Your success in GAQM CEH-001 is our sole target and we develop all our CEH-001 braindumps in a way that facilitates the attainment of this target. Not only is our CEH-001 study material the best you can find, it is also the most detailed and the most updated. CEH-001 Practice Exams for GAQM CEH-001 are written to the highest standards of technical accuracy.
Q211. - (Topic 2)
This TCP flag instructs the sending system to transmit all buffered data immediately.
A. SYN
B. RST
C. PSH
D. URG
E. FIN
Answer: C
Q212. - (Topic 1)
Steven the hacker realizes the network administrator of Acme Corporation is using syskey in Windows 2008 Server to protect his resources in the organization. Syskey independently encrypts the hashes so that physical access to the server, tapes, or ERDs is only first step to cracking the passwords. Steven must break through the encryption used by syskey before he can attempt to use brute force dictionary attacks on the hashes. Steven runs a program called "SysCracker" targeting the Windows 2008 Server machine in attempting to crack the hash used by Syskey. He needs to configure the encryption level before he can launch the attack. How many bits does Syskey use for encryption?
A. 40-bit encryption
B. 128-bit encryption
C. 256-bit encryption
D. 64-bit encryption
Answer: B
Q213. - (Topic 6)
Exhibit
Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session.
What does the first and second column mean? Select two.
A. The first column reports the sequence number
B. The second column reports the difference between the current and last sequence number
C. The second column reports the next sequence number
D. The first column reports the difference between current and last sequence number
Answer: A,B
Q214. - (Topic 2)
A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation
and/or execution, but in addition to the expected function steals information or harms the system.
The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today's end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software.
What is Rogue security software?
A. A flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites
B. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software.
C. Rogue security software is based on social engineering technique in which the attackers lures victim to visit spear phishing websites
D. This software disables firewalls and establishes reverse connecting tunnel between the victim's machine and that of the attacker
Answer: B
Q215. - (Topic 1)
You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assessments to protect the company's network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached cell phone 3G modem to his telephone line and workstation. He has used this cell phone 3G modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation?
A. Reconfigure the firewall
B. Enforce the corporate security policy
C. Install a network-based IDS
D. Conduct a needs analysis
Answer: B
Q216. - (Topic 8)
You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe.
What caused this?
A. The Morris worm
B. The PIF virus
C. Trinoo
D. Nimda
E. Code Red
F. Ping of Death
Answer: D
Explanation: The Nimda worm modifies all web content files it finds. As a result, any user browsing web content on the system, whether via the file system or via a web server, may download a copy of the worm. Some browsers may automatically execute the downloaded copy, thereby, infecting the browsing system. The high scanning rate of the Nimda worm may also cause bandwidth denial-of-service conditions on networks with infected machines and allow intruders the ability to execute arbitrary commands within the Local System security context on machines running the unpatched versions of IIS.
Q217. - (Topic 6)
NSLookup is a good tool to use to gain additional information about a target network. What does the following command accomplish?
nslookup
> server <ipaddress>
> set type =any
> ls -d <target.com>
A. Enables DNS spoofing
B. Loads bogus entries into the DNS table
C. Verifies zone security
D. Performs a zone transfer
E. Resets the DNS cache
Answer: D
Explanation: If DNS has not been properly secured, the command sequence displayed above will perform a zone transfer.
Q218. - (Topic 1)
An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be traced back to the source of the problem?
A. Install patches
B. Setup a backdoor
C. Install a zombie for DDOS
D. Cover your tracks
Answer: D
Q219. - (Topic 5)
A botnet can be managed through which of the following?
A. IRC
B. E-Mail
C. Linkedin and Facebook
D. A vulnerable FTP server
Answer: A
Q220. - (Topic 4)
Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?
A. WebBugs
B. WebGoat
C. VULN_HTML
D. WebScarab
Answer: B
Q221. - (Topic 3)
Why attackers use proxy servers?
A. To ensure the exploits used in the attacks always flip reverse vectors
B. Faster bandwidth performance and increase in attack speed
C. Interrupt the remote victim's network traffic and reroute the packets to attackers machine
D. To hide the source IP address so that an attacker can hack without any legal corollary
Answer: D
Q222. - (Topic 5)
Which of the following is a preventive control?
A. Smart card authentication
B. Security policy
C. Audit trail
D. Continuity of operations plan
Answer: A
Q223. - (Topic 8)
What is the key advantage of Session Hijacking?
A. It can be easily done and does not require sophisticated skills.
B. You can take advantage of an authenticated connection.
C. You can successfully predict the sequence number generation.
D. You cannot be traced in case the hijack is detected.
Answer: B
Explanation: As an attacker you don’t have to steal an account and password in order to take advantage of an authenticated connection.
Q224. - (Topic 2)
Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?
A. Yancey would be considered a Suicide Hacker
B. Since he does not care about going to jail, he would be considered a Black Hat
C. Because Yancey works for the company currently; he would be a White Hat
D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing
Answer: A
Q225. - (Topic 4)
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?
A. Locate type=ns
B. Request type=ns
C. Set type=ns
D. Transfer type=ns
Answer: C