Quiz-summary
0 of 30 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 30 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- Answered
- Review
-
Question 1 of 30
1. Question
The message authentication code (MAC) is a fixed-length value that is generated by running the entire message through a cryptographic algorithm. The output is often referred to as a hash. It can be used for multiple purposes beyond just being able to verify a message that has been sent. One of the most common hash function is the Message Digest 5 (MD5). Which of the following statements best describes the MD5?
Correct
The Message Digest 5 (MD5) is a cryptographic algorithm that takes the arbitrary-length input and generates a fixed-length output. Generating an MD5 will yield 32 hexadecimal characters, which is 128 bits. When it comes to cryptographic hashes, it’s not a linear function. This means even the change of a single bit will generate a completely different value.
Incorrect
The Message Digest 5 (MD5) is a cryptographic algorithm that takes the arbitrary-length input and generates a fixed-length output. Generating an MD5 will yield 32 hexadecimal characters, which is 128 bits. When it comes to cryptographic hashes, it’s not a linear function. This means even the change of a single bit will generate a completely different value.
-
Question 2 of 30
2. Question
Several protocols can be used in sending encrypted mail messages; one of the most effective protocols is the Secure/Multipurpose Internet Mail Extensions (S/MIME). Which of the following statements best defines the S/MIME protocol?
Correct
The Secure/Multipurpose Internet Mail Extensions (S/MIME) is a secure method of sending emails that use the RSA encryption system. This is a standard that is generally implemented in mail clients, meaning there is no need for third-party software. It also uses X.509 certificates from certificate authorities. These certificates may commonly be installed inside a Windows Active Directory.
Incorrect
The Secure/Multipurpose Internet Mail Extensions (S/MIME) is a secure method of sending emails that use the RSA encryption system. This is a standard that is generally implemented in mail clients, meaning there is no need for third-party software. It also uses X.509 certificates from certificate authorities. These certificates may commonly be installed inside a Windows Active Directory.
-
Question 3 of 30
3. Question
Data classification is an important step when organizing security systems and controls. It is used to identify and organize information that has similar security control needs. This allows appropriate access controls to be created. Based on the governmental data classifications, which of the following sentences best defines the official information?
Correct
Governmental Data Classifications:
(1) Top secret – The highest level of data classification. Only a limited number of people are allowed to look at data classified as top secret.
(2) Secret – The exposure of secret information would cause serious damage to national security.
(3) Confidential – The exposure of confidential information would cause damage to national security.
(4) Restricted – The exposure of restricted data would have undesirable effects.
(5) Official – This is information that relates to government business and may not be an indicator of the potential for harm if the information were lost or exposed.
(6) Unclassified – This information can be viewed by everyone. This may include declassified information that was once considered a higher classification but the threat posed by its exposure has subsided.Incorrect
Governmental Data Classifications:
(1) Top secret – The highest level of data classification. Only a limited number of people are allowed to look at data classified as top secret.
(2) Secret – The exposure of secret information would cause serious damage to national security.
(3) Confidential – The exposure of confidential information would cause damage to national security.
(4) Restricted – The exposure of restricted data would have undesirable effects.
(5) Official – This is information that relates to government business and may not be an indicator of the potential for harm if the information were lost or exposed.
(6) Unclassified – This information can be viewed by everyone. This may include declassified information that was once considered a higher classification but the threat posed by its exposure has subsided. -
Question 4 of 30
4. Question
Security models are used to help enforce access controls. It defines who can perform what action on data. It is also an extension of the data classification levels that an organization has identified. One example of a security model is the state machine model. Which of the following sentences defines the state machine model?
Correct
The state machine model is based on a finite state machine. It is used to identify when the overall security of a system has moved to a state that isn’t secure. This requires that all possible states of the system have been identified. This should include the actions that would be possible to move a system into a particular state and all the possible state transitions.
Incorrect
The state machine model is based on a finite state machine. It is used to identify when the overall security of a system has moved to a state that isn’t secure. This requires that all possible states of the system have been identified. This should include the actions that would be possible to move a system into a particular state and all the possible state transitions.
-
Question 5 of 30
5. Question
The Biba model is named after the man who developed it in 1975, Kenneth Biba. The goal of the Biba model is data integrity. There are three objectives when it comes to ensuring data integrity. Which of the following statements is not included in the three objectives for data integrity?
Correct
The three objectives when it comes to ensuring data integrity include the following:
(1) Unauthorized parties cannot modify data.
(2) Authorized parties cannot modify data without specific authorization.
(3) Data should be true and accurate, meaning it has both internal and external consistency.Incorrect
The three objectives when it comes to ensuring data integrity include the following:
(1) Unauthorized parties cannot modify data.
(2) Authorized parties cannot modify data without specific authorization.
(3) Data should be true and accurate, meaning it has both internal and external consistency. -
Question 6 of 30
6. Question
The Bell-LaPadula model is used in government or military implementations, and the intent is to protect confidentiality. A list of properties is defined for the Bell-LaPadula model. Which of the following statements is not included in the list?
Correct
The Bell-LaPadula properties are defined as follows:
(1) The Simple Security Property says that a subject at one security level may not read an object at a higher security level.
(2) The * (star) Property says that a subject at one security level may not write to an object at a lower security level.
(3) The Discretionary Security Property uses access to the matrix to indicate discretionary access.Incorrect
The Bell-LaPadula properties are defined as follows:
(1) The Simple Security Property says that a subject at one security level may not read an object at a higher security level.
(2) The * (star) Property says that a subject at one security level may not write to an object at a lower security level.
(3) The Discretionary Security Property uses access to the matrix to indicate discretionary access. -
Question 7 of 30
7. Question
The Clark-Wilson model was created in 1987 and addresses all the goals of integrity. It adds in programs and expects that subjects act on data objects only through the use of programs. It also features an access control triple. Which of the following is not included in the access control triple?
Correct
The Clark-Wilson model dictates that the separation of duties must be enforced, subjects must access data through an application, and auditing is required. It also features an access control triple, which is composed of the user, transformational procedure, and the constrained data item.
Incorrect
The Clark-Wilson model dictates that the separation of duties must be enforced, subjects must access data through an application, and auditing is required. It also features an access control triple, which is composed of the user, transformational procedure, and the constrained data item.
-
Question 8 of 30
8. Question
The n-tier design is a classic tiered application model. It is suitable to support enterprise-level client-server applications by providing solutions to scalability, security fault tolerance, reusability, and maintainability. It helps developers to create flexible and reusable applications. It has three tiers referred to as the Presentation, Application and Business Logic, and Data Access Layers. Which of the following sentences best defines the Data Access Layer?
Correct
In the Data Access Layer, information is stored and retrieved from a database or file system. The information is then passed back to the application layer for processing and then eventually back to the user.
Incorrect
In the Data Access Layer, information is stored and retrieved from a database or file system. The information is then passed back to the application layer for processing and then eventually back to the user.
-
Question 9 of 30
9. Question
A relational database is a type of database that stores and provides access to data points that are related to one another. The language used to interact with a relational database is SQL, which was developed in the 1970s. There are several common SQL databases that you may run across; an example is MySQL. Which of the following statements is true about MySQL?
Correct
MySQL is sponsored by the Swedish company MySQL AB, which is owned by the Oracle Corporation. It is a full-featured relational database management system (RDBMS). It is written in C and C++ and is compatible with all major operating systems. It also uses TCP port 3306 and does not operate using UDP.
Incorrect
MySQL is sponsored by the Swedish company MySQL AB, which is owned by the Oracle Corporation. It is a full-featured relational database management system (RDBMS). It is written in C and C++ and is compatible with all major operating systems. It also uses TCP port 3306 and does not operate using UDP.
-
Question 10 of 30
10. Question
The National Institute of Standards and Technology (NIST) has a cybersecurity framework that has been identified to highlight phases in which businesses should consider implementing security controls. NIST refers to these phases as the five functions. What are the functions included in the framework core?
Correct
The five functions of the National Institute of Standards and Technology (NIST) represent the five primary pillars for a successful and holistic cybersecurity program. They aid organizations in easily expressing their management of cybersecurity risk at a high level and enabling risk management decisions. The five functions included in the framework core are: Identify, Protect, Detect, Respond, and Recover.
Incorrect
The five functions of the National Institute of Standards and Technology (NIST) represent the five primary pillars for a successful and holistic cybersecurity program. They aid organizations in easily expressing their management of cybersecurity risk at a high level and enabling risk management decisions. The five functions included in the framework core are: Identify, Protect, Detect, Respond, and Recover.
-
Question 11 of 30
11. Question
The International Organization for Standardization (ISO) published a guide for information security management systems that is called the ISO 27001. It provides another way to think about implementing information security systems. What are the phases included in the ISO 27001 cycle?
Correct
ISO 27001 was developed to help organizations of any size or any industry to protect their information systematically and cost-effectively through the adoption of an Information Security Management System (ISMS). The phases of ISO 27001 include the following: Plan, Do, Check, and Act.
Incorrect
ISO 27001 was developed to help organizations of any size or any industry to protect their information systematically and cost-effectively through the adoption of an Information Security Management System (ISMS). The phases of ISO 27001 include the following: Plan, Do, Check, and Act.
-
Question 12 of 30
12. Question
Symmetric key cryptography is any cryptographic algorithm that is based on a shared key that is used to encrypt or decrypt text. Any symmetric key algorithm can be either a stream or a block cipher. Which of the following statements best defines a stream cipher?
Correct
A stream cipher encrypts the data byte for byte. An example of a stream cipher is the vigenere cipher, wherein the data is encrypted one letter at a time without any reliance on any other portion of the message.
Incorrect
A stream cipher encrypts the data byte for byte. An example of a stream cipher is the vigenere cipher, wherein the data is encrypted one letter at a time without any reliance on any other portion of the message.
-
Question 13 of 30
13. Question
An encryption cipher is only a portion of what is necessary to allow messages to be encrypted between endpoints. There are multiple components, and all of them are called a cipher suite. Which of the following statements best defines a cipher suite?
Correct
A cipher suite is a complete set of methods needed to secure a network connection through SSL/TLS. One cipher suite typically consists of one key exchange, one authentication, one bulk encryption, and one MAC algorithm.
Incorrect
A cipher suite is a complete set of methods needed to secure a network connection through SSL/TLS. One cipher suite typically consists of one key exchange, one authentication, one bulk encryption, and one MAC algorithm.
-
Question 14 of 30
14. Question
The replacement algorithm for Data Encryption Standard (DES) was the Advanced Encryption Standard (AES). It is a block cipher that uses multiple key lengths and a block length of 128 bits. The Rijndael cipher was used a the basis for the AES. To date, the only possible way to attack AES is to use a side-channel attack. Which of the following sentences describes the side-channel attack?
Correct
A side-channel attack relies on using something other than a weakness in the algorithm. Instead, the implementation becomes the target. Information can be leaked as a result of power consumption, processor utilization, or electromagnetic leaks. This is not the sort of attack that someone would be able to accomplish without an extensive understanding of cryptography and how systems work.
Incorrect
A side-channel attack relies on using something other than a weakness in the algorithm. Instead, the implementation becomes the target. Information can be leaked as a result of power consumption, processor utilization, or electromagnetic leaks. This is not the sort of attack that someone would be able to accomplish without an extensive understanding of cryptography and how systems work.
-
Question 15 of 30
15. Question
Keys can be stored inside a data structure called a certificate. The certificate structure is defined by X.509, which is a part of a larger X.500 standard used to define digital directory services. As part of a digital directory, encryption certificates can be stored. Which of the following sentences best describes the public key infrastructure (PKI)?
Correct
The public key infrastructure (PKI) is a set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of the PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking, and confidential email.
Incorrect
The public key infrastructure (PKI) is a set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of the PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking, and confidential email.
-
Question 16 of 30
16. Question
Certificate revocation is the act of invalidating a TLS/SSL before its scheduled expiration date. A certificate should be revoked immediately when its private key shows signs of being compromised. It should also be revoked when the domain for which it was issued is no longer operational. Revoked certificates are managed through the use of the Certificate Revocation List (CRL). Which of the following sentences defines CRL?
Correct
The Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted. It is described in RFC 5280 and is generated and published periodically, often at a defined interval.
Incorrect
The Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted. It is described in RFC 5280 and is generated and published periodically, often at a defined interval.
-
Question 17 of 30
17. Question
Certificates may be managed using a certificate authority (CA), which is a trusted third party that verifies the identity of the certificate holder. A CA is not the only way to verify identity; you can also use Pretty Good Privacy (PGP). Which of the following sentences best describes PGP?
Correct
Pretty Good Privacy (PGP) uses a web of trust to perform verification. The idea is that keys are all uploaded to a web server. Someone who knows the person who has uploaded the key will sign that key as a demonstration that they know the person and are willing to say that the key really belongs to the user it purports to belong to.
Incorrect
Pretty Good Privacy (PGP) uses a web of trust to perform verification. The idea is that keys are all uploaded to a web server. Someone who knows the person who has uploaded the key will sign that key as a demonstration that they know the person and are willing to say that the key really belongs to the user it purports to belong to.
-
Question 18 of 30
18. Question
When it comes to remediation against distributed denial of service attacks, there aren’t a lot of options. One effective approach is to use a load balancing service. Which of the following sentences best defines a load balancing service?
Correct
The load balancing service is a method for improving the availability and performance of software applications that are run across multiple servers. This tool boosts application availability by routing client request traffic away from servers that are congested or malfunctioning and elevates performance by balancing request traffic across healthy servers so that no server is over-burdened.
Incorrect
The load balancing service is a method for improving the availability and performance of software applications that are run across multiple servers. This tool boosts application availability by routing client request traffic away from servers that are congested or malfunctioning and elevates performance by balancing request traffic across healthy servers so that no server is over-burdened.
-
Question 19 of 30
19. Question
The slowhttptest program is a highly configurable tool that simulates some application layer Denial of Service attacks. It works on the majority of Linux platforms, OSX, Cygwin, Unix-like environment, and command-line interface for Microsoft Windows. This program can be used to conduct HTTP attacks and the Apache killer attack. Which of the following statements is true about the Apache killer attack?
Correct
During the apache killer attack, the program slowhttptest sends requests asking for overlapping ranges of bytes. This causes memory consumption on the server because of a bug in the Apache server program. This is where the program makes a request of a large file from the webserver and then reads the file in from the server in small segments. The attacking program can then wait long periods of time between reads. This keeps the connection open for a long time, holding up a connection that might otherwise be used by a legitimate user.
Incorrect
During the apache killer attack, the program slowhttptest sends requests asking for overlapping ranges of bytes. This causes memory consumption on the server because of a bug in the Apache server program. This is where the program makes a request of a large file from the webserver and then reads the file in from the server in small segments. The attacking program can then wait long periods of time between reads. This keeps the connection open for a long time, holding up a connection that might otherwise be used by a legitimate user.
-
Question 20 of 30
20. Question
A buffer overflow attack takes advantage of a memory structure called the stack. The goal of this attack is to inject a section of code, called shellcode, that the attacker wants to be executed. The place in the stack where the return address is kept needs to point to the space in memory where the shellcode now resides. A way to protect your system against this attack is by using Address Space Layout Randomization (ASLR). Which of the following sentences best defines ASLR?
Correct
Address space layout randomization (ASLR) is a computer security technique which involves randomly positioning the base address of an executable and the position of libraries, heap, and stack, in a process’s address space. The random mixing of memory addresses performed by ASLR means that an attack no longer knows at what address the required code is actually located.
Incorrect
Address space layout randomization (ASLR) is a computer security technique which involves randomly positioning the base address of an executable and the position of libraries, heap, and stack, in a process’s address space. The random mixing of memory addresses performed by ASLR means that an attack no longer knows at what address the required code is actually located.
-
Question 21 of 30
21. Question
Wireless encryption secures your wireless network with an authentication protocol. It requires a password or network key when a user or device tries to connect. If your wireless network isn’t secure, unauthorized users could access your network and obtain personal information or use your internet connection for malicious or illegal activity. Several types of wireless encryption are commonly supported on most Wi-Fi enables devices, one of which is the Wi-Fi Protected Access (WPA). Which of the following sentences is true about WPA?
Correct
The Wi-Fi Protected Access (WPA) is a security protocol designed to create secure wireless networks. It introduced the Temporal Key Integrity Protocol (TKIP), which dynamically changes the key that the systems use. This prevents intruders from creating their own encryption key to match the one used by the secure network. WPA also implements something called the Extensible Authentication Protocol (EAP) for authorizing users. Instead of authorizing computers based on solely their MAC address, WPA can use several other methods to verify each computer’s identity. This makes it more difficult for unauthorized systems to gain access to the wireless network.
Incorrect
The Wi-Fi Protected Access (WPA) is a security protocol designed to create secure wireless networks. It introduced the Temporal Key Integrity Protocol (TKIP), which dynamically changes the key that the systems use. This prevents intruders from creating their own encryption key to match the one used by the secure network. WPA also implements something called the Extensible Authentication Protocol (EAP) for authorizing users. Instead of authorizing computers based on solely their MAC address, WPA can use several other methods to verify each computer’s identity. This makes it more difficult for unauthorized systems to gain access to the wireless network.
-
Question 22 of 30
22. Question
Several companies have policies that allow employees to use their own devices on enterprise networks. This policy is referred to as bring your own device (BYOD). A company that practices the BYOD policy may not have a form of network access control (NAC). Which of the following statements defines NAC?
Correct
A network access control (NAC) can restrict which devices can connect to an organization’s wireless networks. They can do this by blocking the MAC address to prevent anyone, not on the white list from even getting to the point of user-level authentication.
Incorrect
A network access control (NAC) can restrict which devices can connect to an organization’s wireless networks. They can do this by blocking the MAC address to prevent anyone, not on the white list from even getting to the point of user-level authentication.
-
Question 23 of 30
23. Question
The objective of social engineering is to convince or manipulate someone into doing something they wouldn’t normally do for someone they don’t know. An example of successful social engineering is the circulation of the I Love You virus. Which of the following sentences is true about the I Love You virus?
Correct
The I Love You virus is a computer worm that infected over ten million Windows personal computers on and after May 4, 2000. Before the virus could run, someone had to be convinced to open the mail and then run the script that was contained in the message. The subject line used is ILOVEYOU. The message directs you to open the attached “text” file.
Incorrect
The I Love You virus is a computer worm that infected over ten million Windows personal computers on and after May 4, 2000. Before the virus could run, someone had to be convinced to open the mail and then run the script that was contained in the message. The subject line used is ILOVEYOU. The message directs you to open the attached “text” file.
-
Question 24 of 30
24. Question
Badge access is a credential used to gain entry to an area having automated access control entry points. Entry points may be doors, turnstiles, parking gates, or other barriers. There are problems with this approach, as attackers can sometimes bypass these door locking devices that allow them to gain access to a building. One of the techniques to bypass door locking devices is to use near-field communication (NFC) technology. Which of the following statements defines NFC?
Correct
The near-field communication (NFC) technology is a set of communication protocols for communication between two electronic devices over a distance of 4cm or less. It can also act as electronic identity documents and keycards. It may also be possible to clone an RFID card using the NFC technology on your phone. In fact, some hotels are starting to make use of that technology to allow you to use your phone to unlock doors.
Incorrect
The near-field communication (NFC) technology is a set of communication protocols for communication between two electronic devices over a distance of 4cm or less. It can also act as electronic identity documents and keycards. It may also be possible to clone an RFID card using the NFC technology on your phone. In fact, some hotels are starting to make use of that technology to allow you to use your phone to unlock doors.
-
Question 25 of 30
25. Question
Port mirroring is used on a network switch to send a copy of network packets seen on one switch port to a networking monitoring connection on another switch port. What feature can you use if you want to mirror ports on Cisco switches?
Correct
The Switched Port Analyzer (SPAN) is an open-source mirroring device on Cisco switches. It runs as a VLAN filtering and traffic monitoring system to keep track of the port activity within your network. Although, as free open-source software, SPAN is supported by a resourceful online help desk made up of Cisco users, its capabilities are far less broad than more sophisticated closed-source monitors.
Incorrect
The Switched Port Analyzer (SPAN) is an open-source mirroring device on Cisco switches. It runs as a VLAN filtering and traffic monitoring system to keep track of the port activity within your network. Although, as free open-source software, SPAN is supported by a resourceful online help desk made up of Cisco users, its capabilities are far less broad than more sophisticated closed-source monitors.
-
Question 26 of 30
26. Question
Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning, is a Man-in-the-Middle (MitM) attack that allows attackers to intercept communication between network devices. One of the effective tools in conducting ARP spoofing that has multiple uses, in fact, is Ettercap. Which of the following statements is true about Ettercap?
Correct
Ettercap is a free and open-source network security tool that has two modes: console-based mode and a GUI-based mode. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. It works by putting the network interface into promiscuous mode and by ARP poisoning the target machines.
Incorrect
Ettercap is a free and open-source network security tool that has two modes: console-based mode and a GUI-based mode. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. It works by putting the network interface into promiscuous mode and by ARP poisoning the target machines.
-
Question 27 of 30
27. Question
An Internet Protocol (IP) address is a unique address that identifies a device on the Internet or a local network. It allows a system to be recognized by other systems connected via the Internet Protocol. There are two primary types of IP address formats used today: Internet Protocol version 4 and Internet Protocol version 6. Which of the following statements is true about IPv4?
Correct
Internet Protocol version 4 (IPv4) is the fourth revision of the Internet Protocol and a widely used protocol in data communication over different kinds of networks. It uses 32-bit addresses for Ethernet communication in five classes: A, B, C, D, and E. Classes A, B, and C have a different bit length for addressing the network host. Class D addresses are reserved for multicasting, while class E addresses are reserved for future use.
Incorrect
Internet Protocol version 4 (IPv4) is the fourth revision of the Internet Protocol and a widely used protocol in data communication over different kinds of networks. It uses 32-bit addresses for Ethernet communication in five classes: A, B, C, D, and E. Classes A, B, and C have a different bit length for addressing the network host. Class D addresses are reserved for multicasting, while class E addresses are reserved for future use.
-
Question 28 of 30
28. Question
A computer network is a group of computers that use a set of communication protocols over digital interconnections to share resources located on or provided by the network nodes. Computer networks can be categorized based on their functionality, geography, ownership, and communication media used. Wide Area Network (WAN) is a type of computer network based on the geographical area. Which of the following sentences is true about WAN?
Correct
A Wide Area Network (WAN) is a network whose nodes are more than 10 or so miles apart. There are several ways to provide that sort of connectivity between geographically dispersed locations, including virtual private networks, private network circuits, or just tunneling traffic without encrypting it as a virtual private network would do.
Incorrect
A Wide Area Network (WAN) is a network whose nodes are more than 10 or so miles apart. There are several ways to provide that sort of connectivity between geographically dispersed locations, including virtual private networks, private network circuits, or just tunneling traffic without encrypting it as a virtual private network would do.
-
Question 29 of 30
29. Question
The Open System Interconnection (OSI) model is consists of seven layers, and each layer performs a particular network function. Which of the following statements defines the Presentation layer in the OSI model?
Correct
The Presentation layer is the sixth layer in the Open System Interconnection (OSI) model. It is responsible for preparing data for the Application layer. It makes sure that the data is handed up to the application is in the right format so it can be consumed. When systems are communicating, there may be disconnects in formatting between the two endpoints, and the Presentation layer makes sure that data is formatted correctly.
Incorrect
The Presentation layer is the sixth layer in the Open System Interconnection (OSI) model. It is responsible for preparing data for the Application layer. It makes sure that the data is handed up to the application is in the right format so it can be consumed. When systems are communicating, there may be disconnects in formatting between the two endpoints, and the Presentation layer makes sure that data is formatted correctly.
-
Question 30 of 30
30. Question
A penetration test is an attempt to evaluate the security of an IT infrastructure by trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configuration, or risky end-user behavior. The pen test is consists of five phases. Which of the following sentences best describes the scanning and enumeration phase?
Correct
The scanning and enumeration phase is the second phase in ethical hacking. It involves identifying systems that are accessible within the network blocks. It also involves identifying services running on any available host. The objective of this phase is to gather as much information as you can to have starting points for when you move into the next phase. This phase can be time-consuming, especially as the size of the networks you are working with grows.
Incorrect
The scanning and enumeration phase is the second phase in ethical hacking. It involves identifying systems that are accessible within the network blocks. It also involves identifying services running on any available host. The objective of this phase is to gather as much information as you can to have starting points for when you move into the next phase. This phase can be time-consuming, especially as the size of the networks you are working with grows.