Master the CEH-001 Certified Ethical Hacker (CEH) content and be ready for exam day success quickly with this Exambible CEH-001 torrent. We guarantee it!We make it a reality and give you real CEH-001 questions in our GAQM CEH-001 braindumps.Latest 100% VALID GAQM CEH-001 Exam Questions Dumps at below page. You can use our GAQM CEH-001 braindumps and pass your exam.
Q301. - (Topic 7)
Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never
notice that Eric is relaying the information between the two. What would you call this attack?
A. Interceptor
B. Man-in-the-middle
C. ARP Proxy
D. Poisoning Attack
Answer: B
Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised.
Q302. - (Topic 1)
Ursula is a college student at a University in Amsterdam. Ursula originally went to college to study engineering but later changed to marine biology after spending a month at sea with her friends. These friends frequently go out to sea to follow and harass fishing fleets that illegally fish in foreign waters. Ursula eventually wants to put companies practicing illegal fishing out of business. Ursula decides to hack into the parent company's computers and destroy critical data knowing fully well that, if caught, she probably would be sent to jail for a very long time. What would Ursula be considered?
A. Ursula would be considered a gray hat since she is performing an act against illegal activities.
B. She would be considered a suicide hacker.
C. She would be called a cracker.
D. Ursula would be considered a black hat.
Answer: B
Q303. - (Topic 7)
What tool can crack Windows SMB passwords simply by listening to network traffic? Select the best answer.
A. This is not possible
B. Netbus
C. NTFSDOS
D. L0phtcrack
Answer: D
Explanation: Explanations:
This is possible with a SMB packet capture module for L0phtcrack and a known weaknesses in the LM hash algorithm.
Q304. - (Topic 5)
A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.)
A. ARP spoofing
B. MAC duplication
C. MAC flooding
D. SYN flood
E. Reverse smurf attack
F. ARP broadcasting
Answer: A,B,C
Q305. - (Topic 2)
File extensions provide information regarding the underlying server technology. Attackers can use this information to search vulnerabilities and launch attacks. How would you disable file extensions in Apache servers?
A. Use disable-eXchange
B. Use mod_negotiation
C. Use Stop_Files
D. Use Lib_exchanges
Answer: B
Q306. - (Topic 7)
In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.
If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?
A. Full Blown
B. Thorough
C. Hybrid
D. BruteDics
Answer: C
Explanation: A combination of Brute force and Dictionary attack is called a Hybrid attack or Hybrid dictionary attack.
Q307. - (Topic 3)
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?
A. nessus +
B. nessus *s
C. nessus &
D. nessus -d
Answer: C
Q308. - (Topic 3)
Which tool would be used to collect wireless packet data?
A. NetStumbler
B. John the Ripper
C. Nessus
D. Netcat
Answer: A
Q309. - (Topic 8)
When referring to the Domain Name Service, what is denoted by a ‘zone’?
A. It is the first domain that belongs to a company.
B. It is a collection of resource records.
C. It is the first resource record type in the SOA.
D. It is a collection of domains.
Answer: B
Explanation: A reasonable definition of a zone would be a portion of the DNS namespace where responsibility has been delegated.
Q310. - (Topic 8)
The following exploit code is extracted from what kind of attack?
A. Remote password cracking attack
B. SQL Injection
C. Distributed Denial of Service
D. Cross Site Scripting
E. Buffer Overflow
Answer: E
Explanation:
This is a buffer overflow with it’s payload in hex format.
Q311. - (Topic 4)
A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.
The engineer receives this output:
HTTP/1.1 200 OK
Server: Microsoft-IIS/6
Expires: Tue, 17 Jan 2011 01:41:33 GMT
DatE. Mon, 16 Jan 2011 01:41:33 GMT
Content-TypE. text/html Accept-Ranges: bytes
Last-ModifieD. Wed, 28 Dec 2010 15:32:21 GMT
ETaG. "b0aac0542e25c31:89d" Content-Length: 7369
Which of the following is an example of what the engineer performed?
A. Cross-site scripting
B. Banner grabbing
C. SQL injection
D. Whois database query
Answer: B
Q312. - (Topic 3)
Blake is in charge of securing all 20 of his company's servers. He has enabled hardware and software firewalls, hardened the operating systems, and disabled all unnecessary services on all the servers. Unfortunately, there is proprietary AS400 emulation software that must run on one of the servers that requires the telnet service to function properly. Blake is especially concerned about this since telnet can be a very large security risk in an organization. Blake is concerned about how this particular server might look to an outside attacker so he decides to perform some footprinting, scanning, and penetration tests on the server. Blake telnets into the server using Port 80 and types in the following command:
HEAD / HTTP/1.0
After pressing enter twice, Blake gets the following results: What has Blake just accomplished?
A. Downloaded a file to his local computer
B. Submitted a remote command to crash the server
C. Poisoned the local DNS cache of the server
D. Grabbed the Operating System banner
Answer: D
Q313. - (Topic 4)
Which of the following is an example of IP spoofing?
A. SQL injections
B. Man-in-the-middle
C. Cross-site scripting
D. ARP poisoning
Answer: B
Q314. - (Topic 8)
You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:
A. Sending a mail message to a valid address on the target network, and examining the header information generated by the IMAP servers
B. Examining the SMTP header information generated by using the –mx command parameter of DIG
C. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address
D. Sending a mail message to an invalid address on the target network, and examining the header information generated by the POP servers
Answer: C
Q315. - (Topic 7)
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?
A. There is no way to tell because a hash cannot be reversed
B. The right most portion of the hash is always the same
C. The hash always starts with AB923D
D. The left most portion of the hash is always the same
E. A portion of the hash will be all 0's
Answer: B
Explanation: When looking at an extracted LM hash, you will sometimes observe that the right most portion is always the same. This is padding that has been added to a password that is less than 8 characters long.