All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .This is 2nd part
1- The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company’s external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check ﬁrst?
A. Investigate based on the maintenance schedule of the affected systems
B. Investigate based on the service level agreements of the systems.
C. Investigate based on the potential effect of the incident.
D. Investigate based on the order that the alerts arrived in.
2- As a Certiﬁed Ethical Hacker, you were contracted by a private ﬁrm to conduct an external security assessment through penetration testing.What document describes the speciﬁcs of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?
B-Rules of Engagement
C-Service Level Agreement
3- In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account’s conﬁdential ﬁles and information. How can he achieve this?
A. Port Scanning
B. Hacking Active Directory
C. Privilege Escalation
4-Least privilege is a security concept that requires that a user is
A. limited to those functions required to do the job.
B. given root or administrative privileges.
C. trusted to keep all data and access to that data under their sole control.
D. given privileges equal to everyone else in the department.
5- When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?A. A bottom-up approach
B. A top-down approach
C. A senior creation approach
D. An IT assurance approach
6- Deﬁning rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?
A. Preparation phase
B. Containment phase
C. Recovery phase
D. Identiﬁcation phas
7- What is the term coined for logging, recording and resolving events in a company?
A. Internal Procedure
B. Security Policy
C. Incident Management Process
8- Describes the speciﬁcs of the testing, the associated violations, and essentially protects both the bank’s interest and your liabilities as a tester?
A. Service Level Agreement
B. Non-Disclosure Agreement
C. Terms of Engagement
D. Project Scope
9- Which initial procedure should an ethical hacker perform after being brought into an organization?
A. Begin security testing.
B. Turn over deliverables.
C. Sign a formal contract with non-disclosure.
D. Assess what the organization is trying to protect
10- Which of the following ensures that updates to policies, procedures, and conﬁgurations are made in a controlled and documented fashion?
A. Regulatory compliance
B. Peer review
C. Change management
D. Penetration testing
Useful Link ,Visit once
SECURITY TOOLS -Cyber Security # 4
Security Tips – Cyber Security #3
Method Of Defence – Cyber Security #2
Computer Threats – Cyber Security #1
Cyber Security Introduction
>>> CONTACT US < <<