Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
What is this test, which is usually used by an organization to rebuild trust and reputation after a security breach has occurred, and to tell customers that they’ve fixed the flaw and the system is now secured?
Correct
A penetration test, also known as a pen test, is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.
Incorrect
A penetration test, also known as a pen test, is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.
-
Question 2 of 10
2. Question
The CIA Triad is a well-known model created for the development of security policies used in identifying problem areas, along with necessary solutions in the arena of information security. What is this part of the CIA Triad, which addresses the secrecy and privacy of information, refers to the measures taken both to prevent disclosure of data to unauthorized individuals or systems?
Correct
Confidentiality ensures that sensitive information is accessed only by an authorized person and kept away from those not authorized to possess them. It is implemented using security measures such as usernames, passwords, access control lists, and encryption.
Incorrect
Confidentiality ensures that sensitive information is accessed only by an authorized person and kept away from those not authorized to possess them. It is implemented using security measures such as usernames, passwords, access control lists, and encryption.
-
Question 3 of 10
3. Question
A penetration test has three main phases: preparation, assessment, and post-assessment phase. What is this phase in a penetration test, wherein final reports are delivered to the customer, detailing the results of the tests, and providing recommendations to improve the security of the system?
Correct
The conclusion or post-assessment phase defines the time when the final reports are prepared for the customer, detailing the findings of the tests and recommendations to improve the security.
Incorrect
The conclusion or post-assessment phase defines the time when the final reports are prepared for the customer, detailing the findings of the tests and recommendations to improve the security.
-
Question 4 of 10
4. Question
What is this type of penetration test, which involves testing a system with no prior knowledge of its internal workings, and requires an in-depth romp through the five stages of an attack and removes any preconceived notions of what to look for?
Correct
Black box testing is a powerful testing technique because it exercises a system end-to-end. It is designed to simulate an outside, unknown attacker, and it takes the most amount of time to complete and is by far the most costly option.
Incorrect
Black box testing is a powerful testing technique because it exercises a system end-to-end. It is designed to simulate an outside, unknown attacker, and it takes the most amount of time to complete and is by far the most costly option.
-
Question 5 of 10
5. Question
What is this type of penetration test, wherein the internal structure is partially known and has access to internal data structures and algorithms for purpose of designing the test cases?
Correct
Gray box testing, also known as partial knowledge testing is a software technique that is a combination of black-box testing technique and white-box testing technique. The testing is only done internally; because most attacks originate from inside a network, this type of testing is valuable and can demonstrate privilege escalation from a valued employee.
Incorrect
Gray box testing, also known as partial knowledge testing is a software technique that is a combination of black-box testing technique and white-box testing technique. The testing is only done internally; because most attacks originate from inside a network, this type of testing is valuable and can demonstrate privilege escalation from a valued employee.
-
Question 6 of 10
6. Question
What is this security standard, which is created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) to help businesses develop, organize, and implement strategies around information management and governance?
Correct
Control Objects for Information and Related Technology (COBIT) is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risk.
Incorrect
Control Objects for Information and Related Technology (COBIT) is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risk.
-
Question 7 of 10
7. Question
The Open Systems Interconnection (OSI) model is a conceptual model created by the International Organization for Standardization which enables diverse communication systems to communicate using standard protocols. What is this layer in an OSI model, wherein directly connected nodes are used to perform node-to-node data transfer where data is packaged into frames, and also corrects errors that may have occurred at the physical layer?
Correct
The data link layer is the second layer of the OSI model of computer networking. This layer is the protocol layer that transfers data between adjacent network nodes in a wide area network or between nodes on the same local area network segment.
Incorrect
The data link layer is the second layer of the OSI model of computer networking. This layer is the protocol layer that transfers data between adjacent network nodes in a wide area network or between nodes on the same local area network segment.
-
Question 8 of 10
8. Question
The OSI model is based on the concept of splitting up a communication system into seven abstract layers, each one stacked upon the last. What is this layer in an OSI model, which manages the delivery, and error checking of data packets and regulates the size, sequencing, and ultimately the transfer of data between systems and hosts?
Correct
The main task of the transport layer includes the segmentation of the data stream and in relieving congestion.
Incorrect
The main task of the transport layer includes the segmentation of the data stream and in relieving congestion.
-
Question 9 of 10
9. Question
A Business Continuity Plan (BCP) is the process involved in creating a system of prevention and recovery from potential threats to a company. What is this part of the business continuity plan, wherein the IT department is allowed to develop a plan to recover enough data and system functionality to allow a business or organization to operate, even possibly at a minimal level?
Correct
A business continuity plan includes a disaster recovery plan, which describes how work can be resumed quickly and effectively after a disaster.
Incorrect
A business continuity plan includes a disaster recovery plan, which describes how work can be resumed quickly and effectively after a disaster.
-
Question 10 of 10
10. Question
The internet protocol’s (IP) core function is delivering packets of information from a source device to a target device. IP is the primary way in which network connections are made. What protocol is used in conjunction with IP to maintain a connection between the sender and the target to ensure packet order?
Correct
The IP provides instructions for transferring data while the TCP creates the connection and manages the delivery of packets from one system to another. The two protocols are commonly grouped and referred to as TCP/IP.
Incorrect
The IP provides instructions for transferring data while the TCP creates the connection and manages the delivery of packets from one system to another. The two protocols are commonly grouped and referred to as TCP/IP.