What do ethical hackers do? — Quiz

What do ethical hackers do?

1. According to the ASIS International guidelines discussed in the lesson, which of the following is an essential component of a risk assessment plan? (Choose one answer) a) Creating a comprehensive security policy for the organization b) Conducting a cost/benefit analysis of mitigation options c) Publicly disclosing all found vulnerabilities to a national database d) Performing active exploitation of all identified vulnerabilities

2. What is the primary purpose of the asset discovery phase in a comprehensive vulnerability assessment? (Choose one answer) a) To exploit misconfigured services and weak passwords b) To perform a cost/benefit analysis for recommended security controls c) To catalog active hosts, open ports, and running services to map the attack surface d) To draft the formal contractual agreement with the client

3. The "get out of jail free card" in ethical hacking refers to what crucial document? (Choose one answer) a) The final penetration test report that identifies compromised data b) The responsible disclosure policy submitted to a national vulnerability database c) The security evaluation plan or contractual agreement that authorizes the testing d) The compliance audit report for standards like PCI DSS

4. Which of the following best describes a key difference between a vulnerability scan and a penetration test? (Choose one answer) a) A vulnerability scan is a preventative control, while a penetration test is a detective control b) A vulnerability scan is typically performed by an outside service, while penetration testing is done in-house c) A vulnerability scan lists potential vulnerabilities, while a penetration test demonstrates actual exploitation and data compromise d) A vulnerability test is required by regulations, while a penetration test is optional

5. Before conducting a risk assessment, a client must answer several practical questions. Which of the following is NOT one of those key questions? (Choose one answer) a) What are you trying to protect? b) Who are your likely adversaries? c) What are you trying to protect against? d) How much resource are you willing to expend for adequate protection?