Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
The message authentication code (MAC) is a fixed-length value that is generated by running the entire message through a cryptographic algorithm. The output is often referred to as a hash. It can be used for multiple purposes beyond just being able to verify a message that has been sent. One of the most common hash function is the Message Digest 5 (MD5). Which of the following statements best describes the MD5?
Correct
The Message Digest 5 (MD5) is a cryptographic algorithm that takes the arbitrary-length input and generates a fixed-length output. Generating an MD5 will yield 32 hexadecimal characters, which is 128 bits. When it comes to cryptographic hashes, it’s not a linear function. This means even the change of a single bit will generate a completely different value.
Incorrect
The Message Digest 5 (MD5) is a cryptographic algorithm that takes the arbitrary-length input and generates a fixed-length output. Generating an MD5 will yield 32 hexadecimal characters, which is 128 bits. When it comes to cryptographic hashes, it’s not a linear function. This means even the change of a single bit will generate a completely different value.
-
Question 2 of 10
2. Question
Several protocols can be used in sending encrypted mail messages; one of the most effective protocols is the Secure/Multipurpose Internet Mail Extensions (S/MIME). Which of the following statements best defines the S/MIME protocol?
Correct
The Secure/Multipurpose Internet Mail Extensions (S/MIME) is a secure method of sending emails that use the RSA encryption system. This is a standard that is generally implemented in mail clients, meaning there is no need for third-party software. It also uses X.509 certificates from certificate authorities. These certificates may commonly be installed inside a Windows Active Directory.
Incorrect
The Secure/Multipurpose Internet Mail Extensions (S/MIME) is a secure method of sending emails that use the RSA encryption system. This is a standard that is generally implemented in mail clients, meaning there is no need for third-party software. It also uses X.509 certificates from certificate authorities. These certificates may commonly be installed inside a Windows Active Directory.
-
Question 3 of 10
3. Question
Data classification is an important step when organizing security systems and controls. It is used to identify and organize information that has similar security control needs. This allows appropriate access controls to be created. Based on the governmental data classifications, which of the following sentences best defines the official information?
Correct
Governmental Data Classifications:
(1) Top secret – The highest level of data classification. Only a limited number of people are allowed to look at data classified as top secret.
(2) Secret – The exposure of secret information would cause serious damage to national security.
(3) Confidential – The exposure of confidential information would cause damage to national security.
(4) Restricted – The exposure of restricted data would have undesirable effects.
(5) Official – This is information that relates to government business and may not be an indicator of the potential for harm if the information were lost or exposed.
(6) Unclassified – This information can be viewed by everyone. This may include declassified information that was once considered a higher classification but the threat posed by its exposure has subsided.Incorrect
Governmental Data Classifications:
(1) Top secret – The highest level of data classification. Only a limited number of people are allowed to look at data classified as top secret.
(2) Secret – The exposure of secret information would cause serious damage to national security.
(3) Confidential – The exposure of confidential information would cause damage to national security.
(4) Restricted – The exposure of restricted data would have undesirable effects.
(5) Official – This is information that relates to government business and may not be an indicator of the potential for harm if the information were lost or exposed.
(6) Unclassified – This information can be viewed by everyone. This may include declassified information that was once considered a higher classification but the threat posed by its exposure has subsided. -
Question 4 of 10
4. Question
Security models are used to help enforce access controls. It defines who can perform what action on data. It is also an extension of the data classification levels that an organization has identified. One example of a security model is the state machine model. Which of the following sentences defines the state machine model?
Correct
The state machine model is based on a finite state machine. It is used to identify when the overall security of a system has moved to a state that isn’t secure. This requires that all possible states of the system have been identified. This should include the actions that would be possible to move a system into a particular state and all the possible state transitions.
Incorrect
The state machine model is based on a finite state machine. It is used to identify when the overall security of a system has moved to a state that isn’t secure. This requires that all possible states of the system have been identified. This should include the actions that would be possible to move a system into a particular state and all the possible state transitions.
-
Question 5 of 10
5. Question
The Biba model is named after the man who developed it in 1975, Kenneth Biba. The goal of the Biba model is data integrity. There are three objectives when it comes to ensuring data integrity. Which of the following statements is not included in the three objectives for data integrity?
Correct
The three objectives when it comes to ensuring data integrity include the following:
(1) Unauthorized parties cannot modify data.
(2) Authorized parties cannot modify data without specific authorization.
(3) Data should be true and accurate, meaning it has both internal and external consistency.Incorrect
The three objectives when it comes to ensuring data integrity include the following:
(1) Unauthorized parties cannot modify data.
(2) Authorized parties cannot modify data without specific authorization.
(3) Data should be true and accurate, meaning it has both internal and external consistency. -
Question 6 of 10
6. Question
The Bell-LaPadula model is used in government or military implementations, and the intent is to protect confidentiality. A list of properties is defined for the Bell-LaPadula model. Which of the following statements is not included in the list?
Correct
The Bell-LaPadula properties are defined as follows:
(1) The Simple Security Property says that a subject at one security level may not read an object at a higher security level.
(2) The * (star) Property says that a subject at one security level may not write to an object at a lower security level.
(3) The Discretionary Security Property uses access to the matrix to indicate discretionary access.Incorrect
The Bell-LaPadula properties are defined as follows:
(1) The Simple Security Property says that a subject at one security level may not read an object at a higher security level.
(2) The * (star) Property says that a subject at one security level may not write to an object at a lower security level.
(3) The Discretionary Security Property uses access to the matrix to indicate discretionary access. -
Question 7 of 10
7. Question
The Clark-Wilson model was created in 1987 and addresses all the goals of integrity. It adds in programs and expects that subjects act on data objects only through the use of programs. It also features an access control triple. Which of the following is not included in the access control triple?
Correct
The Clark-Wilson model dictates that the separation of duties must be enforced, subjects must access data through an application, and auditing is required. It also features an access control triple, which is composed of the user, transformational procedure, and the constrained data item.
Incorrect
The Clark-Wilson model dictates that the separation of duties must be enforced, subjects must access data through an application, and auditing is required. It also features an access control triple, which is composed of the user, transformational procedure, and the constrained data item.
-
Question 8 of 10
8. Question
The n-tier design is a classic tiered application model. It is suitable to support enterprise-level client-server applications by providing solutions to scalability, security fault tolerance, reusability, and maintainability. It helps developers to create flexible and reusable applications. It has three tiers referred to as the Presentation, Application and Business Logic, and Data Access Layers. Which of the following sentences best defines the Data Access Layer?
Correct
In the Data Access Layer, information is stored and retrieved from a database or file system. The information is then passed back to the application layer for processing and then eventually back to the user.
Incorrect
In the Data Access Layer, information is stored and retrieved from a database or file system. The information is then passed back to the application layer for processing and then eventually back to the user.
-
Question 9 of 10
9. Question
A relational database is a type of database that stores and provides access to data points that are related to one another. The language used to interact with a relational database is SQL, which was developed in the 1970s. There are several common SQL databases that you may run across; an example is MySQL. Which of the following statements is true about MySQL?
Correct
MySQL is sponsored by the Swedish company MySQL AB, which is owned by the Oracle Corporation. It is a full-featured relational database management system (RDBMS). It is written in C and C++ and is compatible with all major operating systems. It also uses TCP port 3306 and does not operate using UDP.
Incorrect
MySQL is sponsored by the Swedish company MySQL AB, which is owned by the Oracle Corporation. It is a full-featured relational database management system (RDBMS). It is written in C and C++ and is compatible with all major operating systems. It also uses TCP port 3306 and does not operate using UDP.
-
Question 10 of 10
10. Question
The National Institute of Standards and Technology (NIST) has a cybersecurity framework that has been identified to highlight phases in which businesses should consider implementing security controls. NIST refers to these phases as the five functions. What are the functions included in the framework core?
Correct
The five functions of the National Institute of Standards and Technology (NIST) represent the five primary pillars for a successful and holistic cybersecurity program. They aid organizations in easily expressing their management of cybersecurity risk at a high level and enabling risk management decisions. The five functions included in the framework core are: Identify, Protect, Detect, Respond, and Recover.
Incorrect
The five functions of the National Institute of Standards and Technology (NIST) represent the five primary pillars for a successful and holistic cybersecurity program. They aid organizations in easily expressing their management of cybersecurity risk at a high level and enabling risk management decisions. The five functions included in the framework core are: Identify, Protect, Detect, Respond, and Recover.