Certified Ethical Hacker Examination-Questions & Answers- #12

All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .This is the 12th part


1- . A hacker is an intelligent individual with excellent computer skills that grant them the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to individual who work both offensively and defensively at various times?

A. Gray Hat
B. Black Hat
C. Suicide Hacker (Don’t bother suffering long term jail)
D. White Hat

Answer: A. Gray Hat

2- . Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of vulnerability. What is this style of attack called?
A. zero-day
B. zero-hour
C. zero-sum
D. no-day

Answer: A. zero-day




Related Link=> Previous post of Ethical Hacker Examination Que & Ans.
Part-7 , Part-8 , Part-9 , Part-10 , Part-11
Part-6 , Part-5 , Part-4 , Part-3 , Part-2 , Part-1

3- . A newly discovered flaw in a software application would be considered which kind of security vulnerability?
A. Input validation flaw
B. HTTP header injection vulnerability
C. 0-day vulnerability
D. Time-to-check to time-to-use flaw

Answer: C. 0-day vulnerability

4- Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developer decided to add some 3rd party tools on it. The tools are written in Javascript and can track the customers’ activity on the site. These tools are located on the servers of the marketing company. What is the main security risk associated with this scenario?

Answer: External script contents could be maliciously modified without the security team knowledge

5- An IT employee got a call from one of our best customers. The caller wanted to know about the company’s network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?
A. Since the company’s policy is all about Customer Service, he/she will provide information.
B. Disregarding the call, the employee should hang up.
C. The employee should not provide any information without previous management authorization.
D. The employees can not provide any information; but, anyway, he/she will provide the name of the person in charge

Answer: C. The employee should not provide any information without previous management authorization.

6- A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?
A.Ignore it.
B. Try to sell the information to a well-paying party on the dark web.
C. Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem.
D. Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability.

Answer: Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability.




Related Link=> Previous post of Ethical Hacker Examination Que & Ans.
Part-7 , Part-8 , Part-9 , Part-10 , Part-11
Part-6 , Part-5 , Part-4 , Part-3 , Part-2 , Part-1

7- To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?
A. Harvesting
B. Windowing
C. Hardening
D. Stealthing

Answer: C. Hardening

8- . An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?
A. Announced
B. Piggybacking
C. Reverse Social Engineering
D. Tailgating

Answer: Tailgating

9- Jimmy is standing outside a secure entrance to a facility. He is pretending to having a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close. What just happened?
A. Masquerading
B. Whaling
C. Phishing
D.Tailgating (Piggybacking)

Answer: D.Tailgating (Piggybacking)

10- It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data. Which of the following terms best matches the definition?
A. Threat
B. Attack
C. Vulnerability
D. Risk

Answer: A. Threat



Related Link
Computer Networking #1 -Questions and Answers
SQL Database #3 -Questions & Answers
SQL Database #2 -Questions & Answers
SQL Database #1 -Questions & Answers


Related Link ,See once

SECURITY TOOLS -Cyber Security # 4
Security Tips – Cyber Security #3
Method Of Defence – Cyber Security #2
Computer Threats – Cyber Security #1
Cyber Security Introduction
Cyber Security
Science
>>> CONTACT US < <<

Comment Please