100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Certified Ethical Hacker CEH v10 Practice Questions with Complete and Verified Answers $20.49   Add to cart

Exam (elaborations)

Certified Ethical Hacker CEH v10 Practice Questions with Complete and Verified Answers

 0 view  0 purchase
  • Course
  • Institution

Certified Ethical Hacker (CEH) v.10 Practice Questions with Complete and Verified Answers

Preview 4 out of 33  pages

  • February 22, 2024
  • 33
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
Certified Ethical Hacker (CEH) v.10 Practice
Questions with Complete and Verified Answers

1). Which of the following is the best example of a deterrent control?
a. a log aggregation system
b. hidden cameras onsite.
c. a guard posted outside the door.
d. backup recovery systems.

 Ans: C. A guard posted outside the door.

Deterrents have to be visible to prevent an attack. A guard visible outside the door could
help prevent physical attacks.


2). Enacted in 2002, this us law requires every federal agency to implement information
security programs, including significant reporting on compliance and accreditation. which
of the following is the best choice for this definition?
a. fisma
b. hipaa
c. nist 800-53
d. osstmm

 Ans: A. FISMA (Federal Information Security Management Act)

FISMA has been around since 2002 and was updated in 2014. It gave information
security responsibilities to NIST, OMB, and other government agencies, and declared the
Department of Homeland Security (DHS) as the operational lead for budgets and
guidelines on security matters.


3). Brad has done some research and determined that a certain set of systems on his network
fail once every ten years. the purchase price for each of these systems is $1200. brad also
discovers that the admins on staff, who earn $50 an hour, estimate five hours to replace a
machine. five employees, earning $25 an hour, depend on each system and will be
completely unproductive while it's down. what is the ale of these devices?
a. $2075
b. $207.50
c. $120
d. $1200




PaperStoc.com Page 1 of 33

,  Ans: B. $207.50

ARO = 1 Occurrence/10 years = 0.1
SLE = $1200 + (5 x 50 = 250) + (5 x 5 x 25 = 625) = $2075
$2075 x 0.1 = $207.50


4). An ethical hacker is hired to test the security of a business network. the ceh is given no
prior knowledge of the network and has a specific framework in which to work, defining
boundaries, ndas, and the completion data. which of the following is a true statement?
a. a white hat is attempting a black box test.
b. a white hat is attempting a white box test.
c. a black hat is attempting a black box test.
d. a black hat is attempting a gray box test.

 Ans: A. A white hat is attempting a black box test.

An ethical hacker hired under a specific agreement is a white hat.


5). When an attack by a hacker is politically motivated, the hacker is said to be participating in
which of the following?
a. black hat hacking
b. gray box attacks
c. gray hat attacks
d. hacktivism

 Ans: D. Hacktivism


6). Two hackers attempt to crack a company's network resource security. one is considered
an ethical hacker, whereas the other is not. what distinguishes the ethical hacker from the
"cracker"?
a. the cracker always attempts white box testing.
b. the ethical hacker always attempts black box testing.
c. the cracker posts results to the internet.
d. the ethical hacker always obtains written permission before testing.

 Ans: D. The ethical hacker always obtains written permission before testing.


7). In which stage of an ethical hack would the attacker actively apply tools and techniques to
gather more in-depth information on their targets?
a. active reconnaissance
b. scanning and enumeration




PaperStoc.com Page 2 of 33

, c. gaining access
d. passive reconnaissance

 Ans: B. Scanning and enumeration


8). Which type of attack is generally conducted as an inside attacker with elevated privileges
on the resources?
a. gray box
b. white box
c. black box
d. active reconnaissance

 Ans: B. White Box


9). Which of the following common criteria processes refers to the system or product being
tested?
a. st
b. pp
c. eal
d. toe

 Ans: D. TOE (Target of Evaluation)


10). Your company has a document that spells out exactly what employees are allowed to do
on their computer systems. it also defines what is prohibited and what consequences
await those who break the rules. a copy of this document is signed by all employees prior
to their network access. which of the following best describes this policy?
a. information security policy
b. special access policy
c. information audit policy
d. network connection policy

 Ans: A. Information Security Policy

The Information Security Policy, sometimes known as the Acceptable Use Policy, defines
what is allowed and not allowed, and what the consequences are for misbehavior in
regard to resources on the corporate network.


11). Sally is a member of a pen test team newly hired to test a bank's security. she begins
searching for ip addresses the bank may own by searching public records on the internet.
she also looks up news articles and job postings to discover information that may be
valuable. in what phase of the pen test is sally working?
a. preparation



PaperStoc.com Page 3 of 33

, b. assessment
c. conclusion
d. reconnaissance

 Ans: B. Assessment

The Assessment phase is where all the activity takes place, including the passive
information gathering performed by Sally in this example.


12). Joe is a security engineer for a firm. his company downsizes, and joe discovers he will be
laid off within a short amount of time. joe plants viruses and sets about destroying data
and settings throughout the network, with no regard to being caught. which type of hacker
is joe considered to be?
a. hacktivist
b. suicide hacker
c. black hat
d. script kiddie

 Ans: B. Suicide Hacker


13). Elements of security include confidentiality, integrity, and availability. which technique
provides for integrity?
a. encryption
b. ups
c. hashing
d. passwords

 Ans: C. Hashing


14). Which of the following best describes an effort to identify systems that are critical for
continuation of operation for the organization?
a. bcp
b. bia
c. mtd
d. drp

 Ans: B. BIA (Business Impact Analysis)

A BIA is the actual process to identify those critical systems.


15). Which of the following would be the best choice for footprinting restricted urls and os
information from a target?
a. www.archive.org



PaperStoc.com Page 4 of 33

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Academik001. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $20.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75759 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$20.49
  • (0)
  Add to cart