Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Ethical Hacking > Module 1 Revision Questions > Flashcards

Module 1 Revision Questions Flashcards

1
Q

A security team is implementing various security
controls across the organisation.
After several configurations and applications, a final agreed-on set of security controls is put into place; however, not all risks are mitigated by the controls.
of the following, which is the next best step?

a. Continue applying controls until all risk is eliminated.
b. Ignore any remaining risk as “best effort controlled.”
c. Ensure that any remaining risk is residual or low and accept the risk.
d. Remove all controls

A

C. Ensure that any remaining risk is residual or low and accept the risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A Certified Ethical Hacker (CEH) follows a
specific methodology for testing a system.
Which step comes after footprinting in the CEH
methodology.

A. Scanning

b. Enumeration
c. Reconnaissance
d. Application attack

A

C Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your organisation is planning for the future and
is identifying the systems and processes critical
for their continued operation. Which of the following best describes this effort?

a. BCP
b. BIA
c. DRP
d. ALE

A

a. BIA - Business Impact Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which incident response (IR) phase is responsible for setting rules, identifying the workforce and roles, and creating backup and test plans for the organisation?

a. Preparation
b. Identification
c. Containment
d. Recovery

A

a. Preparation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You’ve been hired as part of a pen test team. During the brief, you learn the client wants the pen test attack to simulate a normal user who finds ways to elevate
privileges and create attacks. Which test type does the client want?

a. White box
b. Gray box
c. Black box
d. Hybrid

A

a. Grey Box - key part is privilege escalation. White box already has this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is defined as ensuring
the enforcement of organisational security policy does not rely on voluntary user compliance by assigning sensitivity labels on information and comparing this to the level of security a user is operating at?

a. Mandatory access control
b. Authorised access control
c. Role-based access control
d. Discretionary access control

A

a. Mandatory access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following statements is true regarding the TCP three-way handshake?

a. The recipient sets the initial sequence number in the second step.
b. The sender sets the initial sequence number in the third step.
c. When accepting the communications request, the recipient responds with an acknowledgement and a randomly generated sequence number in the second step.
d. When accepting the communications request, the recipient responds with an acknowledgement and a randomly generated sequence number in the third step

A

c. When accepting the communications request, the recipient responds with an acknowledgement and a randomly generated sequence number in the second step.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your network contains certain servers that typically fail once every five years. The total cost of one of these servers is $1000. Server technicians are paid $40 per hour, and a typical replacement requires two hours. Ten employees, earning an average of $20 per hour, rely on these servers, and even one of them going down puts the whole group in a wait state until it’s brought back up. Which of the following represents the ARO for a server?

a. $ 296
b. $ 1, 480
c. $ 1,000
d. $ 0.20

A

d. 0.20

as its 1/5 years for failure so 1/5 = 0.2 as a decimal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An ethical hacker is given no prior knowledge of the network and has a specific framework in which to work. The agreement specifies boundaries, nondisclosure agreements, and a completion date definition. Which of the following statements is true?

a. A white hat is attempting a black-box test.
b. A white hat is attempting a white-box test.
c. A black hat is attempting a black-box test.
d. A black hat is attempting a grey-box test.

A

a. A white hat is attempting a black-box test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is a detective control?

a. Audit trail
b. CONOPS
c. Procedure
d. Smartcard authentication
e. Process

A

a. Audit trail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

As part of a pen test on a U.S. government system, you discover files containing Social Security numbers and other sensitive personally identifiable information (PII).
You are asked about controls placed on the dissemination of this information. Which of the following acts should you check?

A. FISMA
B. Privacy Act
C. PATRIOT ACE
D. Freedom of Information Act

A

B. Privacy Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Four terms make up the Common Criteria process. Which of the following contains seven levels used to rate the target?

a. TOE
b. ST
c. PP
d. EAL

A

d. EAL - Evaluation Assurance Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Ethical Hacking (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions