Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
Penetration testing is a security exercise conducted by an ethical hacker to find and exploit vulnerabilities in a computer system. Which of the following statements does not describe an ethical hacker?
Correct
An ethical hacker, also known as a white-hat hacker, is an information security expert who systematically attempts to penetrate a computer system, with explicit consent and approval from a customer, to find security vulnerabilities that a malicious hacker could potentially exploit and to improve system security.
Incorrect
An ethical hacker, also known as a white-hat hacker, is an information security expert who systematically attempts to penetrate a computer system, with explicit consent and approval from a customer, to find security vulnerabilities that a malicious hacker could potentially exploit and to improve system security.
-
Question 2 of 10
2. Question
A penetration test has three main phases: preparation, assessment, and the conclusion phase. In which phase of the penetration test are the actual assaults on the security controls conducted?
Correct
The assessment phase, also known as the security evaluation phase or conduct phase, is when the actual assaults on the security controls are conducted.
Incorrect
The assessment phase, also known as the security evaluation phase or conduct phase, is when the actual assaults on the security controls are conducted.
-
Question 3 of 10
3. Question
A network security zone is a segmented section of a network that contains systems and components with limited access to the internal network. What is this network security zone, which is defined as a very restricted zone that strictly controls direct access from uncontrolled zones?
Correct
Production network zone is a very restricted zone that supports functions to which access must be strictly controlled; direct access from an uncontrolled network should not be permitted.
Incorrect
Production network zone is a very restricted zone that supports functions to which access must be strictly controlled; direct access from an uncontrolled network should not be permitted.
-
Question 4 of 10
4. Question
The CIA Triad is a widely used information security model that can guide an organization’s efforts and policies aimed at keeping its data secure. What is this part of the CIA Triad, which preserves the authenticity of data over its whole transit by making sure unauthorized parties are not able to revise it?
Correct
Integrity protects information from unauthorized tampering while the data is at rest or in transit. In other words, integrity measures secure the data sent from the sender until it arrives at the recipient with no alteration.
Incorrect
Integrity protects information from unauthorized tampering while the data is at rest or in transit. In other words, integrity measures secure the data sent from the sender until it arrives at the recipient with no alteration.
-
Question 5 of 10
5. Question
A security policy is a written document in an organization outlining how to protect the organization from threats, including computer security threats, and how to handle situations when they do occur. What is this type of security policy, which identifies to employees what company systems can be used for, what they cannot be used for, and what are the consequences if they break the rules?
Correct
An information security policy is a set of rules sanctioned by an organization to ensure that all users of networks abide by the prescriptions regarding the security of data stored within the boundaries of the organization.
Incorrect
An information security policy is a set of rules sanctioned by an organization to ensure that all users of networks abide by the prescriptions regarding the security of data stored within the boundaries of the organization.
-
Question 6 of 10
6. Question
A hacker can be defined as a person who can gain unauthorized access to other computer systems. What do you call a person who hacks servers, damages websites, and creates viruses to forward a societal change or a political agenda?
Correct
A hacktivist is defined as a person who infiltrates and disrupts a network or website done to further the goals of political and social activism.
Incorrect
A hacktivist is defined as a person who infiltrates and disrupts a network or website done to further the goals of political and social activism.
-
Question 7 of 10
7. Question
ECC broadly outlined into four categories the various attacks that hackers could attempt in a computer system. What is this type of attack, wherein attacks are made on the actual programming code and software logic of an application?
Correct
Application layer attacks are designed to attack the application itself, focusing on a particular vulnerability or issue, resulting in the application not being able to provide content to the user. Application layer attacks are created to attack specific applications, the most common are web servers.
Incorrect
Application layer attacks are designed to attack the application itself, focusing on a particular vulnerability or issue, resulting in the application not being able to provide content to the user. Application layer attacks are created to attack specific applications, the most common are web servers.
-
Question 8 of 10
8. Question
What is defined as the initial step in gathering information and delivers a high-level blueprint of the target system or network?
Correct
Footprinting is used to refer to the work that hackers do behind the scenes before they attack a system. This includes looking at what operating system a hardware setup uses or pinging the system to determine design properties.
Incorrect
Footprinting is used to refer to the work that hackers do behind the scenes before they attack a system. This includes looking at what operating system a hardware setup uses or pinging the system to determine design properties.
-
Question 9 of 10
9. Question
Footprinting refers to the process of collecting information about the target system to find ways to penetrate the system. One of the important footprinting task is to determine the network range. What website can you use to determine the network range of an IP address?
Correct
If you enter the IP address in http://www.arin.net, the network range, email address, telephone number, and other necessary information will be shown.
Incorrect
If you enter the IP address in http://www.arin.net, the network range, email address, telephone number, and other necessary information will be shown.
-
Question 10 of 10
10. Question
Web spiders are an important tool used in footprinting. It is designed to crawl sites to gather information. How can website owners instruct search engines on how they should crawl a website?
Correct
Website owners can control search engines on how they should crawl a website by using a robots.txt file. When a search engine crawls a website, it requests the robots.txt file first and then follows the rules within.
Incorrect
Website owners can control search engines on how they should crawl a website by using a robots.txt file. When a search engine crawls a website, it requests the robots.txt file first and then follows the rules within.