Certified Ethical Hacker Examination-Questions & Answers- #4

All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .This is the 4th part


1- Security and privacy of/on information systems are two entities that requires lawful regulations. Which of the following regulations defines security and privacy controls for Federal information systems and organizations?

A. NIST SP 800-53
B. PCI-DSS
C. EU Safe Harbor
D. HIPAA

Answer: A. NIST SP 800-53

2-  International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining
A. guidelines and practices for security controls.
B. financial soundness and business viability metrics.
C. standard best practice for configuration management.
D. contract agreement writing standards

Answer: A. guidelines and practices for security control

3- What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?
A. Blue Book
B. ISO 26029
C. Common Criteria
D. The Wassenaar Agreement

Answer: C. Common Criteria

4- Which of the following guidelines or standards is associated with the credit card industry?
A. Control Objectives for Information and Related Technology (COBIT)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. Payment Card Industry Data Security Standards (PCI DSS)

Answer: D. Payment Card Industry Data Security Standards (PCI DSS)




Related Link
Cyber Security Ethical Hacker Que & Ans-Part-3
Cyber Security Ethical Hacker Que & Ans-Part-2
Cyber Security Ethical Hacker Que & Ans-Part-1

5- . This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach. Which of the following organizations is being described?
A. Payment Card Industry (PCI)
B. Center for Disease Control (CDC)
C. Institute of Electrical and Electronics Engineers (IEEE)
D. International Security Industry Organization (ISIO)

Answer: A. Payment Card Industry (PCI)

6- What is not a PCI compliance recommendation?
A. Limit access to card holder data to as few individuals as possible.
B. Use encryption to protect all transmission of card holder data over any public network.
C. Rotate employees handling credit card transactions on a yearly basis to different departments.
D. Use a firewall between the public network and the payment card data.

Answer: C. Rotate employees handling credit card transactions on a yearly basis to different departments.

7- When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?
A- At least twice a year and after any significant infrastructure or application upgrade or modification
B- At least once a year and after any significant infrastructure or application upgrade or modification
C- At least once every two years and after any significant infrastructure or application upgrade or modification
D- At least once every three years and after any significant infrastructure or application upgrade or modification

Answer: B- At least once a year and after any significant infrastructure or application upgrade or modification

8- Which of the following is NOT an ideal choice for biometric controls?
A. Iris patterns
B. Fingerprints
C. Height and weight
D. Voice

Answer: C. Height and weight

9- What are the three types of authentication?
A. Something you: know, remember, prove
B. Something you: have, know, are
C. Something you: show, prove, are
D. Something you: show, have, prove

Answer: B. Something you: have, know, are

10- By using a smart card and pin, you are using a two-factor authentication that satisfies
A. Something you know and something you are
B. Something you have and something you know
C. Something you have and something you are
D. Something you are and something you remember

Answer: B. Something you have and something you know



Related Link
Computer Networking #1 -Questions and Answers
SQL Database #3 -Questions & Answers
SQL Database #2 -Questions & Answers
SQL Database #1 -Questions & Answers


Similar Link ,Visit once

SECURITY TOOLS -Cyber Security # 4
Security Tips – Cyber Security #3
Method Of Defence – Cyber Security #2
Computer Threats – Cyber Security #1
Cyber Security Introduction
Cyber Security
Science
>>> CONTACT US < <<

Comment Please