Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
The Open Systems Interconnection (OSI) model is a conceptual model created by the International Organization for Standardization, which enables diverse communication systems to communicate using standard protocols. Which of the following statements best describes the network layer in the OSI model?
Correct
The network layer is responsible for facilitating data transfer between two different networks. It breaks up segments from the transport layer into smaller units, called packets, on the sender’s device, and reassembling these packets on the receiving device. The network layer also finds the best physical path for the data to reach its destination.
Incorrect
The network layer is responsible for facilitating data transfer between two different networks. It breaks up segments from the transport layer into smaller units, called packets, on the sender’s device, and reassembling these packets on the receiving device. The network layer also finds the best physical path for the data to reach its destination.
-
Question 2 of 10
2. Question
The three-way handshake is a method used in the TCP/IP network to create a connection between a local host/client and server. Which of the following statements defines the second step in the three-way handshake?
Correct
The three-way handshake is consists of three steps:
Step 1 (SYN) A connection between server and client is established. The client node sends an SYN data packet over an IP network to a server on the same external network.
Step 2 (SYN + ACK) The server receives the SYN packet from the client node. When the server receives the SYN packet from the client node, it responds and returns a confirmation receipt, the SYN/ACK packet. This packet includes two sequence numbers.
Step 3 (ACK) Client node receives the SYN/ACK from the server and responds with an ACK packet. Each side must acknowledge the sequence number received by incrementing it by one.Incorrect
The three-way handshake is consists of three steps:
Step 1 (SYN) A connection between server and client is established. The client node sends an SYN data packet over an IP network to a server on the same external network.
Step 2 (SYN + ACK) The server receives the SYN packet from the client node. When the server receives the SYN packet from the client node, it responds and returns a confirmation receipt, the SYN/ACK packet. This packet includes two sequence numbers.
Step 3 (ACK) Client node receives the SYN/ACK from the server and responds with an ACK packet. Each side must acknowledge the sequence number received by incrementing it by one. -
Question 3 of 10
3. Question
The Business Impact Analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency. It includes the measurements of the maximum tolerable downtime (MTD). Which of the following statements best describes MTD?
Correct
The maximum tolerable downtime (MTD) is the absolute maximum length of time that your important applications, data, or hardware can be unavailable before irreversible damage has been done to your business.
Incorrect
The maximum tolerable downtime (MTD) is the absolute maximum length of time that your important applications, data, or hardware can be unavailable before irreversible damage has been done to your business.
-
Question 4 of 10
4. Question
Security policy is a written document in an organization outlining how to protect the organization from threats, including computer security threats, and how to handle situations when they do occur. Which of the following statements best describes the access control policy?
Correct
The access control policy outlines the regulations placed on both physical access to the computer system and the software to control access to computer networks and data.
Incorrect
The access control policy outlines the regulations placed on both physical access to the computer system and the software to control access to computer networks and data.
-
Question 5 of 10
5. Question
A hacker is defined as a person who uses a specialized set of tools, techniques, knowledge, and skills to bypass computer security measures to infiltrate a computer system. Which of the following statements best describes a cyberterrorist?
Correct
A cyberterrorist is a type of hacker who is motivated by religious or political beliefs to create fear and large-scale systems disruption.
Incorrect
A cyberterrorist is a type of hacker who is motivated by religious or political beliefs to create fear and large-scale systems disruption.
-
Question 6 of 10
6. Question
Ethical hacking is the process of penetrating a system or network to find threats and vulnerabilities in those systems, which a malicious attacker may find and exploit causing loss of data, financial loss, or other major damages. ECC outlined the standard hack as having five phases. Which of the following statements best defines the reconnaissance phase in ethical hacking?
Correct
Reconnaissance is the initial phase of ethical hacking. It can either be passive or active. Passive reconnaissance involves gathering information about your target without their knowledge, whereas active reconnaissance uses tools and techniques that may or may not be discovered but put your activities as a hacker at more risk of discovery.
Incorrect
Reconnaissance is the initial phase of ethical hacking. It can either be passive or active. Passive reconnaissance involves gathering information about your target without their knowledge, whereas active reconnaissance uses tools and techniques that may or may not be discovered but put your activities as a hacker at more risk of discovery.
-
Question 7 of 10
7. Question
A penetration test is defined as a full-scale test of the security controls of a system or network to identify security risks and vulnerabilities. There are three different types of penetration testing: black-box testing, white-box testing, and gray-box testing. Which of the following statements does not describe black-box testing?
Correct
During black-box testing, the ethical hacker has no knowledge of the target of evaluation. This type of test focuses solely on the threat outside the organization and does not take into account any trusted users on the inside. This test also takes the most amount of time to complete, and is the most expensive option.
Incorrect
During black-box testing, the ethical hacker has no knowledge of the target of evaluation. This type of test focuses solely on the threat outside the organization and does not take into account any trusted users on the inside. This test also takes the most amount of time to complete, and is the most expensive option.
-
Question 8 of 10
8. Question
In ethical hacking, there are a variety of laws and standards ethical hackers must be familiar with. What is this law, which is enacted to make corporate disclosures more accurate and reliable to protect the public and investors from shady behavior?
Correct
The Sarbanes-Oxley Act (SOX) was signed into law on July 30, 2002. The act is created to oversee the financial reporting landscape for finance professionals. Its purpose is to review legislative audit requirements and to protect investors by improving the accuracy and reliability of corporate disclosures.
Incorrect
The Sarbanes-Oxley Act (SOX) was signed into law on July 30, 2002. The act is created to oversee the financial reporting landscape for finance professionals. Its purpose is to review legislative audit requirements and to protect investors by improving the accuracy and reliability of corporate disclosures.
-
Question 9 of 10
9. Question
Footprinting is the process of seeking out information that can be used to facilitate an attack. Which of the following descriptions defines pseudonymous footprinting?
Correct
Pseudonymous footprinting is the method of collecting information about a target that might be published under a different/pen name in an attempt to preserve privacy.
Incorrect
Pseudonymous footprinting is the method of collecting information about a target that might be published under a different/pen name in an attempt to preserve privacy.
-
Question 10 of 10
10. Question
Passive footprinting refers to measures to collect information from publicly accessible sources. Passive information gathering contains the pursuit and acquisition of competitive intelligence. Which of the following statements best describes competitive intelligence?
Correct
Competitive intelligence is the process of gathering information by a business entity about its competitor’s customers, products, and marketing. Most of this information is available and can be acquired through different channels. This method is an expected behavior mostly done by companies to pull and analyze information.
Incorrect
Competitive intelligence is the process of gathering information by a business entity about its competitor’s customers, products, and marketing. Most of this information is available and can be acquired through different channels. This method is an expected behavior mostly done by companies to pull and analyze information.