Ethical Hacking Chapter 1 Test
Questions and Correct Answers
1. Which of the following would be the best example of a deterrent control?
A. A log aggregation system
B. Hidden cameras onsite
C. A guard posted outside the door
D. Backup recovery systems ✅C. If you're doing something as a deterrent, you're
trying to prevent an attack in the first place. In this physical security deterrent control, a
guard visible outside the door could help prevent physical attacks.
2. Enacted in 2002, this U.S. law requires every federal agency to implement
information security programs, including significant reporting on compliance and
accreditation. Which of the following is the best choice for this definition?
A. FISMA
B. HIPAA
C. NIST 800-53
D. OSSTMM ✅A. FISMA has been around since 2002 and was updated in 2014. It
gave certain information security responsibilities to NIST, OMB, and other government
agencies, and declared the Department of Homeland Security (DHS) as the operational
lead for budgets and guidelines on security matters.
3. Brad has done some research and determined a certain set of systems on his
network fail once every ten years. The purchase price for each of these systems is
$1200. Additionally, Brad discovers the administrators on staff, who earn $50 an hour,
estimate five hours to replace a machine. Five employees, earning $25 an hour, depend
on each system and will be completely unproductive while it is down. If you were to ask
Brad for an ALE on these devices, what should he answer with?
A. $2075
B. $207.50
C. $120
D. $1200 ✅B. ALE = ARO × SLE. To determine ARO, divide the number of
occurrences by the number of years (1 occurrence / 10 years = 0.1). To determine SLE,
add the purchase cost (1200) plus the amount of time to replace (5 × 50 = 250) plus the
amount of lost work (5 hours × 5 employees × 25 = 625). In this case, it all adds up to
$2075. ALE = 0.1 × 2075, or $207.50.
4. An ethical hacker is hired to test the security of a business network. The CEH is given
no prior knowledge of the network and has a specific framework in which to work,
defining boundaries, nondisclosure agreements, and the completion date. Which of the
following is a true statement?
A. A white hat is attempting a black-box test.
B. A white hat is attempting a white-box test.
C. A black hat is attempting a black-box test.
Questions and Correct Answers
1. Which of the following would be the best example of a deterrent control?
A. A log aggregation system
B. Hidden cameras onsite
C. A guard posted outside the door
D. Backup recovery systems ✅C. If you're doing something as a deterrent, you're
trying to prevent an attack in the first place. In this physical security deterrent control, a
guard visible outside the door could help prevent physical attacks.
2. Enacted in 2002, this U.S. law requires every federal agency to implement
information security programs, including significant reporting on compliance and
accreditation. Which of the following is the best choice for this definition?
A. FISMA
B. HIPAA
C. NIST 800-53
D. OSSTMM ✅A. FISMA has been around since 2002 and was updated in 2014. It
gave certain information security responsibilities to NIST, OMB, and other government
agencies, and declared the Department of Homeland Security (DHS) as the operational
lead for budgets and guidelines on security matters.
3. Brad has done some research and determined a certain set of systems on his
network fail once every ten years. The purchase price for each of these systems is
$1200. Additionally, Brad discovers the administrators on staff, who earn $50 an hour,
estimate five hours to replace a machine. Five employees, earning $25 an hour, depend
on each system and will be completely unproductive while it is down. If you were to ask
Brad for an ALE on these devices, what should he answer with?
A. $2075
B. $207.50
C. $120
D. $1200 ✅B. ALE = ARO × SLE. To determine ARO, divide the number of
occurrences by the number of years (1 occurrence / 10 years = 0.1). To determine SLE,
add the purchase cost (1200) plus the amount of time to replace (5 × 50 = 250) plus the
amount of lost work (5 hours × 5 employees × 25 = 625). In this case, it all adds up to
$2075. ALE = 0.1 × 2075, or $207.50.
4. An ethical hacker is hired to test the security of a business network. The CEH is given
no prior knowledge of the network and has a specific framework in which to work,
defining boundaries, nondisclosure agreements, and the completion date. Which of the
following is a true statement?
A. A white hat is attempting a black-box test.
B. A white hat is attempting a white-box test.
C. A black hat is attempting a black-box test.
