Certified Ethical Hacker Practice Exam

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

Certified Ethical Hacker Practice Exam - Part V

Volume E

Email *

Write down your name. *

Write down your contact number. *

Q401: What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on? *

1 point

Proper testing

Secure coding principles

Systems security and architecture review

Analysis of interrupts within the software

Q402: Which of the following algorithms provides better protection against brute force attacks by using an a160-bit message digest? *

1 point

MD5

SHA-1

RC4

MD4

Q403: Company A and Company B have just merged and each has its own Public Key Infrastructure(PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company? *

1 point

Poly key exchange

Cross certification

Poly key reference

Cross-site exchange

Q404: What is the best defense against privilege escalation vulnerability? *

1 point

Patch systems regularly and upgrade interactive login privileges at the system administrator level.

Run administrator and applications on least privileges and use a content registry for tracking.

Run services with least privileged accounts and implement multi-factor authentication and authorization.

Review user roles and administrator privileges for maximum utilization of automation services.

Q405: Fingerprinting VPN firewalls is possible with which of the following tools? *

1 point

Angry IP

Nikto

Ike-scan

Arp-scan

Q406: A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration? *

1 point

Reject all invalid email received via SMTP.

Allow full DNS zone transfers.

Remove A records for internal hosts.

Enable null session pipes.

Q407: Which of the following is a primary service of the U.S. Computer Security Incident Response Team(CSIRT)? *

1 point

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Q408: Which of the following is a client-server tool utilized to evade firewall inspection? *

1 point

tcp-over-dns

kismet

nikto

hping

Q409: Which of the following is a symmetric cryptographic standard? *

1 point

DSA

PKI

RSA

3DES

Q410: Which of the following cryptography attack methods is usually performed without the use of a computer? *

1 point

Ciphertext-only attack

Chosen key attack

Rubber hose attack

Rainbow table attack

Clear form

Never submit passwords through Google Forms.

This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy

Forms