312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 11
-
Which of the following is a characteristic of Public Key Infrastructure (PKI)?
- Public-key cryptosystems are faster than symmetric-key cryptosystems.
- Public-key cryptosystems distribute public-keys within digital signatures.
- Public-key cryptosystems do not require a secure key distribution channel.
- Public-key cryptosystems do not provide technical non-repudiation via digital signatures.
-
Which security strategy requires using several, varying methods to protect IT systems against attacks?
- Defense in depth
- Three-way handshake
- Covert channels
- Exponential backoff algorithm
-
SOAP services use which technology to format information?
- SATA
- PCI
- XML
- ISDN
-
Which statement best describes a server type under an N-tier architecture?
- A group of servers at a specific layer
- A single server with a specific role
- A group of servers with a unique role
- A single server at a specific layer
-
If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?
- SDLC process
- Honey pot
- SQL injection
- Trap door
-
A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?
- The gateway is not routing to a public IP address.
- The computer is using an invalid IP address.
- The gateway and the computer are not on the same network.
- The computer is not using a private IP address.
-
Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?
- Ping of death
- SYN flooding
- TCP hijacking
- Smurf attack
-
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network’s IDS?
- Timing options to slow the speed that the port scan is conducted
- Fingerprinting to identify which operating systems are running on the network
- ICMP ping sweep to determine which hosts on the network are not available
- Traceroute to control the path of the packets sent during the scan
-
When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is
- OWASP is for web applications and OSSTMM does not include web applications.
- OSSTMM is gray box testing and OWASP is black box testing.
- OWASP addresses controls and OSSTMM does not.
- OSSTMM addresses controls and OWASP does not.
-
Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?
- WebBugs
- WebGoat
- VULN_HTML
- WebScarab
-
What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
- Legal, performance, audit
- Audit, standards based, regulatory
- Contractual, regulatory, industry
- Legislative, contractual, standards based
-
Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?
- MD5
- SHA-1
- RC4
- MD4
-
Which cipher encrypts the plain text digit (bit or byte) one by one?
- Classical cipher
- Block cipher
- Modern cipher
- Stream cipher
-
Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?
- SHA-1
- MD5
- HAVAL
- MD4
-
Which element of Public Key Infrastructure (PKI) verifies the applicant?
- Certificate authority
- Validation authority
- Registration authority
- Verification authority
-
Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?
- Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security
- Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure
- Registration of critical penetration testing for the Department of Homeland Security and public and private sectors
- Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors
-
How do employers protect assets with security policies pertaining to employee surveillance activities?
- Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.
- Employers use informal verbal communication channels to explain employee monitoring activities to employees.
- Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.
- Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.
-
Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?
- Regulatory compliance
- Peer review
- Change management
- Penetration testing
-
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
- Truecrypt
- Sub7
- Nessus
- Clamwin
-
When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?
- At least once a year and after any significant upgrade or modification
- At least once every three years or after any significant upgrade or modification
- At least twice a year or after any significant upgrade or modification
- At least once every two years and after any significant upgrade or modification