CEH Final Exam Questions and Answers Already Passed

CEH Final Exam Questions and Answers Already Passed Which of the following would be the best example of a deterrent control? A guard posted outside the door Enacted in 2002, this U.S. law requires every Federal agency to implement information security programs, including significant reporting on compliance and accreditation. Which of the following is the best choice for this definition? FISMA Brad has done some research and determined a certain set of systems on his network fail once every ten years. The purchase price for each of these systems is $1200. Additionally, Brad discovers the administrators on staff, who earn $50 an hour, estimate five hours to replace a machine. Five employees, earning $25 an hour, depend on each system and will be completely unproductive while it is down. If you were to ask Brad for an ALE on these devices, what should he answer with? $207.50 An ethical hacker is hired to test the security of a business network. The CEH is given no prior knowledge of the network and has a specific framework in which to work, defining boundaries, nondisclosure agreements, and the completion date. Which of the following is a true statement? A white hat is attempting a black-box test. When an attack by a hacker is politically motivated, the hacker is said to be participating in which of the following? Hactivism Two hackers attempt to crack a company's network resource security. One is considered an ethical hacker, whereas the other is not. What distinguishes the ethical hacker from the "cracker"? The ethical hacker always obtains written permission before testing. In which stage of an ethical hack would the attacker actively apply tools and techniques to gather more in-depth information on the targets? Scanning and enumeration Which type of attack is generally conducted as an inside attacker with elevated privileges on the resources? White box Which of the following Common Criteria processes refers to the system or product being tested? TOE Your company has a document that spells out exactly what employees are allowed to do on their computer systems. It also defines what is prohibited and what consequences await those who break the rules. A copy of this document is signed by all employees prior to their network access. Which of the following best describes this policy? Information Security Policy Sally is a member of a pen test team newly hired to test a bank's security. She begins searching for IP addresses the bank may own by searching public records on the Internet. She also looks up news articles and job postings to discover information that may be valuable. What phase of the pen test is Sally working? Assessment Joe is a security engineer for a firm. His company downsizes, and Joe discovers he will be laid off within a short amount of time. Joe plants viruses and sets about destroying data and settings throughout the network, with no regard to being caught. Which type of hacker is Joe considered to be? Suicide hacker Elements of security include confidentiality, integrity, and availability. Which technique provides for integrity? Hashing Which of the following best describes an effort to identify systems that are critical for