5.Name and briefly explain one intelligence gathering activity at each of the three levels when finding information about a firm for penetration testing or attack. Level 1 - Fully passive, automatic tools Level 2 - Analysis of information gathered with automatic tools and more in-depth information Level 3 - Active intelligence gathering. 6.Network enumeration can be a valuable tool for system administrators. Briefly describe two ways in which network enumeration can help a network administrator. 7.A company contacts you for help in peforming a sting operation using USB devices that will be distributed around the corporate campus. Company policy prohibits users from using USB drives, but the firm is certain that this policy is not followed, and wants to catch those in violation. To do so, they want you to install a piece of malware which calls home to your server, and sends a few select files to identify the individual braking policy. You are technically capable of doing this, and have some innocuous malware that will do the job.

Should you do this? Why or why not, from an ethical perspective? Justify your answer. 8. List and explain any three points of either the EC-council code of ethics or CREST code of conduct. Explain what they mean to a professional penetration tester.

You may use some points from both codes of conduct, and they do not have to be word-for-word, but must be recognizably from these codes