Q1. Please read the below paragraph and write your opinion with 150 words with intext citation and references.
To know their security posture and understand its risks, many organizations choose to hire an ethical hacker, or penetration tester, to perform attack simulations. A penetration tester will use the same tools and tactics as a malicious attacker, but in a controlled and secure way. This allows an organization to understand how a bad actor might get into the environment, how they might move around inside of the environment, and how they might exfiltrate data. This also enables the organization to determine the impact of attacks and identify weaknesses. Emulating attacks allows an organization to test the effectiveness of security defenses and monitoring tools. Defense strategies can then be refined based on lessons learned. A penetration test is more than a vulnerability scan. During a vulnerability scan, an automated scanning product is used to probe the ports and services on a range of IP addresses. Most of these tools gather information about the system and software and correlate the information with known vulnerabilities. This results in a list of vulnerabilities, but it does not provide an idea of the impact those vulnerabilities could have on the environment.
Q2. Please read the below paragraph and write your opinion with 150 words with intext citation and references.
A good case scenario that brings out ethics in gray hacking is when a gray hacker asks for permission to intrude on a system to prove a point on the weakness of the system. The hacker can get such permission from the respective organization that owns the rights to the said system. The gray hacker may go ahead becoming unethical if they identify a problem within the network and fail to report the findings to the company or the developer. This means that the gray hacker’s intention was to benefit from the intrusion. A gray hacker may also at some point intrude on a network that is under attack from a black hat hacker with the intention of salvaging the situation. A good case scenario is a situation whereby terrorists attack a flight network and it becomes hard for white hat hackers to reverse the situation. The gray hat hacker may get into the network, attack the black hat hacker and hand over the system back to the network providers hence the actions and intentions are regarded as ethical.