CEH v10 Chapters 1-6 Q&A | Questions And Answers Latest {2024- 2025} A+ Graded |
100% Verified
What are the three main tenets of security?
a. Confidentiality, integrity, and availability
b. Authorization, authentication, and accountability
c. Deter, delay, and detect
d. Acquire, authenticate, and analyze - a. Confidentiality, integrity, and availability
Which of the following laws pertains to accountability for public companies relating to financial
information?
a. FISMA
b. SOX
c. 18 U.S.C. 1029
d. 18 U.S.C. 1030 3 - b. SOX
Which type of testing occurs when individuals know the entire layout of the network?
a. Black box
b. Gray box
c. White box
d. Blind testing - c. White box
Which type of testing occurs when you have no knowledge of the network?
a. Black box
b. Gray box
c. White box
d. Blind testing - a. Black box
,Which form of testing occurs when insiders are not informed of the pending test?
a. Black box
b. Gray box
c. White box
d. Blind testing - d. Blind testing
How is ethical hacking different from hacking?
a. Ethical hackers never launch exploits.
b. Ethical hackers have signed written permission.
c. Ethical hackers act with malice.
d. Ethical hackers have verbal permission. - b. Ethical hackers have signed written permission.
Which type of hacker is considered a good guy?
a. White hat
b. Gray hat
c. Black hat
d. Suicide hacker - a. White hat
Which type of hacker is considered unethical?
a. White hat
b. Gray hat
c. Black hat
d. Brown hat - c. Black hat
Which type of hacker will carry out an attack even if the result could be a very long prison term?
a. White hat
b. Gray hat
c. Black hat
d. Suicide hacker - d. Suicide hacker
, Which type of hacker performs both ethical and unethical activities?
a. White hat
b. Gray hat
c. Black hat
d. Suicide hacker - b. Gray hat
You have been asked to perform a penetration test for a local company. You have had several meetings
with the client and are now almost ready to begin the assessment. Which of the following is the
document that would contain verbiage which describes what type of testing is allowed and when you
will perform testing and limits your liabilities as a penetration tester?
a. Nondisclosure agreement
b. Rules of engagement
c. Service-level agreement
d. Project scope - B. The rules of engagement define what the penetration testing company can or
cannot do. It lists the specific actions that are allowable.
Which of the following addresses the secrecy and privacy of information?
a. Integrity
b. Confidentiality
c. Availability
d. Authentication - B. Confidentiality addresses the secrecy and privacy of information. Physical
examples of confidentiality include locked doors, armed guards, and fences. Logical examples of
confidentiality include passwords, encryption, and firewalls.
You are part of a pen testing team that has been asked to assess the risk of an online service.
Management is concerned as to what the cost would be if there was an outage and how frequent these
outages might be. Your objective is to determine whether there should be additional countermeasures.
Given the following variables, which of the following amounts is the resulting annualized loss expectancy
(ALE)? Single loss expectancy = $ 2,500 Exposure factor = .9 Annual rate of occurrence = .4 Residual risk
= $ 300
a. $ 960
b. $ 120
100% Verified
What are the three main tenets of security?
a. Confidentiality, integrity, and availability
b. Authorization, authentication, and accountability
c. Deter, delay, and detect
d. Acquire, authenticate, and analyze - a. Confidentiality, integrity, and availability
Which of the following laws pertains to accountability for public companies relating to financial
information?
a. FISMA
b. SOX
c. 18 U.S.C. 1029
d. 18 U.S.C. 1030 3 - b. SOX
Which type of testing occurs when individuals know the entire layout of the network?
a. Black box
b. Gray box
c. White box
d. Blind testing - c. White box
Which type of testing occurs when you have no knowledge of the network?
a. Black box
b. Gray box
c. White box
d. Blind testing - a. Black box
,Which form of testing occurs when insiders are not informed of the pending test?
a. Black box
b. Gray box
c. White box
d. Blind testing - d. Blind testing
How is ethical hacking different from hacking?
a. Ethical hackers never launch exploits.
b. Ethical hackers have signed written permission.
c. Ethical hackers act with malice.
d. Ethical hackers have verbal permission. - b. Ethical hackers have signed written permission.
Which type of hacker is considered a good guy?
a. White hat
b. Gray hat
c. Black hat
d. Suicide hacker - a. White hat
Which type of hacker is considered unethical?
a. White hat
b. Gray hat
c. Black hat
d. Brown hat - c. Black hat
Which type of hacker will carry out an attack even if the result could be a very long prison term?
a. White hat
b. Gray hat
c. Black hat
d. Suicide hacker - d. Suicide hacker
, Which type of hacker performs both ethical and unethical activities?
a. White hat
b. Gray hat
c. Black hat
d. Suicide hacker - b. Gray hat
You have been asked to perform a penetration test for a local company. You have had several meetings
with the client and are now almost ready to begin the assessment. Which of the following is the
document that would contain verbiage which describes what type of testing is allowed and when you
will perform testing and limits your liabilities as a penetration tester?
a. Nondisclosure agreement
b. Rules of engagement
c. Service-level agreement
d. Project scope - B. The rules of engagement define what the penetration testing company can or
cannot do. It lists the specific actions that are allowable.
Which of the following addresses the secrecy and privacy of information?
a. Integrity
b. Confidentiality
c. Availability
d. Authentication - B. Confidentiality addresses the secrecy and privacy of information. Physical
examples of confidentiality include locked doors, armed guards, and fences. Logical examples of
confidentiality include passwords, encryption, and firewalls.
You are part of a pen testing team that has been asked to assess the risk of an online service.
Management is concerned as to what the cost would be if there was an outage and how frequent these
outages might be. Your objective is to determine whether there should be additional countermeasures.
Given the following variables, which of the following amounts is the resulting annualized loss expectancy
(ALE)? Single loss expectancy = $ 2,500 Exposure factor = .9 Annual rate of occurrence = .4 Residual risk
= $ 300
a. $ 960
b. $ 120
