Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
What is this security standard which is created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI), and is defined as an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks?
Correct
Control Objects for Information and Related Technology (COBIT) is a framework that allows managers to bridge the gap between control requirements, technical issues, and business risks. COBIT aims to help organizations that are looking to develop, implement, monitor, and improve IT governance and information management. It enables clear policy development, good practice, and emphasizes regulatory compliance.
Incorrect
Control Objects for Information and Related Technology (COBIT) is a framework that allows managers to bridge the gap between control requirements, technical issues, and business risks. COBIT aims to help organizations that are looking to develop, implement, monitor, and improve IT governance and information management. It enables clear policy development, good practice, and emphasizes regulatory compliance.
-
Question 2 of 10
2. Question
The three-way handshake is a method used in the TCP/IP network to create a connection between a local host/client and server. Which of the following statements defines the third step in the three-way handshake?
Correct
The three-way handshake is consists of three steps:
Step 1 (SYN) A connection between server and client is established. The client node sends an SYN data packet over an IP network to a server on the same external network.
Step 2 (SYN + ACK) The server receives the SYN packet from the client node. When the server receives the SYN packet from the client node, it responds and returns a confirmation receipt, the SYN/ACK packet. This packet includes two sequence numbers.
Step 3 (ACK) Client node receives the SYN/ACK from the server and responds with an ACK packet. Each side must acknowledge the sequence number received by incrementing it by one.Incorrect
The three-way handshake is consists of three steps:
Step 1 (SYN) A connection between server and client is established. The client node sends an SYN data packet over an IP network to a server on the same external network.
Step 2 (SYN + ACK) The server receives the SYN packet from the client node. When the server receives the SYN packet from the client node, it responds and returns a confirmation receipt, the SYN/ACK packet. This packet includes two sequence numbers.
Step 3 (ACK) Client node receives the SYN/ACK from the server and responds with an ACK packet. Each side must acknowledge the sequence number received by incrementing it by one. -
Question 3 of 10
3. Question
A network security zone is an administrative name for a collection of systems that require the same access control policy. Which of the following statements best describes a production network zone?
Correct
A production network zone is a very restricted zone wherein access must be strictly controlled. This zone is typically bounded by one or more firewalls that filter incoming and outgoing traffic.
Incorrect
A production network zone is a very restricted zone wherein access must be strictly controlled. This zone is typically bounded by one or more firewalls that filter incoming and outgoing traffic.
-
Question 4 of 10
4. Question
A security policy can be defined as a document describing the security controls implemented in a business to accomplish a goal. Which of the following statements defines an information protection policy?
Correct
An information protection policy defines information sensitivity levels and who has access to those levels. It is a document that provides guidelines to users on the processing, storage, and transmission of sensitive information.
Incorrect
An information protection policy defines information sensitivity levels and who has access to those levels. It is a document that provides guidelines to users on the processing, storage, and transmission of sensitive information.
-
Question 5 of 10
5. Question
A penetration test is defined as a full-scale test of the security controls of a system or network to identify security risks and vulnerabilities. There are three different types of penetration testing: black-box testing, white-box testing, and gray-box testing. Which of the following statements best describes white-box testing?
Correct
In white-box testing, pen testers have full knowledge of the network, system, and infrastructure they’re targeting. This test is also much quicker, easier, and less expensive; it is designed to simulate a knowledgeable internal threat, such as a disgruntled network admin or trusted user.
Incorrect
In white-box testing, pen testers have full knowledge of the network, system, and infrastructure they’re targeting. This test is also much quicker, easier, and less expensive; it is designed to simulate a knowledgeable internal threat, such as a disgruntled network admin or trusted user.
-
Question 6 of 10
6. Question
The Open Systems Interconnection (OSI) model is a conceptual model created by the International Organization for Standardization, which enables diverse communication systems to communicate using standard protocols. Which of the following statements best describes the session layer in the OSI model?
Correct
The session layer establishes, manages, and terminates connections between applications. It sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination.
Incorrect
The session layer establishes, manages, and terminates connections between applications. It sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination.
-
Question 7 of 10
7. Question
Footprinting is the process of collecting information about the target system to find ways to penetrate the system. ECC listed four main focuses and benefits of footprinting for ethical hackers. Which of the following is not included in this list?
Correct
Advantages of footprinting for ethical hackers as listed by ECC:
(1) Know the security posture.
(2) Reduce the focus area.
(3) Identify vulnerabilities.
(4) Draw a network map.Incorrect
Advantages of footprinting for ethical hackers as listed by ECC:
(1) Know the security posture.
(2) Reduce the focus area.
(3) Identify vulnerabilities.
(4) Draw a network map. -
Question 8 of 10
8. Question
Website footprinting is the process of analyzing a website from afar to obtain interesting information, such as software in use, operating system, paths, and contact details. Which of the following tools can you use if you want to check the changes in a web page and to keep snapshots of the site from days gone by?
Correct
The Wayback Machine available at (www.archive.org) keeps snapshots of sites from days gone by, allowing you to go back in time to search for lost information, while the Website Watcher (http://aignes.com) can be used to check web pages for changes, automatically notifying you when there’s an update.
Incorrect
The Wayback Machine available at (www.archive.org) keeps snapshots of sites from days gone by, allowing you to go back in time to search for lost information, while the Website Watcher (http://aignes.com) can be used to check web pages for changes, automatically notifying you when there’s an update.
-
Question 9 of 10
9. Question
The domain name system (DNS) is a naming database in which internet domain names are located and translated into internet protocol (IP) addresses. Which of the following statements best describes the CNAME record?
Correct
A canonical name (CNAME) record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting the subdomain’s content.
Incorrect
A canonical name (CNAME) record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting the subdomain’s content.
-
Question 10 of 10
10. Question
Several tools can be used in footprinting, one of which is the OSRFramework. Which of the following statements best describes the OSRFramework tool?
Correct
OSRFramework is an open-source research framework in Python that helps you in the task of user profiling by making use of different OSINT tools, which can help you gather more and more accurate data using multiple applications in one easy-to-use package. It also has a web-based GUI, which does the work for you if you like to work without the command line.
Incorrect
OSRFramework is an open-source research framework in Python that helps you in the task of user profiling by making use of different OSINT tools, which can help you gather more and more accurate data using multiple applications in one easy-to-use package. It also has a web-based GUI, which does the work for you if you like to work without the command line.