Lab 1. What Are the Five Steps of a Hacking Attack?

741 Words3 Pages
1 1. List the 5 steps of the hacking process. 1—Reconnaissance 2—Scanning 3—Gaining Access 4—Maintaining Access 5—Covering Tracks 2. In order to exploit or attack the targeted systems, what can you do as an intial first step to collect as much information as possible about the targets prior to devising and attack and penetration test plan? The first step I would take would be from the 5 steps to hacking which is the reconnaissance. I would use passive reconnaissance as this pertains to information gathering. 3. What applications and tools can be used to preform this initial reconnaissance and probinig step? Google is a major tool in most hackers initial first step. But you can use Nmap , AMAP, ScanRand and Paratrace.…show more content…
8. As a security professional, you have been asked to perform an intrusive penetration test which involves cracking into the organization’s WLAN for a company. While performing this task, you are able to retrieve the authentication key. Should you use this and continue testing, or stop here and report your findings to the client? As a security professional you would stop at the first sign of unauthorized entry. Going any further could result in legal ramifications. That is unless instructed and signed into contract that you should go further. 9. Which NIST standards document encompasses security testing and penetrating testing? NIST 800-42 Guideline on Network Security Testing. 10. According to this NIST document, what are the four phases of penetration testing? Planning, Discovery, Attack and Reporting. 11. Why would an organization want to conduct an internal penetration test? To simulate the actions taken by an internal intruder that has access to the system already. 12. What constitutes a situation in which a penetration tester should not compromise or access a system as part of a controlled penetration test? The tester should only compromise or access only the areas outlined in the documented and signed agreement between both parties. Any further access that that outlined in the contract could result in criminal or civil proceedings. 13. Why would an organization hire an
Open Document