Call
whatsapp
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
Cisco Training in Trivandrum, Trinity Technologies

No.1 Training Institute in Kerala

CEH QUESTIONS : PART 63

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

  True positive

True negative

False positive

False negative

SHOW ANSWER

Which Intrusion Detection System is best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network segments?

Network-based intrusion detection system 

Host-based intrusion detection system

 Firewalls

Honeypots

SHOW ANSWER

A penetration test was done at a company. After the test, a report was written and given to the company’s IT authorities. A section from the report is shown below:
• Access List should be written between VLANs.
• Port security should be enabled for the intranet.
• A security solution which filters data packets should be set between intranet (LAN) and DMZ.
• A WAF should be used in front of the web applications.
According to the section from the report, which of the following choice is true?

 

A stateful firewall can be used between intranet (LAN) and DMZ.

MAC Spoof attacks cannot be performed.

There is access control policy between VLANs.

Possibility of SQL Injection attack is eliminated.

SHOW ANSWER

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?

The security breach was a false positive

The attacker altered or erased events from the logs.

The network devices are not all synchronized.

Proper chain of custody was not observed while collecting the logs.

SHOW ANSWER

Which service in a PKI will vouch for the identity of an individual or company?

. KDC

CA

CR

CBC

SHOW ANSWER

What is the difference between the AES and RSA algorithms?

 

Both are asymmetric algorithms, but RSA uses 1024-bit keys.

 RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.

Both are symmetric algorithms, but AES uses 256-bit keys.

AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data.

SHOW ANSWER

Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?

Scalability

Speed

Key distribution

Security

SHOW ANSWER

What is correct about digital signatures?

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

Digital signatures may be used in different documents of the same type.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

Digital signatures are issued once for each user and can be used everywhere until they expire.

SHOW ANSWER

What two conditions must a digital signature meet?

 Must be unique and have special characters.

Has to be legible and neat.

Has to be unforgetable, and has to be authentic.

Has to be the same number of characters as a physical signature and must be unique.

SHOW ANSWER

Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
Basic example to understand how cryptography works is given below:
SECURE (plain text)
+1 (+1 next letter. for example, the letter “”T”” is used for “”S”” to encrypt.)
TFDVSF (encrypted text)
+ = logic => Algorithm
1 = Factor => Key
Which of the following choices true about cryptography?

 

Algorithm is not the secret, key is the secret.

Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.

Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext

Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way  SHOW ANSWER

What is the role of test automation in security testing?

  It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

Test automation is not usable in security due to the complexity of the tests

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies

It is an option but it tends to be very expensive

SHOW ANSWER

Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?

 

Based on XML

Provides a structured model for messaging

Exchanges data between web services

Only compatible with the application protocol HTTP SHOW ANSWER

Seth is starting a penetration test from inside the network. He hasn’t been given any information about the network. What type of test is he conducting?

 

  Internal, Whitebox

Internal, Blackbox

External,Blackbox

External, Whitebox

SHOW ANSWER

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

 

Data tier

Presentation tier

Logic tier

Application Layer

SHOW ANSWER
BACK | NEXT
TRINITY SOFTWARE SOLUTIONS,IInd floor, Radheyam Towers, Gandhari Amman Kovil Road, Pulimood, Trivandrum - 1
0471-2334855 | 2335855 | 9447387064 | 9847003556 info@trinitytechnology.in