Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CEH-001 Exam Dumps - GAQM Certified Ethical Hacker CEH Questions and Answers

Question # 94

Which security control role does encryption meet?

Options:

A.

Preventative

B.

Detective

C.

Offensive

D.

Defensive

Buy Now
Question # 95

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

Options:

A.

Injecting parameters into a connection string using semicolons as a separator

B.

Inserting malicious Javascript code into input parameters

C.

Setting a user's session identifier (SID) to an explicit known value

D.

Adding multiple parameters with the same name in HTTP requests

Buy Now
Question # 96

You are the CIO for Avantes Finance International, a global finance company based in Geneva. You are responsible for network functions and logical security throughout the entire corporation. Your company has over 250 servers running Windows Server, 5000 workstations running Windows Vista, and 200 mobile users working from laptops on Windows 7.

Last week, 10 of your company's laptops were stolen from salesmen while at a conference in Amsterdam. These laptops contained proprietary company information. While doing damage assessment on the possible public relations nightmare this may become, a news story leaks about the stolen laptops and also that sensitive information from those computers was posted to a blog online.

What built-in Windows feature could you have implemented to protect the sensitive information on these laptops?

Options:

A.

You should have used 3DES which is built into Windows

B.

If you would have implemented Pretty Good Privacy (PGP) which is built into Windows, the sensitive information on the laptops would not have leaked out

C.

You should have utilized the built-in feature of Distributed File System (DFS) to protect the sensitive information on the laptops

D.

You could have implemented Encrypted File System (EFS) to encrypt the sensitive files on the laptops

Buy Now
Question # 97

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

Options:

A.

The root CA is the recovery agent used to encrypt data when a user's certificate is lost.

B.

The root CA stores the user's hash value for safekeeping.

C.

The CA is the trusted root that issues certificates.

D.

The root CA is used to encrypt email messages to prevent unintended disclosure of data.

Buy Now
Question # 98

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

Options:

A.

Start by foot printing the network and mapping out a plan of attack.

B.

Ask the employer for authorization to perform the work outside the company.

C.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

D.

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

Buy Now
Question # 99

Which of the following encryption is NOT based on block cipher?

Options:

A.

DES

B.

Blowfish

C.

AES (Rijndael)

D.

RC4

Buy Now
Question # 100

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

What is most likely taking place?

Options:

A.

Ping sweep of the 192.168.1.106 network

B.

Remote service brute force attempt

C.

Port scan of 192.168.1.106

D.

Denial of service attack on 192.168.1.106

Buy Now
Question # 101

Which of the following is not an effective countermeasure against replay attacks?

Options:

A.

Digital signatures

B.

Time Stamps

C.

System identification

D.

Sequence numbers

Buy Now
Question # 102

If you perform a port scan with a TCP ACK packet, what should an OPEN port return?

Options:

A.

RST

B.

No Reply

C.

SYN/ACK

D.

FIN

Buy Now
Question # 103

You have been called to investigate a sudden increase in network traffic at XYZ. It seems that the traffic generated was too heavy that normal business functions could no longer be rendered to external employees and clients. After a quick investigation, you find that the computer has services running attached to TFN2k and Trinoo software. What do you think was the most likely cause behind this sudden increase in traffic?

Options:

A.

A distributed denial of service attack.

B.

A network card that was jabbering.

C.

A bad route on the firewall.

D.

Invalid rules entry at the gateway.

Buy Now
Exam Code: CEH-001
Exam Name: Certified Ethical Hacker (CEH)
Last Update: Feb 23, 2025
Questions: 878
CEH-001 pdf

CEH-001 PDF

$25.5  $84.99
 Add to Cart
CEH-001 Engine

CEH-001 Testing Engine

$28.5  $94.99
 Add to Cart
CEH-001 PDF + Engine

CEH-001 PDF + Testing Engine

$40.5  $134.99
 Add to Cart