Pass the GAQM Information Systems Security CPEH-001 Questions and answers with CertsForce

Certificate authority

Validation authority

Registration authority

Verification authority

It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.

If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.

Hashing is faster compared to more traditional encryption algorithms.

Passwords stored using hashes are non-reversible, making finding the password much more difficult.

An extensible security framework named COBIT

A list of flaws and how to fix them

Web application patches

A security certification for hardened web applications

Unplug the network connection on the company’s web server.

Determine the origin of the attack and launch a counterattack.

Record as much information as possible from the attack.

Perform a system restart on the company’s web server.

Key registry

Recovery agent

Directory

Key escrow

Public key

Private key

Modulus length

Email server certificate

Public-key cryptosystems are faster than symmetric-key cryptosystems.

Public-key cryptosystems distribute public-keys within digital signatures.

Public-key cryptosystems do not require a secure key distribution channel.

Public-key cryptosystems do not provide technical non-repudiation via digital signatures.

Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

Employers use informal verbal communication channels to explain employee monitoring activities to employees.

Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Regulatory compliance

Peer review

Change management

Penetration testing

Ignore the problem completely and let someone else deal with it.

Create a document that will crash the computer when opened and send it to friends.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Timing options to slow the speed that the port scan is conducted

Fingerprinting to identify which operating systems are running on the network

ICMP ping sweep to determine which hosts on the network are not available

Traceroute to control the path of the packets sent during the scan

RSA 1024 bit strength

AES 1024 bit strength

RSA 512 bit strength

AES 512 bit strength

guidelines and practices for security controls.

financial soundness and business viability metrics.

standard best practice for configuration management.

contract agreement writing standards.

WebBugs

WebGoat

VULN_HTML

WebScarab

Say nothing and continue with the security testing.

Stop work immediately and contact the authorities.

Delete the pornography, say nothing, and continue security testing.

Bring the discovery to the financial organization's human resource department.