New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Complete CEH-001 GAQM Materials

Page: 12 / 32
Question 48

Google uses a unique cookie for each browser used by an individual user on a computer. This cookie contains information that allows Google to identify records about that user on its database. This cookie is submitted every time a user launches a Google search, visits a site using AdSense etc. The information stored in Google's database, identified by the cookie, includes

  • Everything you search for using Google
  • Every web page you visit that has Google Adsense ads

How would you prevent Google from storing your search keywords?

Options:

A.

Block Google Cookie by applying Privacy and Security settings in your web browser

B.

Disable the Google cookie using Google Advanced Search settings on Google Search page

C.

Do not use Google but use another search engine Bing which will not collect and store your search keywords

D.

Use MAC OS X instead of Windows 7. Mac OS has higher level of privacy controls by default.

Question 49

Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is invalid on the server. Why do you think this is possible?

Options:

A.

It works because encryption is performed at the application layer (single encryption key)

B.

The scenario is invalid as a secure cookie cannot be replayed

C.

It works because encryption is performed at the network layer (layer 1 encryption)

D.

Any cookie can be replayed irrespective of the session status

Question 50

A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service.

Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus.

Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments.

Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail.

How do you ensure if the e-mail is authentic and sent from fedex.com?

Options:

A.

Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all

B.

Check the Sender ID against the National Spam Database (NSD)

C.

Fake mail will have spelling/grammatical errors

D.

Fake mail uses extensive images, animation and flash content

Question 51

David is a security administrator working in Boston. David has been asked by the office's manager to block all POP3 traffic at the firewall because he believes employees are spending too much time reading personal email. How can David block POP3 at the firewall?

Options:

A.

David can block port 125 at the firewall.

B.

David can block all EHLO requests that originate from inside the office.

C.

David can stop POP3 traffic by blocking all HELO requests that originate from inside the office.

D.

David can block port 110 to block all POP3 traffic.

Page: 12 / 32
Exam Code: CEH-001
Exam Name: Certified Ethical Hacker (CEH)
Last Update: Dec 22, 2024
Questions: 878
CEH-001 pdf

CEH-001 PDF

$25.5  $84.99
CEH-001 Engine

CEH-001 Testing Engine

$28.5  $94.99
CEH-001 PDF + Engine

CEH-001 PDF + Testing Engine

$40.5  $134.99