Escolar Documentos
Profissional Documentos
Cultura Documentos
Students for whom English is not their first language are permitted to use a Standard
English/Foreign Language dictionary, e.g. French/English/English/French. Please ensure
that the dictionary does not contain any notes or other materials and note that electronic
dictionaries are not permissible.
Materials to be Supplied/Allowed:
a. In terms of hacking,
i. Define the term ethical hacking. [1 Mark]
ii. Explain the difference in the actions performed by an ethical hacker and a black hat hacker.
[2 Marks]
iii. Briefly outline the three aspects that differentiate an ethical hack and a malicious attack.
[3 Marks]
b. Explain in detail, the contents of the final penetration testing report. [4 Marks]
c. Explain in detail the basic four-step model to zero entry hacking. [5 Marks]
d. Define the technical terms: (i) vulnerability, and (ii) exploit. [2 Marks]
e. Define the four offences stated by the Computer Misuse Act 1990, as updated by the Police and
Justice Act 2006. Provide brief examples of activities that would violate the four main sections
of the Act. [8 Marks]
ii. Describe the difference between active and passive reconnaissance. [4 Marks]
iii. Explain the information that can be acquired from the Whois service. [2 Marks]
iv. Define what is meant by a Google directive. Explain the correct use of a directive, providing
an example to illustrate. [3 Marks]
iii. Describe the Null port scan, and explain how it is implemented. [3 Marks]
iv. Define four perimeter avoidance-scanning methods that are designed to avoid firewalls.
Explain the common feature of the techniques. [3 Marks]
c. Explain the difference between a vulnerability assessment and a penetration test. [3 Marks]
2 M3G421124: Network Penetration Testing & Ethical Hacking
a. Define the term authentication, listing the different mechanisms and providing examples.
[4 Marks]
b. Describe the three basic technical methods for cracking passwords. Provide an example of the
structure of password that each method is able to crack. [4 Marks]
d. Define the term social engineering, and explain in detail the attack vector referred to as reverse
social engineering. [5 Marks]
f. Explain the difference between an overt channel and a covert channel. [2 Marks]
g. Explain what is meant by the term Trojan. Define the different forms a Trojan can take.
[6 Marks]
a. In the context of penetration testing, describe the exploitation phase, outlining the ultimate
end goal. [3 Marks]
ii. Explain the role of the payload. Provide two examples to illustrate your answer. [6 Marks]
iii. Explain the difference between the RHOST and LHOST options. [2 Marks]
iv. Define the three different interfaces available within Metasploit. [3 Marks]
c. Explain the type of attack commonly performed when using an online password cracker such
as Medusa or Hydra. [2 Marks]
d. Explain the difference between a brute force attack and a dictionary attack in the context of a
penetration test to an online service such as SSH. [4 Marks]
ii. Describe in detail the attack vector referred to as a smurf attack. [5 Marks]
iii. Describe in detail the attack vector referred to as a fraggle attack. [4 Marks]
iv. Explain the methods which exist for preventing DoS attacks. [6 Marks]