Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

GAQM CEH-001 Questions Answers

Page: 28 / 32
Question 112

A security administrator notices that the log file of the company`s webserver contains suspicious entries:

Based on source code analysis, the analyst concludes that the login.php script is vulnerable to

Options:

A.

command injection.

B.

SQL injection.

C.

directory traversal.

D.

LDAP injection.

Question 113

Which of the following lists are valid data-gathering activities associated with a risk assessment?

Options:

A.

Threat identification, vulnerability identification, control analysis

B.

Threat identification, response identification, mitigation identification

C.

Attack profile, defense profile, loss profile

D.

System profile, vulnerability identification, security determination

Question 114

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?

Options:

A.

The request to the web server is not visible to the administrator of the vulnerable application.

B.

The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

C.

The successful attack does not show an error message to the administrator of the affected application.

D.

The vulnerable application does not display errors with information about the injection results to the attacker.

Question 115

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?

Options:

A.

Say nothing and continue with the security testing.

B.

Stop work immediately and contact the authorities.

C.

Delete the pornography, say nothing, and continue security testing.

D.

Bring the discovery to the financial organization's human resource department.

Page: 28 / 32
Exam Code: CEH-001
Exam Name: Certified Ethical Hacker (CEH)
Last Update: Nov 7, 2024
Questions: 878
CEH-001 pdf

CEH-001 PDF

$28  $80
CEH-001 Engine

CEH-001 Testing Engine

$33.25  $95
CEH-001 PDF + Engine

CEH-001 PDF + Testing Engine

$45.5  $130