Module 1 - Introduciton to Ethical Hacking Test Questions and Correct Answers
1 view 0 purchase
Course
Ethical Hacking
Institution
Ethical Hacking
Information Security A state of well-being of information and infrastructure in which the possibility of THEFT, TAMPERING and DISRUPTION OF INFORMATION AND SERVICES is low or tolerable
Elements of Information Security (EIS) (Confidentiality -> Integrity - > Availability) -> Authenticity -...
Module 1 - Introduciton to Ethical
Hacking Test Questions and Correct
Answers
Information Security ✅A state of well-being of information and infrastructure in which
the possibility of THEFT, TAMPERING and DISRUPTION OF INFORMATION AND
SERVICES is low or tolerable
Elements of Information Security (EIS) ✅(Confidentiality -> Integrity - > Availability) ->
Authenticity -> Non-repudiation
Confidentiality (EIS) ✅Assurance tha the information is accessible only to those
AUTHORIZED TO HAVE ACCESS
Integrity (EIS) ✅The TRUSTWORTHINESS OF DATA OR RESOURCES in terms of
preventing improper or unauthorized changes. Hashing algorithms fall in this category
Availibility (EIS) ✅Assurance that the systems responsible for delivering, storing, and
processing information are accessible when REQUIRED BY THE AUTHORIZED
USERS
Authenticity (EIS) ✅Refers to teh characteristic of a communication, document, or any
data that ensures the QUALITY OF BEING GENUINE
Digital signatures fall in this category.
Non-Repudiation ✅A GUARANTEE that the sender of a message cannot later deny
having sent the message and that the recipient cannot deny having received the
message
Attacks ✅Motive(Goal) + Method + Vulnerability
Motive ✅The TARGET SYSTEM STORES OR PROCESSES something valuable, and
this leads to the threat of an attack on the system
How do hackers hack? ✅They try various tools and attack techniques to EXPLOIT
VULNERABILITIES in a computer system or its security policy and controls in order to
fulfill their motives
1. Passive Attacks (Classification of Attacks) ✅- Do not tamper with the data and
involve intercepting and MONITORING NETWORK TRAFFICE and data flow on the
target network
-Examples include sniffing and eavesdropping
, 2. Active Attacks (Classification of Attacks) ✅- Tamper with data in transit or DISRUPT
THE COMMUNICATION or services between the systems to bypass or break into
secured systems
-Examples include DoS, Man in the Middle, session hijacking, and SQL injection
3. Close-in Attacks (Classification of Attacks) ✅-Performed when the attacker is in
close physical proximity with the target system or network in order to gather, modify, or
DISRUPT ACCESS to information
-Examples include social engineering such as eavesdropping, shoulder surfing, and
dumpster diving
4. Insider Attacks (Classification of Attacks) ✅-Using privileged access to VIOLATE
RULES or intentionally cause a threat to the organization's information or information
systems
-Examples include theft of physical devices and planting keyloggers, backdoors, and
malware
5. Distribution Attacks ✅-Attackers tamper with hardware or software prior to
installation
-Attackers tamper with hardware or software at its source or in transit
Information Warfare ✅Use of information and communication technologies (ICT) to
gain competitive advantages over an opponent
Defensive Information Warfare (PREPDAD) ✅Refers to all strategies adn actions
designed to defend against attacks on ICT assets
Prevention, Deterrence, Alerts, Detection, Emergency Preparedness, and Response
Offensive Information Warfare (SWWMM) ✅Refers to information warfare that invovles
attacks against the ICT assets of an opponent
Web application attacks, web server attacks, malware attacks, MITM attacks, system
hacking
Cyber Kill Chain Methodology ✅Component of intelligence-driven defense for the
identification and PREVENTION of MALICIOUS INTRUSION ACTIVITIES
Cyber Kill Chain Insights ✅Provides insights into attack phases, which helps security
professionals to understand the adversary's tactics, techniques, and procedures
beforehand
Cyber Kill Chain (CKC) (7 Steps) WACRIDE ✅Reconnaissance -> Weaponization ->
Delivery -> Exploitation -> Installation -> Command and Control -> Actions on
Objectives
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller twishfrancis. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.99. You're not tied to anything after your purchase.