There needs to be a solid grounding in basic terms and ideas that used in Penetration Testing as a whole and by extension Ethical Hacking.
An Ethical Hacker needs to understand systems and why they are built the way they are, as well they need to understand things such as legal and regulator compliance requirements.
- Advanced Persistent Threat (APT)
- Attack Vector
- Black Box Testing
- Blue Team
- Daisy Chaining
- Data Breach
- Gray Box Testing
- Hack Value
- Information Warfare
- Purple Team
- Red Team
- Security Control
- Threat Category
- White Box Testing
What are the 3 main elements of information security?
- What are the risks associated with each element?
- What type of controls can ensure each element?
- How do these elements support Authenticity and Non-Repudiation?
For a security system to be maintainable, what 3 elements must be kept in balance?
- What are symptoms of each element falling out of balance?
What were the most common attack vectors for the last calendar year?
What are the main threat categories?
- What are examples of each type of threat?
- What are possible mitigations to each type of threat?
What are examples of major data breaches?
- How were the breaches accomplished?
- What mitigations could have been implemented to prevent them?
What are the 2 major types of Information Warfare?
- What types of actions can be taken to defend against information warfare?
What is the Cyber Kill Chain?
- What are the steps in the kill chain?
- What are examples of actions within each phase of the kill chain?
What are the different types of hackers?
- What are their motivations?
What are the 5 phases of compromising a system?
What is Ethical Hacking?
- Why is Ethical Hacking necessary?
- Why is scope important to an Ethical Hacker?
- What are the phases of an Ethical Hack?
What 2 types of skills are required to be an Ethical Hacker?
- What are examples of each type of skill?
Why would communication be an important skill for an Ethical Hacker?
What are Information Security Controls?
What is Information Assurance what 3 things does it depend on?
What are Information Security Policies (ISPs)?
- What are the basic goals and objectives of ISPs?
- What are the steps to enforcing ISPs?
- What are the different levels of ISPs?
- What do the different levels allow for?
What is the purpose of an Information Security Management Program?
What are the elements of the EC-Council’s Information Security Management Framework?
What are the goals of the Enterprise Information Security Architecture?
What is Threat Modeling?
- What are different methods for performing Threat Modeling?
What is Network Security Zoning?
What layer of security is top priority for securing anything?
What is Incident Response Management?
- What are the steps in the Incidence Management Process?
- Who should an Incident Response Team be made up of?
- What are the responsibilities of an Incident Response Team?
What is a Vulnerability Assessment?
- What types of Vulnerability Assessments are there?
- What are the 5 phases of a Vulnerability Assessment?
- What does each phase include?
What is Penetration Testing?
- Why is Penetration Testing Important?
- What are the major reasons for performing Penetration Testing?
- What are major advantages of Penetration Testing?
- What are the 3 types of Penetration Testing?
What are Security Audits and how do they compare to Vulnerability Assessments and Penetration Testing?
What are the differences between Red Team and Blue Team?
- What are their responsibilities?
What are the 3 phases of Penetration Testing?
- What is involved in all 3 phase of a Penetration Test?
What are Penetration Testing Methodologies?
- What are some examples of methodologies?
What are examples of Information Security Standards?
What are some examples of Information Security Laws?
What is the Industry-Standard Framework and Reference Architecture?
- What are the components built into the Framework?