Skip to content
Train & Certify
Certifications
ETHICAL HACKING
Certified Ethical Hacker (C|EH)
C|EH (MASTER)
EXECUTIVE MANAGEMENT
Certified Chief Information Security Officer (C|CISO)
Associate C|CISO
COMPUTER FORENSICS
Computer Hacking Forensic Investigator (C|HFI)
NETWORK SECURITY
Certified Network Defender (C|ND)
ICS/SCADA Cybersecurity
ENCRYPTION
Certified Encryption Specialist (E|CES)
Pen testing
Certified Penetration Testing Professional (C|PENT)
INCIDENT HANDLING
Certified Incident Handler (E|CIH)
Certified Threat Intelligence Analyst (C|TIA)
Certified SOC Analyst (C|SA)
CLOUD SECURITY
Certified Cloud Security Engineer (C|CSE)
DevSecOps
Certified DevSecOps Engineer (E|CDE)
CYBER TECHNICIAN
Certified Cybersecurity Technician (C|CT)
BLOCKCHAIN
Blockchain Developer Certification (B|DC)
Blockchain Fintech Certification (B|FC)
Blockchain Business Leader Certification (B|BLC)
BUSINESS CONTINUITY AND DISASTER RECOVERY
Disaster Recovery Professional (E|DRP)
FUNDAMENTALS
Certified Secure Computer User (C|SCU)
EC-Council Certified Security Specialist (E|CSS)
ESSENTIALS SERIES
Network Defense Essentials (N|DE)
Ethical Hacking Essentials (E|HE)
Digital Forensics Essentials (D|FE)
APPLICATION SECURITY
Certified Application Security Engineer (C|ASE .NET)
Certified Application Security Engineer (C|ASE Java)
Web Application Hacking and Security (W|AHS)
Micro Learning
Python Programming for Beginners
Learn Python Online: From Novice to Pro
Microdegree in Python Security
Microdegree in PHP Security
Identity and Access Management
Linux Fundamentals
Linux-Server Administration
Cybersecurity for Blockchain from Ground Up
Cybersecurity for Business
Email Phishing
Degrees
Graduate Certificate Program
Bachelors of Science in Cyber Security
Masters of Cyber Security
Security Awareness
About
Our Story
Executive Team
Governing Committees
Code Of Ethics
Diversity
Global Awards 2022
Pressroom
Accreditations
Career
Contact Us
Partner With Us
Become a Trainer
Become a Training Partner
Become an Academic Partner
Become a Reseller
Become a Subject Matter Expert
Become an EC-Council Advisory Board Member
Become a Conference Partner
Become a Media Partner
RESOURCES
NICE Framework Mapping
Store
Certified Member Portal
Training Partner Portal
Have a Question
THOUGHT LEADERSHIP
C|EH Hall of Fame 2023
C|EH Hall of Fame 2021-2022
C|CISO Hall of Fame 2023
Success Stories
Cybersecurity Exchange
Ethical Hacking Leaderboard
What is Cybersecurity
GET TRAINING!
C|CISO Assessment
Test Your Skills
"
*
" indicates required fields
Step
1
of
6
- Domain 1
16%
An organization recently implemented a risk management program to measure the risk of IT projects. In which of the following cases would this organization be most willing to accept risk?
*
The organization uses a quantitative process to measure risk.
The organization uses a qualitative process to measure risk.
The organization’s risk tolerance is high.
The organization’s risk tolerance is low.
An organization wants to measure the efficiency and effectiveness of its Information Security Management System (ISMS). Which of the following standards would be used for this purpose?
*
Payment Card Industry Data Security Standards (PCI-DSS)
Control Objectives for Information Technology (COBIT)
International Organization for Standardizations (ISO) 27004
International Organization for Standardizations (ISO) 27005
A global healthcare company needs to protect confidential information. Which of the following is the largest concern to this organization?
*
Compliance with the Payment Card Industry (PCI) regulations
Compliance with privacy laws and regulations for each country where they operate
Conforming to local human resources laws and regulations for each country where they operate
Alignment with International Organization for Standardization (ISO) standards
A global retail company is defining a compliance management program. Which of the following frameworks is most likely to be included in the program?
*
Payment Card Industry Data Security Standards (PCI-DSS)
Information Technology Infrastructure Library (ITIL)
International Organization for Standardization (ISO) standards
National Institute for Standards and Technology (NIST) standards
An organization is implementing a Disaster Recovery and Business Continuity process across the organization. Which of the following would be used to support this effort?
*
International Organization for Standardizations (ISO) 27005
International Organization for Standardizations (ISO) 22301
Information Technology Infrastructure Library (ITIL)
Payment Card Industry Data Security Standards (PCI-DSS)
The Information Technology Infrastructure Library version 3 (ITILv3) leverages which of the following standards for information security risk management?
*
International Organization for Standardization (ISO) 27799
International Organization for Standardization (ISO) 27005
National Institute of Standards and Technology (NIST) Special Publication 800-30
National Institute of Standards and Technology (NIST) Special Publication 800- 124
Sensitive employee data and financial information are exposed through compromised account credentials. What should you do immediately to minimize this threat?
*
Reset passwords for suspected compromised accounts
Educate users about the threat of phishing
Monitor the perimeter firewall for signs of phishing
Contact a reputable security vendor to install an anti-phishing appliance
Which of the following is the most effective technical control for reducing the impact of credential theft?
*
Gaining the trust of your users
Implementing employee monitoring to prevent unauthorized site visits
Deploying multi-factor authentication so accounts are better protected
Resetting passwords every thirty days
What metrics are used to highlight when an organization has a high probability of being susceptible to a risk that exceeds the acceptable risk appetite?
*
Key Performance Indicators (KPI)
Key Risk Indicators (KRI)
Insurance Actuary Tables (IAT)
Risk Assumption Tables (RAT)
Which of the following is the most common consideration when transferring risk to a third party?
*
Capital costs
Selection of a security control vendor
Security consultant fees
Insurance costs
A CISO has a limited budget for security technology purchases and needs to take a tiered approach to security implementations. Which of the following is the best method for meeting the objectives and supporting the organization’s security needs?
*
Immediately complete the easiest actions to demonstrate the need to eliminate budgets
Apply technology against the most critical infrastructure while closely monitoring spending
Install protections on Information technology (IT) assets experiencing the most serious attack attempts
Determine the necessary security program reporting metrics and apply protections according to monthly report results
Which risk analysis method is the most effective for determining the financial impact of risks in an organization?
*
Quantitative risk analysis
Vulnerability scanning
Qualitative risk analysis
Penetration testing
What is the primary purpose of a risk register?
*
Allocate resources
Document and manage risk items
Develop risk assessment schedules
Define risk program requirements
Your company uses an HR self-service portal for employee support, such as providing annual tax documents, changing direct deposit information, and signing up for health benefits. Several employees have complained that they have not received their paychecks this month, but everyone else did. Which of the following is the most likely cause of this?
*
Their financial institutions were compromised before payroll was deposited, and their accounts were emptied.
An accounting glitch skipped their pay accounts during the payroll audit and failed to issue a check.
They failed to submit their timecards after the deadline.
Their company credentials were stolen and used to modify bank routing and account information.
Controlled phishing campaigns:
*
Help you identify the potential to improve your training efforts
Target employees who are not following company policy to reprimand them
Reduce the amount of time that employees read real fraudulent email and therefore prevents their opportunity to be compromised
Should not be conducted because it desensitizes them to real-world threats, hindering their ability to detect phishing attempts
Advanced Persistent Threat is best characterized by which of the following?
*
High volumes of obvious insider activities, such as copying data onto portable storage devices or erasing sensitive information
Creative malicious code insertions into applications and databases using known code vulnerabilities and weaknesses
Continuous flooding of network perimeters with system requests, causing longterm delays and interruptions
Methodical advancement of unauthorized access across systems as valuable assets are discovered using various subtle penetration techniques
Which of the following is the most efficient non-technical solution to prevent social engineering attacks?
*
Email header alerts
Call center recording encryption
Education and awareness programs
Annual wire fraud demonstrations
Which of the following is the best countermeasure to prevent unauthorized database access from Web applications?
*
Removing stored procedures
Input sanitization
Whitelisting
Code library controls
To ensure entry and exit security within a highly sensitive server room, what locking would most likely be used?
*
Access is controlled with an entry badge, cipher lock, and logging
A security guard
Facial recognition by those in the room
Video recording of all who access the area
An access point is implemented to use a Wireless Equivalent Protocol (WEP). When a ciphertext is encrypted with the same key, what authentication method is used?
*
Asynchronous
Shared
Open
None
A CISO is considering a major security technology purchase and needs to understand the capabilities, corporate history, customer feedback, and supportability of a broad range of companies and products. What is the best way to collect this type of information?
*
Use a Response for Proposal (RFP)
Create a business case to communicate expected budget support requirements.
Create a Return on Investment (ROI)
Establish a competitive product review within a lab environment
As CISO for a large corporation, you’ve outsourced your security operations to a 3rd party service provider. Which of the following are the TWO MOST IMPORTANT key performance indicators (KPIs) you would include in your service level agreement (SLA)?
*
Number of attack attempts and analyst availability rates
Incident report times and number of unresolved network attacks
Types of available alerts and several monitored endpoints
Technologies supported and systems that are included
What principle is used when a CISO evaluates controls to satisfy the organization's implementation and management requirements?
*
Least privilege
Leveraging existing technology
Adherence to fiduciary requirements
Alignment to the business
A CISO is required to create an annual security capital expense budget. Which of the following would be included in it?
*
Fractional costs of employees from other business units who are required to periodically perform security duties
Security equipment purchases that are amortized over a longer period than the calendar budget year
Supporting business unit costs, such as legal advisement and auditing support for the program
All labor expenses realized by employees directly assigned to the security organization
A CISO has recently purchased a new web content filtering solution. As part of the business case, he estimated a useful life of 6 years for this technology, at which time it will be replaced. Which of the following best describes this analysis?
*
Technology acquisition life cycle
Capital expense planning
Return on investment
Cost-benefit analysis
First Name
*
Last Name
*
Address
*
Street Address
City
State / Province / Region
ZIP / Postal Code
Afghanistan
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius and Saba
Bosnia and Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cabo Verde
Cambodia
Cameroon
Canada
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos Islands
Colombia
Comoros
Congo
Congo, Democratic Republic of the
Cook Islands
Costa Rica
Croatia
Cuba
Curaçao
Cyprus
Czechia
Côte d'Ivoire
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard Island and McDonald Islands
Holy See
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Democratic People's Republic of
Korea, Republic of
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macao
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestine, State of
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Romania
Russian Federation
Rwanda
Réunion
Saint Barthélemy
Saint Helena, Ascension and Tristan da Cunha
Saint Kitts and Nevis
Saint Lucia
Saint Martin
Saint Pierre and Miquelon
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Sint Maarten
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen
Sweden
Switzerland
Syria Arab Republic
Taiwan
Tajikistan
Tanzania, the United Republic of
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkmenistan
Turks and Caicos Islands
Tuvalu
Türkiye
US Minor Outlying Islands
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
Uruguay
Uzbekistan
Vanuatu
Venezuela
Viet Nam
Virgin Islands, British
Virgin Islands, U.S.
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
Åland Islands
Country
Email
*
Phone
*
Consent
*
*
I agree to the
Terms of Use
and
Privacy Policy
Go to Top
Clear
Search
