Certified Ethical Hacker Examination-Questions & Answers- #3

All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .This is 3rd part


1- How do employers protect assets with security policies pertaining to employee surveillance activities?

A. Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.
B. Employers use informal verbal communication channels to explain employee monitoring activities to employees.
C. Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.
D. Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Answer: D. Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences

2- Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?
A. Sarbanes-Oxley Act (SOX)
B. Gramm-Leach-Bliley Act (GLBA)
C. Fair and Accurate Credit Transactions Act (FACTA)
D. Federal Information Security Management Act (FISMA)

Answer: A. Sarbanes-Oxley Act (SOX)

3- It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?
A. Containment (Keeping something harmful under control)
B. Eradication (Removing cause of incident)
C. Recovery (Restoration, back to normal)
D. Discovery

Answer: A. Containment (Keeping something harmful under control)

4- Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?
A. Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security
B. Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure
C. Registration of critical penetration testing for the Department of Homeland Security and public and private sectors
D. Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Answer: A. Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security



Related Link
Certified Ethical Hacker- Q & A – Part-4
Certified Ethical Hacker- Q & A – Part-2
Certified Ethical Hacker- Q & A – Part-1

5- Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?
A. CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.
B. CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.
C. CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.
D. CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual’s property or company’s asset.

Answer: A. CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

6- What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
A. Legal, performance, audit
B. Audit, standards based, regulatory
C. Contractual, regulatory, industry
D. Legislative, contractual, standards based

Answer: D. Legislative, contractual, standards based

7- Under the “Post-attack Phase and Activities”, it is the responsibility of the tester to restore the systems to a pretest state. Which of the following activities should not be included in this phase?
I. Removing all files uploaded on the system
II. Cleaning all registry entries
III. Mapping of network state
IV. Removing all tools and maintaining backdoor for reporting
A. III
B. IV
C. III and IV
D. All should be included It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.

Answer: A. III

8- Which of the following regulations best matches the description?
A- COBIT
B- FISMA
C- ISO/IEC 27002
D- HIPAA

Answer: D- HIPAA

9- Which of the following act requires employers standard national numbers to identify them on standard transactions
A-PCI-DSS
B-HIPAA
C-DMCA
D-SOX

Answer: B-HIPAA

10- Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
A. Truecrypt
B. Sub7
C. Nessus
D. Clamwin

Answer: C. Nessus




Related Link
Computer Networking #1 -Questions and Answers
SQL Database #3 -Questions & Answers
SQL Database #2 -Questions & Answers
SQL Database #1 -Questions & Answers


Related Link ,See once

SECURITY TOOLS -Cyber Security # 4
Security Tips – Cyber Security #3
Method Of Defence – Cyber Security #2
Computer Threats – Cyber Security #1
Cyber Security Introduction
Cyber Security
Science
>>> CONTACT US < <<