Where should a security tester be looking for information that could be used by an
attacker against an organization? (Select all that apply)

A.

CHAT rooms

B.

WHOIS database

C.

  News groups

D.

Web sites

E.

  Search engines

F.

Organization’s own web site

Steven works as a security consultant and frequently performs penetration tests for
Fortune 500 companies. Steven runs external and internal tests and then creates
reports to show the companies where their weak areas are. Steven always signs a
non-disclosure agreement before performing his tests. What would Steven be
considered?

A.

Whitehat Hacker

B.

 BlackHat Hacker

C.

 Grayhat Hacker

D.

 Bluehat Hacker

What are the two basic types of attacks?(Choose two.)

A.

DoS

B.

 Passive

C.

 Sniffing

D.

Active

E.

 Cracking

Which of the following best describes Vulnerability?

A.

The loss potential of a threat

B.

 An action or event that might prejudice security

C.

An agent that could take advantage of a weakness

D.

 A weakness or error that can lead to compromise

What does the term “Ethical Hacking” mean?

A.

Someone who is hacking for ethical reasons.

B.

  Someone who is using his/her skills for ethical reasons.

C.

  Someone who is using his/her skills for defensive purposes.

D.

  Someone who is using his/her skills for offensive purposes.

Which of the following act in the united states specifically criminalizes the
transmission of unsolicited commercial e-mail(SPAM) without an existing business
relationship.

A.

2004 CANSPAM Act

B.

2003 SPAM Preventing Act

C.

2005 US-SPAM 1030 Act

D.

 1990 Computer Misuse Act

What is "Hacktivism"?

A.

Hacking for a cause

B.

  Hacking ruthlessly

C.

An association which groups activists

D.

  None of the above

ABC.com is legally liable for the content of email that is sent from its systems,
regardless of whether the message was sent for private or business-related purpose.
This could lead to prosecution for the sender and for the company’s directors if, for
example, outgoing email was found to contain material that was pornographic, racist
or likely to incite someone to commit an act of terrorism.
You can always defend yourself by “ignorance of the law” clause.

A.

True

B.

 False

What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’?

A.

The ethical hacker does not use the same techniques or skills as a cracker.

B.

The ethical hacker does it strictly for financial motives unlike a cracker.

C.

The ethical hacker has authorization from the owner of the target.

D.

The ethical hacker is just a cracker who is getting paid.

The United Kingdom (UK) he passed a law that makes hacking into an unauthorized
network a felony.
The law states:
Section1 of the Act refers to unauthorized access to computer material. This states
that a person commits an offence if he causes a computer to perform any function
with intent to secure unauthorized access to any program or data held in any
computer. For a successful conviction under this part of the Act, the prosecution
must prove that the access secured is unauthorized and that the suspect knew that
this was the case. This section is designed to deal with common-or-graden hacking.
Section 2 of the deals with unauthorized access with intent to commit or facilitate
the commission of further offences. An offence is committed under Section 2 if a
Section 1 offence has been committed and there is the intention of committing or
facilitating a further offense (any offence which attacks a custodial sentence of more
than five years, not necessarily one covered but the Act). Even if it is not possible to
prove the intent to commit the further offence, the Section 1 offence is still
committed.
Section 3 Offences cover unauthorized modification of computer material, which
generally means the creation and distribution of viruses. For conviction to succeed
there must have been the intent to cause the modifications and knowledge that the
modification had not been authorized
What is the law called?

A.

Computer Misuse Act 1990

B.

 Computer incident Act 2000

C.

 Cyber Crime Law Act 2003

D.

 Cyber Space Crime Act 1995

Who is an Ethical Hacker?

A.

A person who hacks for ethical reasons

B.

  A person who hacks for an ethical cause

C.

  A person who hacks for defensive purposes

D.

  A person who hacks for offensive purposes

Which of the following activities would not be considered passive footprinting?

A.

Search on financial site such as Yahoo Financial

B.

Perform multiple queries through a search engine

C.

 Scan the range of IP address found in their DNS database

D.

Go through the rubbish to find out any information that might have been discarded