CEH test bank
Which protocol and port number might be needed in order to send log messages to a log analysis tool
that resides behind a firewall? - ANS UDP 514
The "gray box testing" methodology enforces what kind of restriction - ANS The internal operation of a
system is only partly accessible to the tester
The "black box testing" methodology enforces which kind of restriction - ANS Only the external
operation of a system is accessible to the tester.
Under the "Post-attack Phase and Activities," it is the responsibility of the tester to restore the systems
to a pretest state.
Which of the following activities should not included in this phase?
I. Removing all files uploaded on the system
II. Cleaning all registry entries
III. Mapping of network state
IV. Removing all tools and maintaining backdoor for reporting - ANS III and IV
The "white box testing" methodology enforces what kind of restriction? - ANS The internal operation of
a system is completely known to the tester
A regional bank hires your company to perform a security assessment on their network after a recent
data breach. The attacker was able to steal financial data from the bank by compromising only a single
server.
Based on this information, what should be one of your key recommendations to the bank? - ANS Place a
front-end web server in a demilitarized zone that only handles external web traffic.
,Place a front-end web server in a demilitarized zone that only handles external web traffic. - ANS
Incident Management Process
Nation-state threat actors often discover vulnerabilities and hold on the them until they want to launch
a sophisticated attack. The Sutxnet attack was an unprecedented style of attack because it used four
types of vulnerability.
What is this style of attack called? - ANS zero-day
What is the benefit of performing an unannounced Penetration Testing - ANS The tester will have an
actual security posture visibility of the target network
This international organization regulates billions of transactions daily and provides security guidelines to
protect personally identifiable information (PII). These security controls provide a baseline and prevent
low-level hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described? - ANS Payment Card Industry (PCI)
Which of the following incident handling process phases is responsible for defining rules, collaborating
human workforce, creating a backup plan, and testing plans for an organization? - ANS Preparation
phase
It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles and
electronic medical data. These guidelines stipulate that all medical practices must ensure that all
necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep
patient data secure.
Which of the following regulations best matches the description? - ANS HIPAA
,A security analyst is performing an audit on the network to determine if there are any deviations from
the security policies in place. The analyst discovers that a user from the IT department had a dial-out
modem installed. Which is security policy it must the security analyst check to see if dial-out modems
are allowed? - ANS Remote access policy
An enterprise recently moved to a new office in the new neighborhood is a little risky. The CEO wants to
monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?
- ANS Install a CCTV with cameras pointing to the entrance doors and the street
Which of the following security policies define the use of VPN for gaining access to an internal corporate
network? - ANS Remote access policy
A newly discovered flaw in a software application would be considered which kind of security
vulnerability? - ANS 0-day vulnerability
It has been reported to you that someone has caused an information spillage on their computer. You go
to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down.
What step in incident handling did you just complete? - ANS Containment
What network security concept requires multiple layers of security controls to be placed through out an
IT infrastructure, which improves the security posture of an organization to defend against malicious
attacks or potential vulnerabilities? - ANS Defense in depth
Which type of security feature stops vehicles from crashing through the doors of a building? - ANS
Bollards
Seth is starting a penetration test from inside the network. He hasn't been given any information about
the network. What type of test is he conducting? - ANS Internal, Blackbox
What is the role of test automation in security testing - ANS It can accelerate benchmark tests and
repeat them with a consistent test setup. But it cannot replace manual testing completely.
, Which of the following is a command line packet analyzer similar to GUI-based Wireshark - ANS
tcpdump
In Risk Management, how is the term "likelihood" related to the concept of "threat - ANS Likelihood is
the probability that a threat-source will exploit a vulnerability
WPA2 uses AES for wireless data encryption at which of the following encryption levels - ANS 128 bit
and CCMP
Which of the following can the administrator do to verify that a tape backup can be recovered in its
entirety? - ANS Perform a full restore
An unauthorized individual enters a building following an employee through the employee entrance
after the
lunch rush. What type of breach has the individual just performed? - ANS Tailgating
You are a security officer of a company. You had an alert from IDS that indicate one PC on your Intranet
connected to a blacklisted IP address(C2 Server) on the Internet. The IP address was blacklisted just
before of
the alert. You are starting investigation to know the severity of situation roughly. Which of the following
is
appropriate to analyze? - ANS Internet Firewall/Proxy log
Code injection is a form of attack in which a malicious user: - ANS Inserts text into a data field that gets
interpreted as code.
In which of the following cryptography attack methods, attacker makes a series of interactive queries,
choosing
Which protocol and port number might be needed in order to send log messages to a log analysis tool
that resides behind a firewall? - ANS UDP 514
The "gray box testing" methodology enforces what kind of restriction - ANS The internal operation of a
system is only partly accessible to the tester
The "black box testing" methodology enforces which kind of restriction - ANS Only the external
operation of a system is accessible to the tester.
Under the "Post-attack Phase and Activities," it is the responsibility of the tester to restore the systems
to a pretest state.
Which of the following activities should not included in this phase?
I. Removing all files uploaded on the system
II. Cleaning all registry entries
III. Mapping of network state
IV. Removing all tools and maintaining backdoor for reporting - ANS III and IV
The "white box testing" methodology enforces what kind of restriction? - ANS The internal operation of
a system is completely known to the tester
A regional bank hires your company to perform a security assessment on their network after a recent
data breach. The attacker was able to steal financial data from the bank by compromising only a single
server.
Based on this information, what should be one of your key recommendations to the bank? - ANS Place a
front-end web server in a demilitarized zone that only handles external web traffic.
,Place a front-end web server in a demilitarized zone that only handles external web traffic. - ANS
Incident Management Process
Nation-state threat actors often discover vulnerabilities and hold on the them until they want to launch
a sophisticated attack. The Sutxnet attack was an unprecedented style of attack because it used four
types of vulnerability.
What is this style of attack called? - ANS zero-day
What is the benefit of performing an unannounced Penetration Testing - ANS The tester will have an
actual security posture visibility of the target network
This international organization regulates billions of transactions daily and provides security guidelines to
protect personally identifiable information (PII). These security controls provide a baseline and prevent
low-level hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described? - ANS Payment Card Industry (PCI)
Which of the following incident handling process phases is responsible for defining rules, collaborating
human workforce, creating a backup plan, and testing plans for an organization? - ANS Preparation
phase
It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles and
electronic medical data. These guidelines stipulate that all medical practices must ensure that all
necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep
patient data secure.
Which of the following regulations best matches the description? - ANS HIPAA
,A security analyst is performing an audit on the network to determine if there are any deviations from
the security policies in place. The analyst discovers that a user from the IT department had a dial-out
modem installed. Which is security policy it must the security analyst check to see if dial-out modems
are allowed? - ANS Remote access policy
An enterprise recently moved to a new office in the new neighborhood is a little risky. The CEO wants to
monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?
- ANS Install a CCTV with cameras pointing to the entrance doors and the street
Which of the following security policies define the use of VPN for gaining access to an internal corporate
network? - ANS Remote access policy
A newly discovered flaw in a software application would be considered which kind of security
vulnerability? - ANS 0-day vulnerability
It has been reported to you that someone has caused an information spillage on their computer. You go
to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down.
What step in incident handling did you just complete? - ANS Containment
What network security concept requires multiple layers of security controls to be placed through out an
IT infrastructure, which improves the security posture of an organization to defend against malicious
attacks or potential vulnerabilities? - ANS Defense in depth
Which type of security feature stops vehicles from crashing through the doors of a building? - ANS
Bollards
Seth is starting a penetration test from inside the network. He hasn't been given any information about
the network. What type of test is he conducting? - ANS Internal, Blackbox
What is the role of test automation in security testing - ANS It can accelerate benchmark tests and
repeat them with a consistent test setup. But it cannot replace manual testing completely.
, Which of the following is a command line packet analyzer similar to GUI-based Wireshark - ANS
tcpdump
In Risk Management, how is the term "likelihood" related to the concept of "threat - ANS Likelihood is
the probability that a threat-source will exploit a vulnerability
WPA2 uses AES for wireless data encryption at which of the following encryption levels - ANS 128 bit
and CCMP
Which of the following can the administrator do to verify that a tape backup can be recovered in its
entirety? - ANS Perform a full restore
An unauthorized individual enters a building following an employee through the employee entrance
after the
lunch rush. What type of breach has the individual just performed? - ANS Tailgating
You are a security officer of a company. You had an alert from IDS that indicate one PC on your Intranet
connected to a blacklisted IP address(C2 Server) on the Internet. The IP address was blacklisted just
before of
the alert. You are starting investigation to know the severity of situation roughly. Which of the following
is
appropriate to analyze? - ANS Internet Firewall/Proxy log
Code injection is a form of attack in which a malicious user: - ANS Inserts text into a data field that gets
interpreted as code.
In which of the following cryptography attack methods, attacker makes a series of interactive queries,
choosing
