Walker Ch 1
Your company has a doc that spells out exactly what employees are aloud to do on their computer system. It also defines what is prohibited and what consequences await those who break the rules. A copy of this doc is signed by all employees prior to their network access. Which of the following best describes this policy? A. information security policy b. special access policy c. information audit policy d. network connections policy
A. information security policy
Which of the following would be the best example of a deterrent control? a. A log aggregation system b. Hidden cameras onsite c. A guard posted outside the door d. Backup recovery systems
C. a guard posted outside the door
Enacted in 2002, this US law requires every federal agency to implement info sec programs, including significan reporting on compliance and accreditation. Which of the following is the best choice for this definition? a. FISMA b. HIPPA c. NIST 800-53 d. OSSTM
a. FISMA
A CEH has no knowledge of the network and has to define boundaries, nondisclosure agreements, and completion date. Which of the following is a true statement? a. a white hat is attempting a black-box test. b. a white hat is attempting a white-box test. c. a black hat is attempting a black-box test. d. a black hat is attempting a grey-box test.
a. a white hat is attempting a black-box test.
The purchase price for each system is $1200. Administrators earn $50 an hour. It takes 5 hours to replace a machine. 5 employees earning $25 an hour depend on each system and wont be productive while it's down. What is an ALE on these devices? a. $2075 b. $207.50 c. $120 d. $1200
b. $207.50
Which of the following best describes an effort to identify systems that are critical for continuation of operation for the organization? a. BCP b. BIA C. MTD D. DRP
b. BIA Business Impact Analysis
A member of a pen test team is hired to test a bank's security. She searches for IP addresses the bank may own by searing public records on the internet. She also looks up news articles and job posts to discover info that may be valuable. in what phase of the pen test is sally working? a. preparation b. assessment c. conclusion d. reconnaissance
b. assessment
In which state of an ethical hack would the attacker actively apply tools and techniques to gather more in depth information on the targets? a. active reconnaissance b. scanning and enumeration c. gaining access d. passive reconnaissance
b. scanning and enumeration
Joe will be laid off soon. joe plants viruses and sets about destroying data and settings throughout the network, with no regard to being caught. what type of hacker is joe? a. hacktivist b. suicide hacker c. black hat d. script kiddie
b. suicide hacker
Which type of attack is generally conducted as an inside attacker with elevated privileges on the resources? a. gray box b. white box. c. black box d. active reconnaissance
b. white box.
Elements of security include confidentiality, integrity, and availability. Which technique provides for integrity? a. encryption b. ups c. hashing d. passwords
c. hashing
When an attack by a hacker is politically motivated, the hacker is said to be participating in which of the following? a. black-hate hacking b. grey-box attacks c. gray-hat attacks d. hacktivist
d. hacktivist
2 hackers attempt to crack network resource security. One is considered an ethical hacker, whereas the other is not. What distinguishes the ethical hacker from the "cracker"? a. the cracker always attempts white-box testing b. the ethical hacker always attempts black-box testing. c. the cracker posts results to the internet. d. the ethical hacker always obtains written permission before testing
d. the ethical hacker always obtains written permission before testing
Which of the following common criteria process refers to the system of product being tested? a. st b. pp c. eal d. toe
d. toe