Our pass rate is high to 98.9% and the similarity percentage between our CEH-001 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the GAQM CEH-001 exam in just one try? I am currently studying for the GAQM CEH-001 exam. Latest GAQM CEH-001 Test exam practice questions and answers, Try GAQM CEH-001 Brain Dumps First.
Q121. - (Topic 2)
Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to- date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?
A. They are using UDP that is always authorized at the firewall
B. They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended
C. They have been able to compromise the firewall, modify the rules, and give themselves proper access
D. They are using an older version of Internet Explorer that allow them to bypass the proxy server
Answer: B
Q122. - (Topic 7)
ARP poisoning is achieved in steps
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation: The hacker begins by sending a malicious ARP "reply" (for which there was no previous request) to your router, associating his computer's MAC address with your IP Address. Now your router thinks the hacker's computer is your computer. Next, the hacker sends a malicious ARP reply to your computer, associating his MAC Address with the routers IP Address. Now your machine thinks the hacker's computer is your router. The hacker has now used ARP poisoning to accomplish a MitM attack.
Q123. - (Topic 8)
Which are true statements concerning the BugBear and Pretty Park worms? Select the best answers.
A. Both programs use email to do their work.
B. Pretty Park propagates via network shares and email
C. BugBear propagates via network shares and email
D. Pretty Park tries to connect to an IRC server to send your personal passwords.
E. Pretty Park can terminate anti-virus applications that might be running to bypass them.
Answer: A,C,D
Explanation: Explanations: Both Pretty Park and BugBear use email to spread. Pretty Park cannot propagate via network shares, only email. BugBear propagates via network shares and email. It also terminates anti-virus applications and acts as a backdoor server for someone to get into the infected machine. Pretty Park tries to connect to an IRC server to send your personal passwords and all sorts of other information it retrieves from your PC.
Pretty Park cannot terminate anti-virus applications. However, BugBear can terminate AV software so that it can bypass them.
Q124. - (Topic 3)
The SNMP Read-Only Community String is like a password. The string is sent along with each SNMP Get-Request and allows (or denies) access to a device. Most network vendors ship their equipment with a default password of "public". This is the so-called "default public community string". How would you keep intruders from getting sensitive information regarding the network devices using SNMP? (Select 2 answers)
A. Enable SNMPv3 which encrypts username/password authentication
B. Use your company name as the public community string replacing the default 'public'
C. Enable IP filtering to limit access to SNMP device
D. The default configuration provided by device vendors is highly secure and you don't need to change anything
Answer: A,C
Q125. - (Topic 6)
What is the disadvantage of an automated vulnerability assessment tool?
A. Ineffective
B. Slow
C. Prone to false positives
D. Prone to false negatives
E. Noisy
Answer: E
Explanation: Vulnerability assessment tools perform a good analysis of system vulnerabilities; however, they are noisy and will quickly trip IDS systems.
Q126. - (Topic 6)
Which of the following LM hashes represents a password of less than 8 characters?
A. 0182BD0BD4444BF836077A718CCDF409
B. 44EFCE164AB921CQAAD3B435B51404EE
C. BA810DBA98995F1817306D272A9441BB
D. CEC52EB9C8E3455DC2265B23734E0DAC
E. B757BF5C0D87772FAAD3B435B51404EE
F. E52CAC67419A9A224A3B108F3FA6CB6D
Answer: B,E
Explanation: Any password that is shorter than 8 characters will result in the hashing of 7 null bytes, yielding the constant value of 0xAAD3B435B51404EE, hence making it easy to identify short passwords on sight.
Q127. - (Topic 7)
Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)
A. symmetric algorithms
B. asymmetric algorithms
C. hashing algorithms
D. integrity algorithms
Answer: C
Explanation: In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. A hash function takes a long string (or 'message') of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint.
Q128. - (Topic 6)
Name two software tools used for OS guessing? (Choose two.
A. Nmap
B. Snadboy
C. Queso
D. UserInfo
E. NetBus
Answer: A,C
Explanation:
Nmap and Queso are the two best-known OS guessing programs. OS guessing software has the ability to look at peculiarities in the way that each vendor implements the RFC's. These differences are compared with its database of known OS fingerprints. Then a best guess of the OS is provided to the user.
Q129. - (Topic 1)
A rootkit is a collection of tools (programs) that enable administrator-level access to a computer. This program hides itself deep into an operating system for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and may be used to create a hidden directory or folder designed to keep out of view from a user's operating system and security software.
What privilege level does a rootkit require to infect successfully on a Victim's machine?
A. User level privileges
B. Ring 3 Privileges
C. System level privileges
D. Kernel level privileges
Answer: D
Q130. - (Topic 7)
As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? Select the best answers.
A. Use the same machines for DNS and other applications
B. Harden DNS servers
C. Use split-horizon operation for DNS servers
D. Restrict Zone transfers
E. Have subnet diversity between DNS servers
Answer: B,C,D,E
Explanation: Explanations:
A is not a correct answer as it is never recommended to use a DNS server for any other application. Hardening of the DNS servers makes them less vulnerable to attack. It is recommended to split internal and external DNS servers (called split-horizon operation). Zone transfers should only be accepted from authorized DNS servers.
By having DNS servers on different subnets, you may prevent both from going down, even if one of your networks goes down.
Q131. - (Topic 4)
A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?
A. if (billingAddress = 50) {update field} else exit
B. if (billingAddress != 50) {update field} else exit
C. if (billingAddress >= 50) {update field} else exit
D. if (billingAddress <= 50) {update field} else exit
Answer: D
Q132. - (Topic 4)
A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:
Untrust (Internet) – (Remote network = 217.77.88.0/24) DMZ (DMZ) – (11.12.13.0/24)
Trust (Intranet) – (192.168.0.0/24)
The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?
A. Permit 217.77.88.0/24 11.12.13.0/24 RDP 3389
B. Permit 217.77.88.12 11.12.13.50 RDP 3389
C. Permit 217.77.88.12 11.12.13.0/24 RDP 3389
D. Permit 217.77.88.0/24 11.12.13.50 RDP 3389
Answer: B
Q133. - (Topic 8)
Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference?
A. Eric network has been penetrated by a firewall breach
B. The attacker is using the ICMP protocol to have a covert channel
C. Eric has a Wingate package providing FTP redirection on his network
D. Somebody is using SOCKS on the network to communicate through the firewall
Answer: D
Explanation:
Port Description:
SOCKS. SOCKS port, used to support outbound tcp services (FTP, HTTP, etc). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and \bounce\ out to another internal host. Done to either reach a protected internal host or mask true source of attack. Listen for connection attempts to this port -- good sign of port scans, SOCKS-probes, or bounce attacks. Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows attacker to access web sites, etc. that were restricted only to.mil domain hosts.
Q134. - (Topic 8)
Which of the following wireless technologies can be detected by NetStumbler? (Select all that apply)
A. 802.11b
B. 802.11e
C. 802.11a
D. 802.11g
E. 802.11
Answer: A,C,D
Explanation:
If you check the website, cards for all three (A, B, G) are supported. See: http://www.stumbler.net/
Q135. - (Topic 7)
What happens during a SYN flood attack?
A. TCP connection requests floods a target machine is flooded with randomized source address & ports for the TCP ports.
B. A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host’s address as both source and destination, and is using the same port on the target host as both source and destination.
C. A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field.
D. A TCP packet is received with both the SYN and the FIN bits set in the flags field.
Answer: A