MIS 4600 Ethical Hacking & Network Defense

Chapter 1: Ethical Hacking Overview

Review Questions

Question 1 (to be answered in class)

Which of the following may be part of a penetration test (P) or a security test (S)? Use “X” to indicate your answer.

P / S
1. / Breaking into a computer system without authorization.
2. / Laying out specific actions to be taken in order to prevent dangerous packets from passing through firewalls.
3. / Scanning a network in order to gather IP addresses of potential targets
4. / Finding that patches are not timely applied as recommended by corporate rules.
5. / Writing a report about a company’s security defense system.
6. / Scanning a network in order to find out what defense tools are being used.
7. / Finding that users cannot change their passwords themselves
8. / Finding that a company does not have an effective password reset rule.
9. / Finding out that a firewall does not block potentially dangerous packets
10 / Proposing a new procedure which implementation may help improve systems security
11 / Finding out that the administrator's account is called Admin and has a weak password
12 / Finding out that 1/3 of the security procedures are not actually implemented.
13 / Performing a denial-of service-attacks
14 / Disabling network defense systems

Question 2 (to be answered in class)

In the White Box penetration testing model, the tester is given authorization to interview system’s users. Name one disadvantage of letting the company’s employees know about the penetration test?

Answer:

Question 3 (to be answered in class)

In the White Box penetration testing model, the tester is given authorization to interview IT personnel. Name one disadvantage of letting the IT staff know about the penetration test?

Answer:

Reading Questions

Read Chapter 1, pages 7-12, and find the answer to the following End-of-Chapter Questions. See pages 15-16 for the meaning of the letters a, b, c, and d. Circle the letter (a, b, c, d) corresponding to your answer.

  1. How can you find out which computer crime laws are applicable in your state?
/ a. / b. / c. / d.
  1. What portion of your ISP contract might affect your ability to conduct a penetration test over the Internet?
/ a. / b. / c. / d.
  1. If you run a program in New York City that uses network resources to the extent that a user is denied access to a network resource, what type of law have you violated?
/ a. / b. / c. / d.
  1. Which federal law prohibits unauthorized access of classified information?
/ a. / b. / c. / d.
  1. Which federal law prohibits intercepting any communication, regardless of how it was transmitted?
/ a. / b. / c. / d.
  1. Skipped

  1. To determine whether scanning is illegal in your area, you should do which of the following?
/ a. / b. / c. / d.

Ch1ReviewQuestions.doc1/2