Certified Ethical Hacker (CEHv9) Questions and answers
111. A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?
A. Issue new certificates to the web servers from the root certificate authority
B. Move the financial data to another server on the same IP subnet
C. Require all employees to change their passwords immediately
D. Place a front-end web server in a demilitarized zone that only handles external web traffic
112. Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name.
What should be the first step in security testing the client?