CEH Exam Prep UPDATED ACTUAL
Exam Questions and CORRECT Answers
The "gray box testing" methodology enforces what kind of restriction?
A. Only the external operation of a system is accessible to the tester.
B. The internal operation of a system is completely known to the tester.
C. The internal operation of a system is only partly accessible to the tester.
D. Only the internal operation of a system is known to the tester. - CORRECT ANSWER- C
The "black box testing" methodology enforces which kind of restriction?
A. Only the internal operation of a system is known to the tester.
B. The internal operation of a system is completely known to the tester.
C. Only the external operation of a system is accessible to the tester.
D. The internal operation of a system is only partly accessible to the tester. - CORRECT
ANSWER- C
Under the "Post-attack Phase and Activities," it is the responsibility of the tester to restore the
systems to a pre-test state.Which of the following activities should not included in this phase?
I. Removing all files uploaded on the system
II. Cleaning all registry entries
III. Mapping of network state
,IV. Removing all tools and maintaining backdoor for reporting
A. III
B. IV
C. III and IV
D. All should be included - CORRECT ANSWER- C
The "white box testing" methodology enforces what kind of restriction?
A. The internal operation of a system is only partly accessible to the tester.
B. Only the external operation of a system is accessible to the tester.
C. Only the internal operation of a system is known to the tester.
D. The internal operation of a system is completely known to the tester. - CORRECT
ANSWER- D
A regional bank hires your company to perform a security assessment on their network after a
recent data
breach. The attacker was able to steal financial data from the bank by compromising only a
single server.
Based on this information, what should be one of your key recommendations to the bank?
A. Place a front-end web server in a demilitarized zone that only handles external web traffic.
B. Move the financial data to another server on the same IP subnet
C. Require all employees to change their passwords immediately
D. Issue new certificates to the web servers from the root certificate authority - CORRECT
ANSWER- A
What is the process of logging, recording, and resolving events that take place in an
organization?
A. Incident Management Process
B. Metrics
C. Internal Procedure
D. Security Policy - CORRECT ANSWER- A
,Nation-state threat actors often discover vulnerabilities and hold on the them until they want to
launch a
sophisticated attack. The Sutxnet attack was an unprecedented style of attack because it used four
types of
vulnerability.
What is this style of attack called?
A. zero-hour
B. no-day
C. zero-day
D. zero-sum - CORRECT ANSWER- C
What is the benefit of performing an unannounced Penetration Testing?
A. It is best to catch critical infrastructure unpatched.
B. The tester will have an actual security posture visibility of the target network.
C. Network security would be in a "best state" posture.
D. The tester could not provide an honest analysis. - CORRECT ANSWER- B
This international organization regulates billions of transactions daily and provides security
guidelines to protect
personally identifiable information (PII). These security controls provide a baseline and prevent
low-level
hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described?
A. International Security Industry Organization (ISIO)
B. Center for Disease Control (CDC)
C. Payment Card Industry (PCI)
D. Institute of Electrical and Electronics Engineers (IEEE) - CORRECT ANSWER- C
, Which of the following incident handling process phases is responsible for defining rules,
collaborating human
workforce, creating a backup plan, and testing plans for an organization?
A. Preparation phase
B. Identification phase
C. Recovery phase
D. Containment phase - CORRECT ANSWER- A
It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles
and electronic
medical data. These guidelines stipulate that all medical practices must ensure that all necessary
measures
are in place while saving, accessing, and sharing any electronic medical data to keep patient data
secure.
Which of the following regulations best matches the description?
A. HIPAA
B. COBIT
C. FISMA
D. ISO/IEC 27002 - CORRECT ANSWER- A
A security analyst is performing an audit on the network to determine if there are any deviations
from the
security policies in place. The analyst discovers that a user from the IT department had a dial-out
modem
installed. Which is security policy it must the security analyst check to see if dial-out modems
are allowed?
A. Firewall management policy
B. Permissive policy
C. Remote access policy
D. Acceptable use policy - CORRECT ANSWER- C
Exam Questions and CORRECT Answers
The "gray box testing" methodology enforces what kind of restriction?
A. Only the external operation of a system is accessible to the tester.
B. The internal operation of a system is completely known to the tester.
C. The internal operation of a system is only partly accessible to the tester.
D. Only the internal operation of a system is known to the tester. - CORRECT ANSWER- C
The "black box testing" methodology enforces which kind of restriction?
A. Only the internal operation of a system is known to the tester.
B. The internal operation of a system is completely known to the tester.
C. Only the external operation of a system is accessible to the tester.
D. The internal operation of a system is only partly accessible to the tester. - CORRECT
ANSWER- C
Under the "Post-attack Phase and Activities," it is the responsibility of the tester to restore the
systems to a pre-test state.Which of the following activities should not included in this phase?
I. Removing all files uploaded on the system
II. Cleaning all registry entries
III. Mapping of network state
,IV. Removing all tools and maintaining backdoor for reporting
A. III
B. IV
C. III and IV
D. All should be included - CORRECT ANSWER- C
The "white box testing" methodology enforces what kind of restriction?
A. The internal operation of a system is only partly accessible to the tester.
B. Only the external operation of a system is accessible to the tester.
C. Only the internal operation of a system is known to the tester.
D. The internal operation of a system is completely known to the tester. - CORRECT
ANSWER- D
A regional bank hires your company to perform a security assessment on their network after a
recent data
breach. The attacker was able to steal financial data from the bank by compromising only a
single server.
Based on this information, what should be one of your key recommendations to the bank?
A. Place a front-end web server in a demilitarized zone that only handles external web traffic.
B. Move the financial data to another server on the same IP subnet
C. Require all employees to change their passwords immediately
D. Issue new certificates to the web servers from the root certificate authority - CORRECT
ANSWER- A
What is the process of logging, recording, and resolving events that take place in an
organization?
A. Incident Management Process
B. Metrics
C. Internal Procedure
D. Security Policy - CORRECT ANSWER- A
,Nation-state threat actors often discover vulnerabilities and hold on the them until they want to
launch a
sophisticated attack. The Sutxnet attack was an unprecedented style of attack because it used four
types of
vulnerability.
What is this style of attack called?
A. zero-hour
B. no-day
C. zero-day
D. zero-sum - CORRECT ANSWER- C
What is the benefit of performing an unannounced Penetration Testing?
A. It is best to catch critical infrastructure unpatched.
B. The tester will have an actual security posture visibility of the target network.
C. Network security would be in a "best state" posture.
D. The tester could not provide an honest analysis. - CORRECT ANSWER- B
This international organization regulates billions of transactions daily and provides security
guidelines to protect
personally identifiable information (PII). These security controls provide a baseline and prevent
low-level
hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described?
A. International Security Industry Organization (ISIO)
B. Center for Disease Control (CDC)
C. Payment Card Industry (PCI)
D. Institute of Electrical and Electronics Engineers (IEEE) - CORRECT ANSWER- C
, Which of the following incident handling process phases is responsible for defining rules,
collaborating human
workforce, creating a backup plan, and testing plans for an organization?
A. Preparation phase
B. Identification phase
C. Recovery phase
D. Containment phase - CORRECT ANSWER- A
It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles
and electronic
medical data. These guidelines stipulate that all medical practices must ensure that all necessary
measures
are in place while saving, accessing, and sharing any electronic medical data to keep patient data
secure.
Which of the following regulations best matches the description?
A. HIPAA
B. COBIT
C. FISMA
D. ISO/IEC 27002 - CORRECT ANSWER- A
A security analyst is performing an audit on the network to determine if there are any deviations
from the
security policies in place. The analyst discovers that a user from the IT department had a dial-out
modem
installed. Which is security policy it must the security analyst check to see if dial-out modems
are allowed?
A. Firewall management policy
B. Permissive policy
C. Remote access policy
D. Acceptable use policy - CORRECT ANSWER- C
