Call
whatsapp
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
Cisco Training in Trivandrum, Trinity Technologies

No.1 Training Institute in Kerala

CEH QUESTIONS : PART 45

Cross-site request forgery involves:

 A request sent by a malicious user from a browser to a server 

Modification of a request by a proxy between client and server 

 A browser making a request to a server without the user's knowledge 

A server making a request to another server without the user's knowledge

SHOW ANSWER

Which regulation defines security and privacy controls for Federal information systems and organizations?

NIST-800-53

PCI-DSS

EU Safe Harbor 

HIPAA

SHOW ANSWER

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

Start by foot printing the network and mapping out a plan of attack. 

Ask the employer for authorization to perform the work outside the company. 

Begin the reconnaissance phase with passive information gathering and then move into active information gathering. 

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

SHOW ANSWER

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

Heuristic Analysis 

Code Emulation 

Integrity checking 

Scanning

SHOW ANSWER

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

Authentication 

Confidentiality 

Integrity 

Non-Repudiation

SHOW ANSWER

Which type of scan is used on the eye to measure the layer of blood vessels?

Facial recognition scan 

Retinal scan 

Iris scan 

Signature kinetics scan

SHOW ANSWER

A new wireless client that is 802.11 compliant cannot connect to a wireless network given that the client can see the network and it has compatible hardware and software installed. Upon further tests and investigation, it was found out that the Wireless Access Point (WAP) was not responding to the association requests being sent by the wireless client. What MOST likely is the issue on this scenario?

The client cannot see the SSID of the wireless network 

The WAP does not recognize the client's MAC address. 

The wireless client is not configured to use DHCP. 

Client is configured for the wrong channel

SHOW ANSWER

Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three.)

 Converts passwords to uppercase. 

Hashes are sent in clear text over the network. 

Makes use of only 32-bit encryption. 

Effective length is 7 characters. 

SHOW ANSWER

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Certificate authority 

Validation authority 

Registration authority 

Verification authority

SHOW ANSWER

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

symmetric algorithms 

asymmetric algorithms 

hashing algorithms 

integrity algorithms

SHOW ANSWER

It is a widely used standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. This protocol is specifically designed for transporting event messages. Which of the following is being described?

 SNMP 

ICMP 

SYSLOG 

SMS

SHOW ANSWER

When tuning security alerts, what is the best approach?

Tune to avoid False positives and False Negatives 

Rise False positives Rise False Negatives 

Decrease the false positives 

Decrease False negatives

SHOW ANSWER

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail. 

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography. 

Symmetric encryption allows the server to securely transmit the session keys out-of-band. 

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

SHOW ANSWER

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

 Input validation flaw 

HTTP header injection vulnerability 

0-day vulnerability 

Time-to-check to time-to-use flaw

SHOW ANSWER
BACK | NEXT
TRINITY SOFTWARE SOLUTIONS,IInd floor, Radheyam Towers, Gandhari Amman Kovil Road, Pulimood, Trivandrum - 1
0471-2334855 | 2335855 | 9447387064 | 9847003556 info@trinitytechnology.in