we provide Highest Quality GAQM CEH-001 practice test which are the best for clearing CEH-001 test, and to get certified by GAQM Certified Ethical Hacker (CEH). The CEH-001 Questions & Answers covers all the knowledge points of the real CEH-001 exam. Crack your GAQM CEH-001 Exam with latest dumps, guaranteed!
Q106. - (Topic 4)
Which of the following guidelines or standards is associated with the credit card industry?
A. Control Objectives for Information and Related Technology (COBIT)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. Payment Card Industry Data Security Standards (PCI DSS)
Answer: D
Q107. - (Topic 6)
An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to match too many signatures hence it cannot reliably be identified:
21 ftp
23 telnet
80 http
443 https
What does this suggest?
A. This is a Windows Domain Controller
B. The host is not firewalled
C. The host is not a Linux or Solaris system
D. The host is not properly patched
Answer: C
Q108. - (Topic 4)
An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?
A. Timing attack
B. Replay attack
C. Memory trade-off attack
D. Chosen plain-text attack
Answer: D
Q109. - (Topic 1)
TCP/IP Session Hijacking is carried out in which OSI layer?
A. Datalink layer
B. Transport layer
C. Network layer
D. Physical layer
Answer: B
Q110. - (Topic 5)
What is the main advantage that a network-based IDS/IPS system has over a host-based solution?
A. They do not use host system resources.
B. They are placed at the boundary, allowing them to inspect all traffic.
C. They are easier to install and configure.
D. They will not interfere with user interfaces.
Answer: A
Q111. - (Topic 8)
Clive is conducting a pen-test and has just port scanned a system on the network. He has identified the operating system as Linux and been able to elicit responses from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as running DNS service. The client confirms these findings and attests to the current availability of the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On typing other commands, he sees only blank spaces or underscores symbols on the screen. What are you most likely to infer from this?
A. The services are protected by TCP wrappers
B. There is a honeypot running on the scanned machine
C. An attacker has replaced the services with trojaned ones
D. This indicates that the telnet and SMTP server have crashed
Answer: A
Explanation: TCP Wrapper is a host-based network ACL system, used to filter network access to Internet protocol services run on (Unix-like) operating systems such as Linux or
BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.
Q112. - (Topic 8)
What type of cookies can be generated while visiting different web sites on the Internet?
A. Permanent and long term cookies.
B. Session and permanent cookies.
C. Session and external cookies.
D. Cookies are all the same, there is no such thing as different type of cookies.
Answer: B
Explanation: There are two types of cookies: a permanent cookie that remains on a visitor's computer for a given time and a session cookie the is temporarily saved in the visitor's computer memory during the time that the visitor is using the Web site. Session cookies disappear when you close your Web browser.
Q113. - (Topic 8)
_____ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at.
A. Mandatory Access Control
B. Authorized Access Control
C. Role-based Access Control
D. Discretionary Access Control
Answer: A
Explanation:
In computer security, mandatory access control (MAC) is a kind of access control, defined by the TCSEC as "a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity."
Q114. - (Topic 6)
Which of the following activities will NOT be considered as passive footprinting?
A. Go through the rubbish to find out any information that might have been discarded.
B. Search on financial site such as Yahoo Financial to identify assets.
C. Scan the range of IP address found in the target DNS database.
D. Perform multiples queries using a search engine.
Answer: C
Explanation: Passive footprinting is a method in which the attacker never makes contact with the target systems. Scanning the range of IP addresses found in the target DNS is considered making contact to the systems behind the IP addresses that is targeted by the scan.
Q115. - (Topic 7)
When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?
A. macof
B. webspy
C. filesnarf
D. nfscopy
Answer: C
Explanation: Filesnarf - sniff files from NFS traffic OPTIONS
-i interface
Specify the interface to listen on.
-v "Versus" mode. Invert thesenseofmatching, to select non-matching files.
Pattern
Specify regular expression for filename matching.
Expression
Specifyatcpdump(8)filter expression to select traffic to sniff.
SEE ALSO
Dsniff, nfsd
Q116. - (Topic 7)
Exhibit:
ettercap –NCLzs --quiet
What does the command in the exhibit do in “Ettercap”?
A. This command will provide you the entire list of hosts in the LAN
B. This command will check if someone is poisoning you and will report its IP.
C. This command will detach from console and log all the collected passwords from the network to a file.
D. This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.
Answer: C
Explanation:
-N = NON interactive mode (without ncurses)
-C = collect all users and passwords
-L = if used with -C (collector) it creates a file with all the password sniffed in the session in the form "YYYYMMDD-collected-pass.log"
-z = start in silent mode (no arp storm on start up)
-s = IP BASED sniffing
--quiet = "demonize" ettercap. Useful if you want to log all data in background.
Q117. - (Topic 3)
One way to defeat a multi-level security solution is to leak data via
A. a bypass regulator.
B. steganography.
C. a covert channel.
D. asymmetric routing.
Answer: C
Q118. - (Topic 6)
Which Windows system tool checks integrity of critical files that has been digitally signed by Microsoft?
A. signverif.exe
B. sigverif.exe
C. msverif.exe
D. verifier.exe
Answer: B
Q119. - (Topic 1)
Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database?
A. Jimmy can submit user input that executes an operating system command to compromise a target system
B. Jimmy can gain control of system to flood the target system with requests, preventing legitimate users from gaining access
C. Jimmy can utilize an incorrect configuration that leads to access with higher-than expected privilege of the database
D. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system
Answer: D
Q120. - (Topic 2)
The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line in the source code that might lead to buffer overflow?
A. 9A.9
B. 17B.17
C. 20C.20
D. 32D.32
E. 35E.35
Answer: B
Topic 3, Volume C
201. - (Topic 3)
What type of port scan is shown below?
A. Idle Scan
B. Windows Scan
C. XMAS Scan
D. SYN Stealth Scan
Answer: C