Certified Ethical Hacker (CEH) v.10 Practice Questions and Answers
1 vue 0 achat
Cours
Certified Ethical Hacker v.10 Practice Quest
Établissement
Certified Ethical Hacker V.10 Practice Quest
Which of the following is the best example of a deterrent control?
A. A log aggregation system
B. Hidden cameras onsite.
C. A guard posted outside the door.
D. Backup recovery systems. Correct answer- C. A guard posted outside the door.
Deterrents have to be visible to prevent an attack. A gua...
certified ethical hacker ceh v10 practice questions and answers
which of the following is the best example of a deterrent control
this us law requires every federal agency to impl
École, étude et sujet
Certified Ethical Hacker v.10 Practice Quest
Tous les documents sur ce sujet (3)
Vendeur
S'abonner
EvaTee
Avis reçus
Aperçu du contenu
Certified Ethical Hacker (CEH) v.10
Practice Questions and Answers
Which of the following is the best example of a deterrent control?
A. A log aggregation system
B. Hidden cameras onsite.
C. A guard posted outside the door.
D. Backup recovery systems. Correct answer- C. A guard posted outside the door.
Deterrents have to be visible to prevent an attack. A guard visible outside the door could
help prevent physical attacks.
Enacted in 2002, this US law requires every federal agency to implement information
security programs, including significant reporting on compliance and accreditation.
Which of the following is the best choice for this definition?
A. FISMA
B. HIPAA
C. NIST 800-53
D. OSSTMM Correct answer- A. FISMA (Federal Information Security Management Act)
FISMA has been around since 2002 and was updated in 2014. It gave information
security responsibilities to NIST, OMB, and other government agencies, and declared
the Department of Homeland Security (DHS) as the operational lead for budgets and
guidelines on security matters.
Brad has done some research and determined that a certain set of systems on his
network fail once every ten years. The purchase price for each of these systems is
$1200. Brad also discovers that the admins on staff, who earn $50 an hour, estimate
five hours to replace a machine. Five employees, earning $25 an hour, depend on each
system and will be completely unproductive while it's down. What is the ALE of these
devices?
A. $2075
B. $207.50
C. $120
D. $1200 Correct answer- B. $207.50
ARO = 1 Occurrence/10 years = 0.1
SLE = $1200 + (5 x 50 = 250) + (5 x 5 x 25 = 625) = $2075
$2075 x 0.1 = $207.50
An ethical hacker is hired to test the security of a business network. The CEH is given
no prior knowledge of the network and has a specific framework in which to work,
,defining boundaries, NDAs, and the completion data. Which of the following is a true
statement?
A. A white hat is attempting a black box test.
B. A white hat is attempting a white box test.
C. A black hat is attempting a black box test.
D. A black hat is attempting a gray box test. Correct answer- A. A white hat is
attempting a black box test.
An ethical hacker hired under a specific agreement is a white hat.
When an attack by a hacker is politically motivated, the hacker is said to be participating
in which of the following?
A. Black Hat Hacking
B. Gray Box Attacks
C. Gray Hat Attacks
D. Hacktivism Correct answer- D. Hacktivism
Two hackers attempt to crack a company's network resource security. One is
considered an ethical hacker, whereas the other is not. What distinguishes the ethical
hacker from the "cracker"?
A. The cracker always attempts white box testing.
B. The ethical hacker always attempts black box testing.
C. The cracker posts results to the Internet.
D. The ethical hacker always obtains written permission before testing. Correct answer-
D. The ethical hacker always obtains written permission before testing.
In which stage of an ethical hack would the attacker actively apply tools and techniques
to gather more in-depth information on their targets?
A. Active Reconnaissance
B. Scanning and enumeration
C. Gaining Access
D. Passive Reconnaissance Correct answer- B. Scanning and enumeration
Which type of attack is generally conducted as an inside attacker with elevated
privileges on the resources?
A. Gray Box
B. White Box
C. Black Box
D. Active Reconnaissance Correct answer- B. White Box
Which of the following Common Criteria processes refers to the system or product being
tested?
A. ST
B. PP
C. EAL
D. TOE Correct answer- D. TOE (Target of Evaluation)
, Your company has a document that spells out exactly what employees are allowed to
do on their computer systems. It also defines what is prohibited and what consequences
await those who break the rules. A copy of this document is signed by all employees
prior to their network access. Which of the following best describes this policy?
A. Information Security Policy
B. Special Access Policy
C. Information Audit Policy
D. Network Connection Policy Correct answer- A. Information Security Policy
The Information Security Policy, sometimes known as the Acceptable Use Policy,
defines what is allowed and not allowed, and what the consequences are for
misbehavior in regard to resources on the corporate network.
Sally is a member of a pen test team newly hired to test a bank's security. She begins
searching for IP addresses the bank may own by searching public records on the
Internet. She also looks up news articles and job postings to discover information that
may be valuable. In what phase of the pen test is Sally working?
A. Preparation
B. Assessment
C. Conclusion
D. Reconnaissance Correct answer- B. Assessment
The Assessment phase is where all the activity takes place, including the passive
information gathering performed by Sally in this example.
Joe is a security engineer for a firm. His company downsizes, and Joe discovers he will
be laid off within a short amount of time. Joe plants viruses and sets about destroying
data and settings throughout the network, with no regard to being caught. Which type of
hacker is Joe considered to be?
A. Hacktivist
B. Suicide Hacker
C. Black Hat
D. Script Kiddie Correct answer- B. Suicide Hacker
Elements of security include confidentiality, integrity, and availability. Which technique
provides for integrity?
A. Encryption
B. UPS
C. Hashing
D. Passwords Correct answer- C. Hashing
Which of the following best describes an effort to identify systems that are critical for
continuation of operation for the organization?
A. BCP
B. BIA
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur EvaTee. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour €12,43. Vous n'êtes lié à rien après votre achat.
