p.3
Need for Information and Network Security
What is the primary need discussed in the introduction?
Need for information and network security.
p.27
Introduction to Ethical Hacking and Penetration Testing
What is the focus of Chapter 01 in M. B Enmalek's work?
Introduction to Ethical Hacking and Penetration Testing.
p.16
Ethical Hacking vs. Non-Ethical Hacking
What is the role of an ethical hacker?
Acts as an attacker to help minimize risk.
p.20
Current Threat Landscape
How have threat actors evolved in recent times?
They are more sophisticated and agile than ever before.
What actions can attackers perform on an owned system?
They can upload, download, or manipulate data, applications, and configurations.
What types of information are gathered during reconnaissance?
Services, operating systems, packet hops, IP configuration, etc.
p.17
Importance of Penetration Testing
What is the primary purpose of penetration testing?
To find any possible paths of compromise before attackers do.
p.20
Current Threat Landscape
What should organizations do to stay ahead in cybersecurity?
Keep up with the latest trends and try to foresee the future.
p.24
Penetration Testing Methodologies
What does OSSTMM stand for?
Open Source Security Testing Methodology Manual.
How do attackers clear their tracks?
By overwriting server, system, and application logs.
p.21
Threats and Attack Vectors
Through which protocol did WannaCry spread?
SMB (Server Message Block).
p.22
Threats and Attack Vectors
From where did the DDoS traffic originate during the Mirai attack?
From IoT devices, such as IP cameras and DVR devices.
p.1
Introduction to Ethical Hacking and Penetration Testing
What is the focus of Chapter 01 in the course CYB514?
Introduction to Ethical Hacking and Penetration Testing.
p.24
Penetration Testing Methodologies
What is the purpose of PCI DSS penetration testing guidance?
To provide standards for testing the security of payment card data.
p.8
Cybersecurity Concepts and Objectives
What does integrity refer to in security objectives?
Protecting information from being modified by unauthorized parties.
How do attackers prevent other attackers from owning a compromised system?
By securing their exclusive access.
What happens to the target’s connected intermediate systems during the gaining access phase?
They can also be compromised.
p.6
Cybersecurity Concepts and Objectives
What are some components included in cybersecurity?
Tools, policies, security concepts, safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies.
What are the two main activities involved in the initial phase of hacking?
Footprinting and reconnaissance.
p.26
Need for Information and Network Security
What are two key components discussed in the context of ethical hacking?
Security Standards and Laws.
p.9
Cybersecurity Concepts and Objectives
What is the meaning of authenticity in the context of cybersecurity?
The property of being genuine and being able to be verified and trusted.
What does 'clearing tracks' refer to in hacking phases?
Activities undertaken by the hacker to hide his malicious acts.
p.23
Introduction to Ethical Hacking and Penetration Testing
What is the focus of Chapter 01 in M. B Enmalek's work?
Introduction to Ethical Hacking and Penetration Testing.
p.14
Importance of Penetration Testing
What is the purpose of ethical hacking?
To identify vulnerabilities and ensure system security.
p.20
Current Threat Landscape
What significant increase was observed in 2017 regarding cyber threats?
A dramatic increase in ransomware attacks.
p.36
Importance of Penetration Testing
What does penetration testing simulate?
Non-ethical hacking attacks.
p.5
Cybersecurity Concepts and Objectives
What are the elements of cybersecurity?
The foundational components that ensure the protection of information systems.
p.21
Threats and Attack Vectors
How did WannaCry attempt to connect to other hosts?
By pivoting and connecting to other random hosts over SMB port 445.
p.24
Penetration Testing Methodologies
What does PTES stand for?
Penetration Testing Execution Standards.
What does 'gaining access' refer to in hacking phases?
It refers to the point where the attacker obtains access to the operating system or applications on the target computer or network.
p.7
Cybersecurity Concepts and Objectives
What does confidentiality in cybersecurity refer to?
The protection of information from unauthorized access.
p.2
Introduction to Ethical Hacking and Penetration Testing
What is the significance of knowing your enemy in ethical hacking?
It helps in anticipating threats and vulnerabilities, leading to better security measures.
What are some reasons hackers clear their tracks?
Need for prolonged stay, removing evidence of hacking, avoiding legal action.
p.23
Penetration Testing Methodologies
What is a key aspect discussed in the chapter?
Penetration Testing Methodologies.
p.4
Need for Information and Network Security
What is the impact of a security breach on a corporation?
It affects the asset base and goodwill.
p.37
Penetration Testing Methodologies
What are some types of testing in penetration testing?
Web application, network infrastructure, wireless network, physical facility, and social engineering.
What is the purpose of the scanning phase in hacking?
To gather specific information about the network before an attack.
p.14
Ethical Hacking vs. Non-Ethical Hacking
What is the main focus of ethical hacking?
Simulating techniques used by attackers to verify the existence of exploitable vulnerabilities.
What does the phase 'Maintaining access' refer to in hacking?
It refers to the phase when the attacker tries to retain ownership of the system.
p.4
Need for Information and Network Security
What has increased in complexity regarding computer infrastructure?
Administration and management.
p.25
Need for Information and Network Security
What is the purpose of the NCA's cybersecurity frameworks and guidelines?
To enhance cybersecurity in the Kingdom and protect vital interests, national security, critical infrastructure, and government services.
p.6
Cybersecurity Concepts and Objectives
What types of assets does cybersecurity aim to protect?
Connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and transmitted or stored information.
p.29
Importance of Penetration Testing
Where can you find the SANS guidelines for writing a penetration testing report?
At http://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343.
p.36
Current Threat Landscape
What are some current threats in the threat landscape?
Ransomware, IoT attacks, organized crime, and hacktivists.
p.19
Vulnerability Scan vs. Pen Test vs. Audit
What is the main goal of Penetration Testing?
To simulate an attack on a system to identify and exploit vulnerabilities.
p.9
Cybersecurity Concepts and Objectives
What does accountability in cybersecurity refer to?
The ability to trace and attribute actions or decisions to specific individuals or entities.
At what levels can an attacker gain access?
At the operating system, applications, or network levels.
p.6
Cybersecurity Concepts and Objectives
What is cybersecurity?
The collection of tools, policies, security concepts, safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies used to protect cyberspace.
p.12
Ethical Hacking vs. Non-Ethical Hacking
What does hacking refer to?
Exploiting system vulnerabilities and compromising security controls to gain unauthorized access to a system’s resources.
p.16
Ethical Hacking vs. Non-Ethical Hacking
What motivates a non-ethical hacker?
Personal or political gain.
What can attackers do with a compromised system?
They can use it to launch further attacks.
p.10
Threats and Attack Vectors
What do attackers exploit to fulfill their motives?
Vulnerabilities in a computer system or security policy and controls.
p.18
Introduction to Ethical Hacking and Penetration Testing
What networking knowledge is essential for an Ethical Hacker/Pen Tester?
In-depth knowledge of networking concepts and technologies.
p.5
Ethical Hacking vs. Non-Ethical Hacking
What is ethical hacking?
The practice of intentionally probing systems for vulnerabilities with permission to improve security.
p.5
Current Threat Landscape
What does the current threat landscape refer to?
The evolving environment of cyber threats and vulnerabilities.
p.11
Threats and Attack Vectors
What financial impact can information security attacks have?
They can bring financial loss to the target.
p.28
Need for Information and Network Security
What are the key topics discussed in the chapter?
Security Standards and Laws.
p.2
Introduction to Ethical Hacking and Penetration Testing
What is the main theme of the quote by Sun Tzu in the context of ethical hacking?
Understanding both oneself and the enemy is crucial for achieving victory and avoiding defeat.
p.8
Cybersecurity Concepts and Objectives
What is the primary goal of confidentiality in security objectives?
Preventing the disclosure of data to unauthorized parties.
p.25
Need for Information and Network Security
What does the NCA do with the cybersecurity policies it develops?
Shares them with relevant entities and follows up on their compliance.
p.3
Threats and Attack Vectors
What types of threats are mentioned?
Various types of old and modern threats.
p.7
Cybersecurity Concepts and Objectives
What does availability mean in cybersecurity?
Ensuring that information and resources are accessible when needed.
What are some examples of methods used to gain access?
Password cracking, buffer overflow, denial of service, and session hijacking.
p.4
Need for Information and Network Security
What type of environment has increased due to technological evolution?
Networked environment and network-based applications.
What are the different types of hacking concepts?
Various methods and motivations behind hacking activities.
p.28
Introduction to Ethical Hacking and Penetration Testing
What is the focus of Chapter 01 in M. B Enmalek's work?
Introduction to Ethical Hacking and Penetration Testing.
p.37
Penetration Testing Methodologies
What do black-box, white-box, and gray-box refer to in penetration testing?
They refer to the amount of information provided to the tester.
p.25
Need for Information and Network Security
What is the role of the National Cybersecurity Authority (NCA)?
To develop and update policies, governance mechanisms, frameworks, standards, controls, and guidelines related to cybersecurity.
p.24
Penetration Testing Methodologies
What is NIST Special Publication 800-115?
A guideline for conducting security testing and assessments.
What type of information do attackers extract during the scanning phase?
Live machines, port status, OS details, device type, and system uptime.
What can an attacker do after gaining access?
They can escalate privileges to obtain complete control of the system.
p.25
Need for Information and Network Security
Where can more information about the NCA be found?
On their official website: https://www.nca.gov.sa.
p.16
Ethical Hacking vs. Non-Ethical Hacking
Do ethical and non-ethical hackers use different tools?
No, the same tools and techniques are used regardless of motivation.
p.3
Need for Information and Network Security
What does the presence of millions of users indicate?
High interaction and potential for threats.
p.18
Introduction to Ethical Hacking and Penetration Testing
What major operating environments should an Ethical Hacker/Pen Tester have in-depth knowledge of?
Windows, Unix, Linux, and MacOS.
p.21
Threats and Attack Vectors
What was the initial infection method for WannaCry?
Infected a machine listening on SMB on an external network.
p.22
Threats and Attack Vectors
What security vulnerability was exploited by the Mirai attack?
Utilization of factory default usernames and passwords.
p.19
Vulnerability Scan vs. Pen Test vs. Audit
What is a Vulnerability Scan?
A process that identifies vulnerabilities in a system without exploiting them.
p.18
Introduction to Ethical Hacking and Penetration Testing
What non-technical skill is important for an Ethical Hacker/Pen Tester?
Ability to learn and adapt to new technologies quickly.
p.5
Need for Information and Network Security
What are information security controls?
Measures implemented to protect information and manage risks.
p.14
Ethical Hacking vs. Non-Ethical Hacking
What is ethical hacking?
The use of hacking tools, tricks, and techniques to identify vulnerabilities and ensure system security.
What tools are commonly used during the scanning phase?
Port scanners, network mappers, ping tools, and vulnerability scanners.
p.14
Ethical Hacking vs. Non-Ethical Hacking
Who performs security assessments in ethical hacking?
Ethical hackers, with the permission of concerned authorities.
p.17
Importance of Penetration Testing
What should be determined during penetration testing?
What we are protecting and whether our defenses are adequate.
p.27
Need for Information and Network Security
What are two key components discussed in the introduction to ethical hacking?
Security standards and laws.
p.10
Threats and Attack Vectors
What is the formula for attacks?
Attacks = Motive (Goal) + Method + Vulnerability.
What is the significance of the information gathered during scanning?
It is used to launch an attack.
p.15
Importance of Penetration Testing
What is one reason organizations recruit ethical hackers?
To prevent hackers from gaining access to their information systems.
What is the primary focus of Chapter 02?
Footprinting and reconnaissance.
What does reconnaissance involve?
Gathering information about a target prior to launching an attack.
p.37
Penetration Testing Methodologies
Name a few common methodologies used in penetration testing.
PTES, PCI penetration testing guidance, and Penetration Testing Framework.
Who can be included in the reconnaissance target range?
The target organization’s clients, employees, operations, network, and systems.
p.15
Ethical Hacking vs. Non-Ethical Hacking
Why is ethical hacking necessary?
It allows organizations to counter attacks from malicious hackers by anticipating their methods.
p.29
Importance of Penetration Testing
What is the purpose of a penetration testing report?
To document the findings and recommendations from a penetration test.
p.12
Ethical Hacking vs. Non-Ethical Hacking
What does hacking involve in terms of system features?
Modifying system or application features to achieve a goal outside of the creator’s original purpose.
p.10
Threats and Attack Vectors
What originates a motive for an attack?
The notion that the target system stores or processes something valuable.
p.6
Cybersecurity Concepts and Objectives
Why is risk management important in cybersecurity?
It helps in identifying, assessing, and mitigating risks to protect assets in the cyberspace environment.
p.10
Threats and Attack Vectors
What do attackers use to exploit vulnerabilities?
Various tools and attack techniques.
p.36
Penetration Testing Methodologies
Why is following a methodology important in penetration testing?
It ensures a test is complete and prevents scope creep.
p.18
Introduction to Ethical Hacking and Penetration Testing
What technical skill is crucial for launching sophisticated attacks?
High technical knowledge.
p.21
Current Threat Landscape
What is another name for the ransomware Locky?
Locky is simply referred to as Locky.
p.5
Need for Information and Network Security
What is the significance of information security acts and laws?
They provide legal frameworks to protect information and ensure compliance.
p.26
Introduction to Ethical Hacking and Penetration Testing
What is the focus of Chapter 01 in M. B Enmalek's work?
Introduction to Ethical Hacking and Penetration Testing.
p.7
Cybersecurity Concepts and Objectives
What are the three key objectives of cybersecurity?
Confidentiality, Integrity, Availability.
p.3
Threats and Attack Vectors
What is the significance of the internet in relation to threats?
It is the most common and rapid option for spreading threats.
p.9
Cybersecurity Concepts and Objectives
What does non-repudiation ensure in cybersecurity?
That an individual cannot deny having signed a document or been party to a transaction.
p.7
Cybersecurity Concepts and Objectives
What is meant by integrity in the context of cybersecurity?
Ensuring that information is accurate and unaltered.
p.8
Cybersecurity Concepts and Objectives
What is the focus of availability in security objectives?
Ensuring that authorized parties can access the information when needed.
p.24
Penetration Testing Methodologies
What is the OWASP Testing Project?
A project that provides a framework for testing the security of web applications.
p.12
Threats and Attack Vectors
What can hacking lead to in a business context?
Stealing and redistributing intellectual property, leading to business loss.
p.15
Importance of Penetration Testing
What do ethical hackers help uncover in systems?
Vulnerabilities and their potential risks.
p.18
Introduction to Ethical Hacking and Penetration Testing
What type of knowledge is important regarding security for an Ethical Hacker/Pen Tester?
Knowledge of security areas and related issues.
p.18
Introduction to Ethical Hacking and Penetration Testing
What personal qualities should an Ethical Hacker/Pen Tester possess?
Strong work ethics, good problem-solving, and communication skills.
p.36
Ethical Hacking vs. Non-Ethical Hacking
What is the main difference between ethical and non-ethical hacking?
The motivation behind the hacking.
p.22
Threats and Attack Vectors
What significant attack occurred in 2016 involving the DynDNS service?
The Mirai attack, a high-volume DDoS attack.
p.22
Threats and Attack Vectors
What was the impact of the Mirai attack?
It disrupted many popular websites.
p.15
Importance of Penetration Testing
How do ethical hackers contribute to customer data protection?
By helping safeguard the customer data.
p.5
Importance of Penetration Testing
What is penetration testing?
A simulated cyber attack on a system to evaluate its security.
p.19
Vulnerability Scan vs. Pen Test vs. Audit
How does a Vulnerability Scan differ from Penetration Testing?
A Vulnerability Scan identifies vulnerabilities, while Penetration Testing actively exploits them.
p.22
Threats and Attack Vectors
What did the Mirai malware do to the infected devices?
It connected to devices and infected them with its source code.
p.11
Threats and Attack Vectors
What is one motive behind information security attacks?
To disrupt business continuity.
p.19
Vulnerability Scan vs. Pen Test vs. Audit
What does a Security Audit involve?
A comprehensive review of an organization's security policies and controls.
What are Suicide Hackers known for?
Individuals who aim to bring down critical infrastructure for a 'cause' and are not worried about punishment.
p.18
Introduction to Ethical Hacking and Penetration Testing
What commitment is essential for an Ethical Hacker/Pen Tester?
Commitment to the organization’s security policies.
What defines White Hats?
Individuals who use their hacking skills for defensive purposes and have permission from the system owner.
p.5
Penetration Testing Methodologies
What are penetration testing methodologies?
Structured approaches used to conduct penetration tests effectively.
p.11
Threats and Attack Vectors
What is a way attackers create fear and chaos?
By disrupting critical infrastructures.
p.18
Introduction to Ethical Hacking and Penetration Testing
What awareness should an Ethical Hacker/Pen Tester have?
Awareness of local standards and laws.
What is the role of State-Sponsored Hackers?
Individuals employed by the government to gain secret information and damage other governments.
p.19
Vulnerability Scan vs. Pen Test vs. Audit
What is the primary focus of a Security Audit?
To assess compliance with security policies and regulations.
Who are Gray Hats?
Individuals who work both offensively and defensively at various times.
p.11
Threats and Attack Vectors
What can attackers damage through their actions?
The reputation of the target.
What are Script Kiddies?
Unskilled hackers who compromise a system by running scripts, tools, and software developed by real hackers.
p.11
Threats and Attack Vectors
How can a state use information security attacks?
To achieve military objectives.
What are Black Hats?
Individuals with extraordinary computing skills who resort to malicious or destructive activities.
What motivates Cyber Terrorists?
Individuals with a range of skills motivated by terrorist beliefs to create fear through large-scale disruption of computer networks.
p.11
Threats and Attack Vectors
What is a political motive for information security attacks?
To propagate political beliefs.
What do Hacktivists aim to achieve?
Individuals who promote a political agenda by hacking, especially by defacing or disabling websites.
