Month End Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CPEH-001 Exam Dumps - GAQM Information Systems Security Questions and Answers

Question # 104

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Options:

A.

Nikto

B.

Snort

C.

John the Ripper

D.

Dsniff

Buy Now
Question # 105

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

Options:

A.

Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

B.

To get messaging programs to function with this algorithm requires complex configurations.

C.

It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.

D.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Buy Now
Question # 106

Which of the following guidelines or standards is associated with the credit card industry?

Options:

A.

Control Objectives for Information and Related Technology (COBIT)

B.

Sarbanes-Oxley Act (SOX)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Payment Card Industry Data Security Standards (PCI DSS)

Buy Now
Question # 107

Which of the following is an example of IP spoofing?

Options:

A.

SQL injections

B.

Man-in-the-middle

C.

Cross-site scripting

D.

ARP poisoning

Buy Now
Question # 108

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

Options:

A.

Maltego

B.

Cain & Abel

C.

Metasploit

D.

Wireshark

Buy Now
Question # 109

If the final set of security controls does not eliminate all risk in a system, what could be done next?

Options:

A.

Continue to apply controls until there is zero risk.

B.

Ignore any remaining risk.

C.

If the residual risk is low enough, it can be accepted.

D.

Remove current controls since they are not completely effective.

Buy Now
Question # 110

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

Options:

A.

Proper testing

B.

Secure coding principles

C.

Systems security and architecture review

D.

Analysis of interrupts within the software

Buy Now
Question # 111

What is the purpose of a demilitarized zone on a network?

Options:

A.

To scan all traffic coming through the DMZ to the internal network

B.

To only provide direct access to the nodes within the DMZ and protect the network behind it

C.

To provide a place to put the honeypot

D.

To contain the network devices you wish to protect

Buy Now
Question # 112

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

Options:

A.

ICMP Echo scanning

B.

SYN/FIN scanning using IP fragments

C.

ACK flag probe scanning

D.

IPID scanning

Buy Now
Question # 113

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing?

Options:

A.

Install DNS logger and track vulnerable packets

B.

Disable DNS timeouts

C.

Install DNS Anti-spoofing

D.

Disable DNS Zone Transfer

Buy Now
Exam Code: CPEH-001
Exam Name: Certified Professional Ethical Hacker (CPEH)
Last Update: Jan 31, 2025
Questions: 736
CPEH-001 pdf

CPEH-001 PDF

$25.5  $84.99
 Add to Cart
CPEH-001 Engine

CPEH-001 Testing Engine

$28.5  $94.99
 Add to Cart
CPEH-001 PDF + Engine

CPEH-001 PDF + Testing Engine

$40.5  $134.99
 Add to Cart