Login or Sign Up
Menu
Ask a New Question

Which of the following describes an instance of legal hacking?(2 points)

Responses

Grey hat hacking
Grey hat hacking

Security hacking is never legal.
Security hacking is never legal.

Looking for security risks on a product that is excluded from a bug bounty program.
Looking for security risks on a product that is excluded from a bug bounty program.

Penetration testing for a company.
Penetration testing for a company.

Looking for security risks on a product that is excluded from a bug bounty program.

Penetration testing for a company.

The two options that describe an instance of legal hacking are:

1. Looking for security risks on a product that is excluded from a bug bounty program.
2. Penetration testing for a company.

To identify the correct answer, we need to understand what each term means.

1. Grey hat hacking: Grey hat hackers are individuals who operate between the legal and illegal spectrum. They usually carry out hacking activities without seeking permission but with good intentions, such as identifying vulnerabilities and notifying the affected parties. This can be considered an instance of legal hacking, as it involves ethical considerations and intentions.

2. Security hacking is never legal: This response states that security hacking is always illegal. However, this is not entirely true. While unauthorized hacking is generally illegal, there are instances where hacking can be conducted legally, with proper authorization and consent.

3. Looking for security risks on a product that is excluded from a bug bounty program: Bug bounty programs incentivize individuals to find and report vulnerabilities in a company's software or system. If a product is excluded from a bug bounty program, it means that the company does not encourage outsiders to search for security risks on that particular product. Therefore, looking for security risks on an excluded product could potentially be an instance of legal hacking as long as the hacker is acting within the boundaries of the law and has obtained proper authorization or consent from the company.

4. Penetration testing for a company: Penetration testing, also known as pen testing, is a form of security testing where trained professionals simulate real-world attacks on a company's systems to identify vulnerabilities. This is generally conducted with the company's full knowledge and permission, making it a legal form of hacking.

Based on these descriptions, the correct answer that describes an instance of legal hacking is "Looking for security risks on a product that is excluded from a bug bounty program."