Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Certified Ethical Hacker CEH CEH-001 Exam Questions and Answers PDF

Page: 2 / 32
Question 8

This kind of attack will let you assume a users identity at a dynamically generated web page or site:

Options:

A.

SQL Injection

B.

Cross Site Scripting

C.

Session Hijacking

D.

Zone Transfer

Question 9

During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi-million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?

Options:

A.

Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.

B.

Send your attack traffic and look for it to be dropped by the IDS.

C.

Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network.

D.

The sniffing interface cannot be detected.

Question 10

____________ will let you assume a users identity at a dynamically generated web page or site.

Options:

A.

SQL attack

B.

Injection attack

C.

Cross site scripting

D.

The shell attack

E.

Winzapper

Question 11

To scan a host downstream from a security gateway, Firewalking:

Options:

A.

Sends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets

B.

Uses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway

C.

Sends an ICMP ''administratively prohibited'' packet to determine if the gateway will drop the packet without comment.

D.

Assesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway

Page: 2 / 32
Exam Code: CEH-001
Exam Name: Certified Ethical Hacker (CEH)
Last Update: Nov 24, 2024
Questions: 878
CEH-001 pdf

CEH-001 PDF

$25.5  $84.99
CEH-001 Engine

CEH-001 Testing Engine

$28.5  $94.99
CEH-001 PDF + Engine

CEH-001 PDF + Testing Engine

$40.5  $134.99