Which of the following is a component of a risk assessment?

• A.Administrative safeguards
• B.Physical security
• C.DMZ
• D.Logical interface

Comment: *

Name: *

Email: *

Verification: *

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security
assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects
both the organization's interest and your liabilities as a tester?

• A.Rules of Engagement
• B.Service Level Agreement
• C.Non-Disclosure Agreement
• D.Project Scope

Comment: *

Name: *

Email: *

Verification: *

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The
TCP XMAS scan is used to identify listening ports on the targeted system.
If a scanned port is open, what happens?

• A.The port will send a SYN.
• B.The port will send an RST.
• C.The port will send an ACK.
• D.The port will ignore the packets.

Comment: *

Name: *

Email: *

Verification: *

Some passwords are stored using specialized encryption algorithms known as hashes.
Why is this an appropriate method?

• A.If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.
• B.Passwords stored using hashes are non-reversible, making finding the password much more difficult.
• C.It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.
• D.Hashing is faster compared to more traditional encryption algorithms.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a restriction being enforced in "white box testing?"

• A.Only the internal operation of a system is known to the tester
• B.The internal operation of a system is completely known to the tester
• C.The internal operation of a system is only partly accessible to the tester
• D.Only the external operation of a system is accessible to the tester

Comment: *

Name: *

Email: *

Verification: *