System Hacking Quiz

10 Questions
System Hacking Quiz

Thank you for participating in our System Hacking webinar last month. Answer these questions, and stand a chance to win a customised Microsoft water bottle. Thank you!

Please wait...
Questions and Answers
  • 1. 
    When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training will be beneficial?
    • A. 

      Vulnerability scanning

    • B. 

      Social engineering

    • C. 

      Application security testing

    • D. 

      Network sniffing

  • 2. 
    A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?
    • A. 

      Information reporting

    • B. 

      Vulnerability assessment

    • C. 

      Active information gathering

    • D. 

      Passive information gathering

  • 3. 
    John the Ripper is a technical assessment tool used to test the weakness of which of the following?
    • A. 

      Usernames

    • B. 

      File permissions

    • C. 

      Firewall rulesets

    • D. 

      Passwords

  • 4. 
    Least privilege is a security concept that requires that a user is?
    • A. 

      Limited to those functions required to do the job

    • B. 

      Given root or administrative privileges

    • C. 

      Trusted to keep all data and access to that data under their sole control

    • D. 

      Given privileges equal to everyone else in the department

  • 5. 
    Which of the following programs is usually targeted at Microsoft Office products?
    • A. 

      Polymorphic virus

    • B. 

      Multi-part virus

    • C. 

      Macro virus

    • D. 

      Stealth virus

  • 6. 
    In order to show improvement of security over time, what must be developed?
    • A. 

      Reports

    • B. 

      Testing tools

    • C. 

      Metrics

    • D. 

      Taxonomy of vulnerabilities

  • 7. 
    Passive reconnaissance involves collecting information through which of the following?
    • A. 

      Social engineering

    • B. 

      Network traffic sniffing

    • C. 

      Man in the middle attacks

    • D. 

      Publicly accessible sources

  • 8. 
    How can rainbow tables be defeated?
    • A. 

      Password salting

    • B. 

      Use of non-dictionary words

    • C. 

      All uppercase character passwords

    • D. 

      Lockout accounts under brute force password cracking attempts

  • 9. 
    A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?
    • A. 

      White box

    • B. 

      Grey box

    • C. 

      Red box

    • D. 

      Black box

  • 10. 
    If the final set of security controls does not eliminate all risk in a system, what could be done next?
    • A. 

      Continue to apply controls until there is zero risk

    • B. 

      Ignore any remaining risk

    • C. 

      If the residual risk is low enough, it can be accepted

    • D. 

      Remove current controls since they are not completely effective