We provide real CEH-001 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass GAQM CEH-001 Exam quickly & easily. The CEH-001 PDF type is available for reading and printing. You can print more and practice many times. With the help of our GAQM CEH-001 dumps pdf and vce product and material, you can easily pass the CEH-001 exam.

Q16.  - (Topic 3)

Which of the following are password cracking tools? (Choose three.)

A. BTCrack

B. John the Ripper

C. KerbCrack

D. Nikto

E. Cain and Abel

F. Havij

Answer: B,C,E


Q17.  - (Topic 3)

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

A. SHA-1

B. MD5

C. HAVAL

D. MD4

Answer: A


Q18.  - (Topic 5)

What is the best defense against privilege escalation vulnerability?

A. Patch systems regularly and upgrade interactive login privileges at the system administrator level.

B. Run administrator and applications on least privileges and use a content registry for tracking.

C. Run services with least privileged accounts and implement multi-factor authentication and authorization.

D. Review user roles and administrator privileges for maximum utilization of automation services.

Answer: C


Q19.  - (Topic 2)

Harold works for Jacobson Unlimited in the IT department as the security manager. Harold has created a security policy requiring all employees to use complex 14 character passwords. Unfortunately, the members of management do not want to have to use such long complicated passwords so they tell Harold's boss this new password policy should not apply to them. To comply with the management's wishes, the IT department creates

another Windows domain and moves all the management users to that domain. This new domain has a password policy only requiring 8 characters.

Harold is concerned about having to accommodate the managers, but cannot do anything about it. Harold is also concerned about using LanManager security on his network instead of NTLM or NTLMv2, but the many legacy applications on the network prevent using the more secure NTLM and NTLMv2. Harold pulls the SAM files from the DC's on the original domain and the new domain using Pwdump6.

Harold uses the password cracking software John the Ripper to crack users' passwords to make sure they are strong enough. Harold expects that the users' passwords in the original domain will take much longer to crack than the management's passwords in the new domain. After running the software, Harold discovers that the 14 character passwords only took a short time longer to crack than the 8 character passwords.

Why did the 14 character passwords not take much longer to crack than the 8 character passwords?

A. Harold should have used Dumpsec instead of Pwdump6

B. Harold's dictionary file was not large enough

C. Harold should use LC4 instead of John the Ripper

D. LanManger hashes are broken up into two 7 character fields

Answer: D


Q20.  - (Topic 5)

Fingerprinting VPN firewalls is possible with which of the following tools?

A. Angry IP

B. Nikto

C. Ike-scan

D. Arp-scan

Answer: C


Q21.  - (Topic 8)

Network Intrusion Detection systems can monitor traffic in real time on networks.

Which one of the following techniques can be very effective at avoiding proper detection?

A. Fragmentation of packets.

B. Use of only TCP based protocols.

C. Use of only UDP based protocols.

D. Use of fragmented ICMP traffic only.

Answer: A

Explanation: If the default fragmentation reassembly timeout is set to higher on the client than on the IDS then the it is possible to send an attack in fragments that will never be reassembled in the IDS but they will be reassembled and read on the client computer acting victim.


Q22.  - (Topic 3)

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

A. There is no way to completely block tracerouting into this area

B. Block UDP at the firewall

C. Block TCP at the firewall

D. Block ICMP at the firewall

Answer: A


Q23.  - (Topic 4)

If the final set of security controls does not eliminate all risk in a system, what could be done next?

A. Continue to apply controls until there is zero risk.

B. Ignore any remaining risk.

C. If the residual risk is low enough, it can be accepted.

D. Remove current controls since they are not completely effective.

Answer: C


Q24.  - (Topic 6)

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

A. The packets were sent by a worm spoofing the IP addresses of 47 infected sites

B. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system

C. All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number

D. 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0

Answer: B


Q25.  - (Topic 6)

What are two types of ICMP code used when using the ping command?

A. It uses types 0 and 8.

B. It uses types 13 and 14.

C. It uses types 15 and 17.

D. The ping command does not use ICMP but uses UDP.

Answer: A

Explanation: ICMP Type 0 = Echo Reply, ICMP Type 8 = Echo


Q26.  - (Topic 1)

What does ICMP (type 11, code 0) denote?

A. Source Quench

B. Destination Unreachable

C. Time Exceeded

D. Unknown Type

Answer: C


Q27.  - (Topic 6)

Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Paul notices that when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24Mbps or less. Paul connects to his wireless router's management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop. What is Paul

seeing here?

A. MAC spoofing

B. Macof

C. ARP spoofing

D. DNS spoofing

Answer: A


Q28.  - (Topic 2)

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?

A. Information Audit Policy (IAP)

B. Information Security Policy (ISP)

C. Penetration Testing Policy (PTP)

D. Company Compliance Policy (CCP)

Answer: B


Q29.  - (Topic 4)

Which of the following parameters enables NMAP's operating system detection feature?

A. NMAP -sV

B. NMAP -oS

C. NMAP -sR

D. NMAP -O

Answer: D


Q30.  - (Topic 1)

Consider the following code:

URL:http://www.certified.com/search.pl? text=<script>alert(document.cookie)</script>

If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.

What is the countermeasure against XSS scripting?

A. Create an IP access list and restrict connections based on port number

B. Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts

C. Disable Javascript in IE and Firefox browsers

D. Connect to the server using HTTPS protocol instead of HTTP

Answer: B