Call
whatsapp
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
Cisco Training in Trivandrum, Trinity Technologies

No.1 Training Institute in Kerala

CEH QUESTIONS : PART 60

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

 Regularly test security systems and processes. 

Encrypt transmission of cardholder data across open, public networks. 

Assign a unique ID to each person with computer access. 

Use and regularly update anti-virus software on all systems commonly affected by malware

SHOW ANSWER

Which of the following act requires employer's standard national numbers to identify them on standard transactions?

SOX

HIPAA 

DMCA 

PCI-DSS

SHOW ANSWER

Which of the following is an NMAP script that could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?

http-git 

http-headers 

http enum 

http-methods

SHOW ANSWER

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

 Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer. 

He can send an IP packet with the SYN bit and the source address of his computer. 

Fred can send an IP packet with the ACK bit set to zero and the source address of the switch. 

Fred can send an IP packet to the switch with the ACK bit and the source address of his machine

SHOW ANSWER

What is the process of logging, recording, and resolving events that take place in an organization?

 Incident Management Process 

Security Policy 

Internal Procedure

Metrics

SHOW ANSWER

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

The password file does not contain the passwords themselves. 

He can open it and read the user ids and corresponding passwords. 

The file reveals the passwords to the root user only. 

He cannot read it because it is encrypted. 

SHOW ANSWER

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?

 Set a BIOS password. 

Encrypt the data on the hard drive. 

Use a strong logon password to the operating system. 

Back up everything on the laptop and store the backup in a safe place

SHOW ANSWER

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

 The zombie you are using is not truly idle. 

A stateful inspection firewall is resetting your queries. 

Hping2 cannot be used for idle scanning. 

These ports are actually open on the target system.

SHOW ANSWER

Darius is analysing IDS logs. During the investigation, he noticed that there was nothing suspicious found and an alert was triggered on normal web application traffic. He can mark this alert as:

False-Negative 

False-Positive 

True-Positive 

False-Signature

SHOW ANSWER

What is the proper response for a NULL scan if the port is closed?

SYN 

ACK 

FIN 

PSH 

RST 

No response

SHOW ANSWER

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?

 Injection 

Cross Site Scripting 

Cross Site Request Forgery 

Path disclosure 

SHOW ANSWER

A recent security audit revealed that there were indeed several occasions that the company's network was breached. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

 True Positive 

False Negative

False Positive 

False Positive

SHOW ANSWER

A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location. During a meeting with an outside consultant, the Chief Security Officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the Network Administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis. Which of the following is an issue with the situation?

Segregation of duties 

Undue influence 

Lack of experience 

Inadequate disaster recovery plan

SHOW ANSWER

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security 

Maintenance of the nation's Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure 

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors 

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

SHOW ANSWER
BACK | NEXT
TRINITY SOFTWARE SOLUTIONS,IInd floor, Radheyam Towers, Gandhari Amman Kovil Road, Pulimood, Trivandrum - 1
0471-2334855 | 2335855 | 9447387064 | 9847003556 info@trinitytechnology.in