Certified Ethical Hacker Examination Questions & Answers- #1

All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .


1. Which of the following is a detective control?

A. Smart card authentication
B. Security policy
C. Audit trail
D. Continuity of operations plan .

Answer: C. Audit trail

2- Which of the following is a preventive control?
A. Smart card authentication
B. Security policy
C. Audit trail
D. Continuity of operations plan

Answer: A. Smart card authentication



3- A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee’s new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location.During a meeting with an outside consultant, the Chief Security Officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the Network Administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis. Which of the following is an issue with the situation?
A. Segregation of duties
B. Undue influence
C. Lack of experience
D. Inadequate disaster recovery plan

Answer: A. Segregation of duties

4- A company has hired a security administrator to maintain and administer Linux and Windows based systems.Written in the nightly report file is the following:Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.
Which of the following actions should the security administrator take?

A. Log the event as suspicious activity and report this behavior to the incident response team immediately.
B. Log the event as suspicious activity, call a manager, and report this as soon as possible.
C. Run an anti-virus scan because it is likely the system is infected by malware.
D. Log the event as suspicious activity, continue to investigate, and act according to the site’s security policy.

Answer: D. Log the event as suspicious activity, continue to investigate, and act according to the site’s security policy.

5- The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?
A. Physical
B. Procedural
C. Technical
D. Compliance

Answer: B. Procedural

6-Which of the following business challenges could be solved by using a vulnerability scanner?
A. Auditors want to discover if all systems are following a standard naming convention.
B. A web server was compromised and management needs to know if any further systems were compromised.
C. There is an emergency need to remove administrator access from multiple machines for an employee that quit.
D. There is a monthly requirement to test corporate compliance with host application usage and security policies.

Answer: D. There is a monthly requirement to test corporate compliance with host application usage and security policies.



7- How can a policy help improve an employee’s security awareness?
A. By implementing written security procedures, enabling employee security training, and promoting the benefits of security
B. By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees
C. By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line
D. By decreasing an employee’s vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Answer: A. By implementing written security procedures, enabling employee security training, and promoting the benefits of security

8- Due to a slowdown of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?
A. All of the employees would stop normal work activities
B. IT department would be telling employees who the boss is
C. Not informing the employees that they are going to be monitored could be an invasion of privacy.
D. The network could still experience traffic slow down.

Answer: C. Not informing the employees that they are going to be monitored could be an invasion of privacy.

9- Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?
A. a port scanner
B. a vulnerability scanner
C. a virus scanner
D. a malware scanner

Answer: B. a vulnerability scanner

10- Which of the following processes evaluates the adherence of an organization to its stated security policy?
A. Vulnerability assessment
B. Penetration testing
C. Risk assessment
D. Security auditing

Answer: D. Security auditing



Related Link
Computer Networking #1 -Questions and Answers
SQL Database #3 -Questions & Answers
SQL Database #2 -Questions & Answers
SQL Database #1 -Questions & Answers


Related Link ,See once

SECURITY TOOLS -Cyber Security # 4
Security Tips – Cyber Security #3
Method Of Defence – Cyber Security #2
Computer Threats – Cyber Security #1
Cyber Security Introduction
Cyber Security
Science
>>> CONTACT US < <<

Comment Please