?
The full backup from Monday
Both incremental backups from Tuesday and Wednesday
The full backup from Monday and Wednesday’s incremental backup
The full backup from Monday and both incremental backups from Tuesday and Wednesday
During a security review you have discovered that there are no documented security policies for the area you are assessing. Which of the following would be the most appropriate course of action?
Identify and evaluate current practices
Create policies while testing
Increase the level of testing
Stop the audit
Your company performs PCI-DSS audits and penetration testing for third-party clients. During an approved pen test you have discovered a folder on an employee’s computer that appears to have hundreds of credit card numbers and other forms of personally identifiable information (PII). Which of the following is the best course of action?
Contact the employee and ask why they have the data.
Make a copy of the data and store it on your local machine.
Stop the pen test immediately and contact management.
Continue the pen test and include this information in your report.
During which step of the incident response process would you be tasked with building the team, identifying roles, and testing the communication system?
Containment
Recovery
Preparation
Notification
Clark is a talented coder and as such has found a vulnerability in a well-known application. Unconcerned about the ethics of the situation, he has developed an exploit that can leverage this unknown vulnerability. Based on this information, which of the following is most correct?
Clark is a suicide hacker.
Clark has violated U.S. Code Section 1027.
Clark has developed a zero day.
Clark is a white hat hacker.
Your ethical hacking firm has been hired to conduct a penetration test. Which of the following documents limits what you can discuss publicly?
Nondisclosure agreement
PCI-DSS
Memorandum of understanding
Terms of engagement
Which of the following is a common framework applied by business management and other personnel to identify potential events that may affect the enterprise, manage the associated risks and opportunities, and provide reasonable assurance that objectives will be achieved?
NIST SP 800-37
Qualitative risk assessment
PC-DSS
Risk management framework
Your ethical hacking firm has been hired to conduct a penetration test. Which of the following documents limits the scope of your activities?
Nondisclosure agreement
PCI-DSS
Memorandum of understanding
Terms of engagement
Which of the following is a proprietary information security standard that requires organizations to follow security best practices and use 12 high-level requirements, aligned across six goals?
SOX
FISMA
PCI-DSS
Risk Management Framework
Suggested Reading and Resources
https://www.eccouncil.org/programs/certified-ethical-hacker-ceh: EC-Council CEH certification details
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/: Top IT security breaches
http://searchnetworking.techtarget.com/tutorial/Network-penetration-testing-guide: Guide to penetration testing
https://www.rapid7.com/resources/how-to-respond-to-an-incident/: Incident response methodologies
http://securityaffairs.co/wordpress/49624/hacking/cyber-red-team-blue-team.html: Description of hacking teams including pen testers, blue teams, and red teams
http://www.hackerlaw.org/?page_id=55: U.S. hacker laws
https://tools.ietf.org/html/rfc1087: Ethics and the Internet
https://www.owasp.org/index.php/Main_Page: The Open Web Application Security Project
https://www.owasp.org/index.php/Penetration_testing_methodologies: Various pen testing methodologies
http://blogs.getcertifiedgetahead.com/quantitative-risk-assessment/: Quantitative risk assessment
https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf: A guide to PCI-DSS