Thirty Five questions and answers every Ethical Hacker should know.
Click the back button or arrow to return to this page.
1.) What is the focus of a security audit or vulnerability assessment?
A. Locating vulnerabilities
B. Locating threats
C. Enacting threats
D. Exploiting vulnerabilities
2.) What kind of physical access device restricts access to a single individual at any onetime?
B. Perimeter security
C. Security zones
3.) Which is a mechanism for managing digital certificates through a system of trust?
4.) Which protocol is used to create a secure environment in wireless networks?
5.) What exercise is conducted with full knowledge of the target environment?
A. White Box
B. Gray Box
C. Black Box
D. Glass Box
6.) Which technology would establish a network connection between two LANs using the Internet?
7.) Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?
8.) In the key recovery process, which key must be recoverable?
9.) What attack is designed to overload a system or resource taking it offline?
A. SYN Flood
C. Man In The Middle
10.) Which component of an NIDS collects data?
D. Data Source
11.) What is the process of making an operating system secure from attack?
A. Locking Down
12.) The integrity component provides which feature of the CIA triad?
A. Verification that information is accurate
B. Verification that ethics are properly maintained
C. Establishment of clear access control of data
D. Verification that data is kept private and secure
13.) Which mechanism is used by PKI to allow immediate verification of a certificate’s validity?
14.) Which of the following is used to create a VLAN from a physical security perspective?
15.) A user downloads an account.doc a file from a client using IM, and the system starts acting unusual. What is the most likely event that occurred?
A. Your user inadvertently downloaded a macro virus using IM
B. Your user may have downloaded a rootkit
C. Your user may have accidently changed a setting on the system
D. The system is unstable due to the use of IM
16.) Which is used to enable or disable access to a network resource based on attacks that have been detected?
17.) Which of the following provides extra security to an Internet web server?
A. Changing the default port for traffic to 80
B. Changing the default port for traffic to 1019
C. Changing the default port for traffic to 443
D. Changing the default port for traffic to 161
18.) What type of program propagates and spreads itself to other systems without interaction from users?
B. Trojan Horse
C. Logic Bomb
19.) You're at the office and a stranger claims to be a service technician asking about apps, hardware, and other employess. What kind of attack would this be?
A. Social Engineering
B. Access Control
C. Perimeter Screening
D. Behavioral Engineering
20.) Which of the following is a major security problem with FTP?
A. Password files are stored in an unsecure area on disk
B. Memory traces can corrupt file access
C. User IDs and passwords are unencrypted
D. FTP sites are unregistered
21.) Which system would you install to provide detective capabilities within a network?
22.) The process of maintaining the integrity of evidence and ensuring no gaps in possession occur is known as what?
A. Security Investigation
B. Chain of Custody
C. Three As of Investigation
D. Security Policy
23.) What encryption process uses one piece of information as a carrier for another?
24.) Which policy dictates how assets can be used by employees of a company?
A. Security Policy
B. User Policy
C. Use Policy
D. Enforcement Policy
E. Acceptable Use Policy
25.) Which algorithm is an asymmetric encryption protocol?
26.) Which of the following is an example of a hashing algorithm?
27.) Which of the following creates a fixed-length output from a variable-length input?
28.) A retina scan to grant access is an example of what authentication method?
A. Smart Card
29.) Which is referred to as a physical address to a computer system?
30.) What is the process of investigating a computer system for information relating to asecurity incident?
A. Computer Forensics
B. Virus Scanning
C. Security Policy
D. Evidence Gathering
31.) Which protocol should be used in place of Telnet and FTP?
32.) Which of the following is commonly used to create thumb prints for digital certificates?
33.) Granting access to a system based on a factor such as a password is an example of what?
A. Something You Have
B. Something You Know
C. Something You Are
D. Something You Smell
34.) What item is also referred to as a logical address to a computer system?
A. IP Address
B. IPX Address
C. MAC Address
D. SMAC Address
35.) How many bits are in an IPv6 address?
Every CompTIA CEH assessment ask similar questions. As an Ethical Hacker or IT Tech Support person you need to be well versed in each topic.