100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
Previously searched by you
ETHICAL HACKING ESSENTIALS EXAM ACTUAL EXAM QUESTION BANK COMPLETE 550 QUESTIONS AND DETAILED SOLUTIONS WITH RATIONALES JUST RELEASED THIS YEAR$14.99
Add to cart
ETHICAL HACKING ESSENTIALS EXAM ACTUAL
EXAM QUESTION BANK COMPLETE 550
QUESTIONS AND DETAILED SOLUTIONS WITH
RATIONALES JUST RELEASED THIS YEAR
Question:1. Which of the following would be the best example of a deterrent control?
A. A log aggregation system
B. Hidden cameras onsite
C. A guard posted outside the door
D. Backup recovery systems - CORRECT ANSWER✔✔C. If you're doing something as a deterrent,
you're trying to prevent an attack in the first place. In this physical security deterrent control, a
guard visible outside the door could help prevent physical attacks.
Question: 2. Enacted in 2002, this U.S. law requires every federal agency to implement
information security programs, including significant reporting on compliance and accreditation.
Which of the following is the best choice for this definition?
A. FISMA
B. HIPAA
C. NIST 800-53
1
SUCCESS!
,Page 2 of 296
D. OSSTMM - CORRECT ANSWER✔✔A. FISMA has been around since 2002 and was updated in
2014. It gave certain information security responsibilities to NIST, OMB, and other government
agencies, and declared the Department of Homeland Security (DHS) as the operational lead for
budgets and guidelines on security matters.
Question: 3. Brad has done some research and determined a certain set of systems on his
network fail once every ten years. The purchase price for each of these systems is $1200.
Additionally, Brad discovers the administrators on staff, who earn $50 an hour, estimate five
hours to replace a machine. Five employees, earning $25 an hour, depend on each system and
will be completely unproductive while it is down. If you were to ask Brad for an ALE on these
devices, what should he answer with?
A. $2075
B. $207.50
C. $120
D. $1200 - CORRECT ANSWER✔✔B. ALE = ARO × SLE. To determine ARO, divide the number of
occurrences by the number of years (1 occurrence / 10 years = 0.1). To determine SLE, add the
purchase cost (1200) plus the amount of time to replace (5 × 50 = 250) plus the amount of lost
work (5 hours × 5 employees × 25 = 625). In this case, it all adds up to $2075. ALE = 0.1 × 2075,
or $207.50.
Question: 4. An ethical hacker is hired to test the security of a business network. The CEH is
given no prior knowledge of the network and has a specific framework in which to work,
defining boundaries, nondisclosure agreements, and the completion date. Which of the
following is a true statement?
2
SUCCESS!
,Page 3 of 296
A. A white hat is attempting a black-box test.
B. A white hat is attempting a white-box test.
C. A black hat is attempting a black-box test.
D. A black hat is attempting a gray-box test. - CORRECT ANSWER✔✔A. In this example, an
ethical hacker was hired under a specific agreement, making him a white hat. The test he was
hired to perform is a no-knowledge attack, making it a black-box test.
Question: 5. When an attack by a hacker is politically motivated, the hacker is said to be
participating in which of the following?
A. Black-hat hacking
B. Gray-box attacks
C. Gray-hat attacks
D. Hacktivism - CORRECT ANSWER✔✔D. Hackers who use their skills and talents to forward a
cause or a political agenda are practicing hacktivism.
Question: 6. Two hackers attempt to crack a company's network resource security. One is
considered an ethical hacker, whereas the other is not. What distinguishes the ethical hacker
from the "cracker"?
A. The cracker always attempts white-box testing.
B. The ethical hacker always attempts black-box testing.
C. The cracker posts results to the Internet.
3
SUCCESS!
, Page 4 of 296
D. The ethical hacker always obtains written permission before testing. - CORRECT
ANSWER✔✔D. The ethical hacker always obtains written permission before testing and never
performs a test without it!
Question: 7. In which stage of an ethical hack would the attacker actively apply tools and
techniques to gather more in-depth information on the targets?
A. Active reconnaissance
B. Scanning and enumeration
C. Gaining access
D. Passive reconnaissance - CORRECT ANSWER✔✔B. The second of the five phases of an ethical
hack attempt, scanning and enumeration, is the step where ethical hackers take the information
they gathered in recon and actively apply tools and techniques to gather more in-depth
information on the targets.
Question: 8. Which type of attack is generally conducted as an inside attacker with elevated
privileges on the resources?
A. Gray box
B. White box
C. Black box
D. Active reconnaissance - CORRECT ANSWER✔✔B. A white-box attack is intended to simulate
an internal attacker with elevated privileges, such as a network administrator.
4
SUCCESS!
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Ressy. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.
