All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .This is 3rd part
1- How do employers protect assets with security policies pertaining to employee surveillance activities?
A. Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.
B. Employers use informal verbal communication channels to explain employee monitoring activities to employees.
C. Employers use network surveillance to monitor employee email trafﬁc, network access, and to record employee keystrokes.
D. Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.
2- Which United States legislation mandates that the Chief Executive Ofﬁcer (CEO) and the Chief Financial Ofﬁcer (CFO) must sign statements verifying the completeness and accuracy of ﬁnancial reports?
A. Sarbanes-Oxley Act (SOX)
B. Gramm-Leach-Bliley Act (GLBA)
C. Fair and Accurate Credit Transactions Act (FACTA)
D. Federal Information Security Management Act (FISMA)
3- It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?
A. Containment (Keeping something harmful under control)
B. Eradication (Removing cause of incident)
C. Recovery (Restoration, back to normal)
4- Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?
A. Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security
B. Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure
C. Registration of critical penetration testing for the Department of Homeland Security and public and private sectors
D. Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors
5- Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?
A. CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.
B. CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.
C. CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.
D. CSIRT provides a vulnerability assessment service to assist law enforcement agencies with proﬁling an individual’s property or company’s asset.
6- What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
A. Legal, performance, audit
B. Audit, standards based, regulatory
C. Contractual, regulatory, industry
D. Legislative, contractual, standards based
7- Under the “Post-attack Phase and Activities”, it is the responsibility of the tester to restore the systems to a pretest state. Which of the following activities should not be included in this phase?
I. Removing all ﬁles uploaded on the system
II. Cleaning all registry entries
III. Mapping of network state
IV. Removing all tools and maintaining backdoor for reporting
C. III and IV
D. All should be included It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.
8- Which of the following regulations best matches the description?
C- ISO/IEC 27002
9- Which of the following act requires employers standard national numbers to identify them on standard transactions
10- Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
Related Link ,See once
SECURITY TOOLS -Cyber Security # 4
Security Tips – Cyber Security #3
Method Of Defence – Cyber Security #2
Computer Threats – Cyber Security #1
Cyber Security Introduction
>>> CONTACT US < <<