CEH

Answers to Assessment Test xxxvii

17. C. A firewall between a web server and the Internet would enhance security and should
    always be present when exposing this asset to the Internet.


18. D. A worm propagates by seeking out vulnerabilities it was designed to exploit and then
    replicating at an extreme rate.


19. A. In a case like this, an individual showing up and asking to discuss intimate details of an
    environment may be attempting to obtain information for an attack.


20. C. The FTP protocol is not designed to provide encryption, and as such, passwords and
    user IDs or names are not protected as they are with SSH, which uses encryption.


21. A. A network intrusion detection system (NIDS) is installed at the network level and
    detects attacks at that level. Unlike a network-based intrusion prevention system (NIPS), an
    NIDS cannot stop an attack, but it can detect and report the attack to an administrator so
    that appropriate actions can be taken.


22. B. Chain of custody is used in investigations and in the handling of evidence to ensure that
    no gaps in possession occur. Such gaps, if they occurred, could be used to invalidate a case.


23. A. Steganography is used to conceal information inside of other information, thus making
    it difficult to detect.


24. E. Acceptable use policy is an administrative tool used to inform the users of various com-
    pany assets what is and isn’t considered appropriate use of assets.


25. A. RSA is an example of an asymmetric encryption protocol that uses a public and private
    key. The others are examples of symmetric encryption protocols.


26. C. SHA is an example of one type of hashing algorithm that is commonly used today.
    Another example would be MD5.


27. A. MD5 is a hashing algorithm that creates a fixed-length output, as do all hashing algo-
    rithms. This fixed-length output is referred to as a hash or message digest.


28. C. Biometrics is concerned with measuring physical traits and characteristics of a biologi-
    cal organism.


29. A. Media access control (MAC) is a layer 2 construct in the OSI model. The physical
    address is coded into the network adapter itself and is designed to be unique.


30. A. Computer forensics is the process of methodically collecting information relating to a
    security incident or crime.


31. D. SSH is a modern protocol designed to be more secure and safer than protocols such as
    FTP and telnet. As such, the SSH protocol is replacing FTP and telnet in many environ-
    ments.


32. A. MD5 is a hashing algorithm that creates a fixed-length output, referred to as a hash or
    message digest. In the PKI world, SHA and MD5 are the most popular mechanisms for cre-
    ating thumbprints for digital certificates

flast.indd 37 22-07-2014 11:36:27