Questions for Unit 1
1. Explain the Morris Worm and its significance?
2. Explain what White-Hat, Black-Hat and Grey-Hat hackers are.
3. What is ECPA and what does it regulate?
4. What is SOX and what does it regulate?
5. What is the main motivation for hackers today and what was the previous motivation for earlier generations of hackers?
6. Explain the 6 different fallacies of hacking?
7. What is ethical hacking?
8. What role does professional organizations and certifying bodies play in regards to ethical standards?
9. What is the issue with conducting security assessments without prior authorization?
Questions for Unit 2
1. From Chapter 2 of The Art of Intrusion, what are some of the countermeasures that can be used to reduce the threat of terrorist hacking?
2. From Chapter 1 of The Art of Intrusion, explain the importance of doing research to discover exploitable vulnerabilities when it comes to defending an existing computer system or network?
3. Explain asymmetric encryption?
4. What is MD5 hashing?
5. What is IPSEC and what is it used for?
6. What does hashing provide?
7. What is the purpose of Authenticity in regards to cryptography?
8. What is the importance of the encryption key to stored data?
9. What are digital signatures used for?
10.What are the requirements of symmetric key encryption and what is the greatest danger with symmetric key encryption?
11.What is a birthday attack?
12.What s SSL encryption used for?
Questions for Unit 3
1. What is a split-horizon DNS configuration and how can it be used to defend against footprinting? Chapter 5 The Art of Intrusion
2. What are the valid footprinting techniques?
3. What can be discovered by using Google Hacking?
4. What is EDGAR and what is it used for?
5. Which techniques can be used to secure DNS?
6. What can Internet Archives be used for and what are a few names of some?
7. What are some key DNS words that can be used to help identify potential targets?
8. What can be done to help prevent search engine exposures?
9. What is ICANN and what can it be used for?
10.How can penetration testers use a physical address of a company?
11.Explain footprinting and why it can be useful?
12.How can newsgroups be used against a company?
Questions for Unit 4
1. What basic defenses against social engineering are provided in chapter 10, The Art of Intrusion?
2. Explain how War-dialing works.
3. How does a SYN scan work as a network attack and what types of defenses can it bypass?
4. How would you use NMAP to treat all hosts as online?
5. Explain OS fingerprinting?
6. How can null sessions be used with enumeration?
7. What types of information can NetBIOS enumeration provide?
8. What can be discovered with ARIN lookups?
9. What is a privilege escalation attack and how does it work?
10.What is a back door and what are some tools that can be used to create a back door from the command line?
Questions for Unit 5
1. What is tailgating in terms of penetration testing? Chapter 6
2. Explain what web site defacement is.
3. What type of tool are Nessus and Open VAS?
4. Explain what NAT is in relation to IP addresses.
5. What is cross-site scripting (and give an example) and how might you defend against it?
6. What does Brutus do and what type of tool s it?
7. What are some types of information that can be discovered through an insecure login system?
8. What is SQL injection and what can it do?
9. Why is a unique identifier important for each and every session to have?
10.Why is proper tracking of database user actions important?
11.What are the issues and concerns about database attacks such as injection attacks for organizations?
12.How can database attacks be defended against?
13.What does a typical web site banner look like?