All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .This is the 4th part
1- Security and privacy of/on information systems are two entities that requires lawful regulations. Which of the following regulations deﬁnes security and privacy controls for Federal information systems and organizations?
A. NIST SP 800-53
C. EU Safe Harbor
2- International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining
A. guidelines and practices for security controls.
B. ﬁnancial soundness and business viability metrics.
C. standard best practice for conﬁguration management.
D. contract agreement writing standards
3- What is the name of the international standard that establishes a baseline level of conﬁdence in the security functionality of IT products by providing a set of requirements for evaluation?
A. Blue Book
B. ISO 26029
C. Common Criteria
D. The Wassenaar Agreement
4- Which of the following guidelines or standards is associated with the credit card industry?
A. Control Objectives for Information and Related Technology (COBIT)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. Payment Card Industry Data Security Standards (PCI DSS)
5- . This international organization regulates billions of transactions daily and provides security guidelines to protect personally identiﬁable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach. Which of the following organizations is being described?
A. Payment Card Industry (PCI)
B. Center for Disease Control (CDC)
C. Institute of Electrical and Electronics Engineers (IEEE)
D. International Security Industry Organization (ISIO)
6- What is not a PCI compliance recommendation?
A. Limit access to card holder data to as few individuals as possible.
B. Use encryption to protect all transmission of card holder data over any public network.
C. Rotate employees handling credit card transactions on a yearly basis to different departments.
D. Use a ﬁrewall between the public network and the payment card data.
7- When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?
A- At least twice a year and after any signiﬁcant infrastructure or application upgrade or modiﬁcation
B- At least once a year and after any signiﬁcant infrastructure or application upgrade or modiﬁcation
C- At least once every two years and after any signiﬁcant infrastructure or application upgrade or modiﬁcation
D- At least once every three years and after any signiﬁcant infrastructure or application upgrade or modiﬁcation
8- Which of the following is NOT an ideal choice for biometric controls?
A. Iris patterns
C. Height and weight
9- What are the three types of authentication?
A. Something you: know, remember, prove
B. Something you: have, know, are
C. Something you: show, prove, are
D. Something you: show, have, prove
10- By using a smart card and pin, you are using a two-factor authentication that satisﬁes
A. Something you know and something you are
B. Something you have and something you know
C. Something you have and something you are
D. Something you are and something you remember
Similar Link ,Visit once
SECURITY TOOLS -Cyber Security # 4
Security Tips – Cyber Security #3
Method Of Defence – Cyber Security #2
Computer Threats – Cyber Security #1
Cyber Security Introduction
>>> CONTACT US < <<