New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free GAQM CEH-001 Practice Exam with Questions & Answers | Set: 3

Questions 41

What do you call a pre-computed hash?

Options:
A.

Sun tables

B.

Apple tables

C.

Rainbow tables

D.

Moon tables

GAQM CEH-001 Premium Access
Questions 42

Which of the following processes evaluates the adherence of an organization to its stated security policy?

Options:
A.

Vulnerability assessment

B.

Penetration testing

C.

Risk assessment

D.

Security auditing

Questions 43

You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement numbers to successfully hijack the telnet session.

Here is the captured data in tcpdump.

CEH-001 Question 43

What are the next sequence and acknowledgement numbers that the router will send to the victim machine?

Options:
A.

Sequence number: 82980070 Acknowledgement number: 17768885A.

B.

Sequence number: 17768729 Acknowledgement number: 82980070B.

C.

Sequence number: 87000070 Acknowledgement number: 85320085C.

D.

Sequence number: 82980010 Acknowledgement number: 17768885D.

Questions 44

Trojan horse attacks pose one of the most serious threats to computer security. The image below shows different ways a Trojan can get into a system. Which are the easiest and most convincing ways to infect a computer?

CEH-001 Question 44

Options:
A.

IRC (Internet Relay Chat)

B.

Legitimate "shrink-wrapped" software packaged by a disgruntled employee

C.

NetBIOS (File Sharing)

D.

Downloading files, games and screensavers from Internet sites

Questions 45

A majority of attacks come from insiders, people who have direct access to a company's computer system as part of their job function or a business relationship. Who is considered an insider?

Options:
A.

A competitor to the company because they can directly benefit from the publicity generated by making such an attack

B.

Disgruntled employee, customers, suppliers, vendors, business partners, contractors, temps, and consultants

C.

The CEO of the company because he has access to all of the computer systems

D.

A government agency since they know the company's computer system strengths and weaknesses

Questions 46

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

Options:
A.

MD5

B.

SHA-1

C.

RC4

D.

MD4

Questions 47

What are the three types of authentication?

Options:
A.

Something you: know, remember, prove

B.

Something you: have, know, are

C.

Something you: show, prove, are

D.

Something you: show, have, prove

Questions 48

Which of the following are advantages of adopting a Single Sign On (SSO) system? (Choose two.)

Options:
A.

A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications

B.

A reduction in network and application monitoring since all recording will be completed at the SSO system

C.

A reduction in system administration overhead since any user login problems can be resolved at the SSO system

D.

A reduction in overall risk to the system since network and application attacks can only happen at the SSO point

Questions 49

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

Options:
A.

They are written in Java.

B.

They send alerts to security monitors.

C.

They use the same packet analysis engine.

D.

They use the same packet capture utility.

Questions 50

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

Options:
A.

The web application does not have the secure flag set.

B.

The session cookies do not have the HttpOnly flag set.

C.

The victim user should not have an endpoint security solution.

D.

The victim's browser must have ActiveX technology enabled.

Questions 51

A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)

Options:
A.

Invalid Username

B.

Invalid Password

C.

Authentication Failure

D.

Login Attempt Failed

E.

Access Denied

Questions 52

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.

If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

Options:
A.

Full Blown

B.

Thorough

C.

Hybrid

D.

BruteDics

Questions 53

Which of the following display filters will you enable in Ethereal to view the three-way handshake for a connection from host 192.168.0.1?

Options:
A.

ip == 192.168.0.1 and tcp.syn

B.

ip.addr = 192.168.0.1 and syn = 1

C.

ip.addr==192.168.0.1 and tcp.flags.syn

D.

ip.equals 192.168.0.1 and syn.equals on

Questions 54

What is the goal of a Denial of Service Attack?

Options:
A.

Capture files from a remote computer.

B.

Render a network or computer incapable of providing normal service.

C.

Exploit a weakness in the TCP stack.

D.

Execute service at PS 1009.

Questions 55

How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on a network?

Options:
A.

Covert Channel

B.

Crafted Channel

C.

Bounce Channel

D.

Deceptive Channel

Questions 56

John wishes to install a new application onto his Windows 2000 server.

He wants to ensure that any application he uses has not been Trojaned.

What can he do to help ensure this?

Options:
A.

Compare the file's MD5 signature with the one published on the distribution media

B.

Obtain the application via SSL

C.

Compare the file's virus signature with the one published on the distribution media

D.

Obtain the application from a CD-ROM disc

Questions 57

What is the proper response for a NULL scan if the port is open?

Options:
A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Questions 58

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? Select the best answers.

Options:
A.

Use the same machines for DNS and other applications

B.

Harden DNS servers

C.

Use split-horizon operation for DNS servers

D.

Restrict Zone transfers

E.

Have subnet diversity between DNS servers

Questions 59

Fingerprinting an Operating System helps a cracker because:

Options:
A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Questions 60

Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could compromise the data?

Options:
A.

Spoof Attack

B.

Smurf Attack

C.

Man inthe Middle Attack

D.

Trojan Horse Attack

E.

Back Orifice Attack