Hacktivism is a term used to describe cyberattacks carried out by people who are considered political or ideological extremists. Hacktivists attack people or organizations that they believe are enemies to the hacktivist agenda.
2. Which statement describes cybersecurity?
A. It is the name of a comprehensive security application for end users to protect workstations from being attacked.
B. It is a framework for security policy development.
C. It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauthorized use or harm.
D. It is a standard-based model for developing firewall technologies to fight against cybercriminals.
Indicators of attack (IOA) focus more on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets. IOAs are concerned with the strategies that are used by attackers and can help generate a proactive security approach.
4. What is the motivation of a white hat attacker?
A. Studying operating systems of various platforms to develop a new system
B. Taking advantage of any vulnerability for illegal personal gain
C. Fine tuning network devices to improve their performance and efficiency
D. Discovering weaknesses of networks and systems to improve the security level of these systems
White hat attackers break into networks or computer systems in order to discover weaknesses for the purpose of improving the security of these systems. These break-ins are done with permission from the owner or the organization. Any results are reported back to the owner or the organization.
5. Which risk management plan involves discontinuing an activity that creates a risk?
During a risk assessment it may be determined that an activity involves more risk than benefit. In such a situation an organization may decide to avoid the risk altogether by discontinuing the activity. This is known as risk avoidance.
6. Which type of network threat is intended to prevent authorized users from accessing resources?
Network reconnaissance attacks involve the unauthorized discovery and mapping of the network and network systems. Access attacks and trust exploitation involve unauthorized manipulation of data and access to systems or user privileges. DoS, or Denial of Service attacks, are intended to prevent legitimate users and devices from accessing network resources.
7. What security tool allows a threat actor to hack into a wireless network and detect security
An attack surface is the total sum of the vulnerabilities in a system that is accessible to an attacker. The attack surface can consist of open ports on servers or hosts, software that runs on Internet-facing servers, wireless network protocols, and even users.
9. Which risk management strategy requires careful evaluation of the costs of loss, the mitigation
strategy, and the benefits gained from the operation or activity that is at risk?
Risk reduction strategy reduces exposure to risk or reduces the impact of risk by taking action to decrease the risk. It is the most commonly used risk mitigation strategy. This strategy requires careful evaluation of the costs of loss, the mitigation strategy, and the benefits gained from the operation or activity that is at risk.
10. What characteristic describes script kiddies?
A. Threat actors who steal government secrets, gather intelligence, and sabotage networks of foreign governments, terrorist groups, and corporations
B. Hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards
C. Hackers who rally and protest against different political and social ideals
D. Inexperienced threat actors running existing scripts, tools, and exploits, to cause harm, but typically not for profit
Gray hat hackers are individuals who commit crimes and do arguably unethical things, but not for personal gain or to cause damage.
12. A company has contracted with a network security firm to help identify the vulnerabilities of the
corporate network. The firm sends a team to perform penetration tests to the company network.
Why would the team use forensic tools?
A. To detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
B. To reverse engineer binary files when writing exploits and when analyzing malware
C. To obtain specially designed operating systems preloaded with tools optimized for hacking
D. To detect any evidence of a hack or malware in a computer or network
Ethical hacking involves using many different types of tools to test the network and end devices. To validate the security of a network and its systems, many network penetration testing tools have been developed. These tools are used to test the vulnerability and susceptibility of networks to be cracked, probed, hacked, captured, and hijacked. Many of the tools are Linux or Linux based and can be used by both white and black hats.
13. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as Nmap, SuperScan, and Angry IP Scanner?
A. To reverse engineer binary files when writing exploits and when analyzing malware
B. To detect any evidence of a hack or malware in a computer or network
C. To detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
D. To probe network devices, severs, and hosts for open TCP or UDP ports
Ethical hacking involves using many different types of tools to test the network and end devices. Network scanning tools are used to probe network devices, servers, and hosts for open TCP or UDP ports. Examples of scanning tools include Nmap, SuperScan, Angry IP Scanner, and NetScanTools.