New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free GAQM CEH-001 Practice Exam with Questions & Answers | Set: 6

Questions 101

A client has approached you with a penetration test requirements. They are concerned with the possibility of external threat, and have invested considerable resources in protecting their Internet exposure. However, their main concern is the possibility of an employee elevating his/her privileges and gaining access to information outside of their respective department.

What kind of penetration test would you recommend that would best address the client’s concern?

Options:
A.

A Black Box test

B.

A Black Hat test

C.

A Grey Box test

D.

A Grey Hat test

E.

A White Box test

F.

A White Hat test

GAQM CEH-001 Premium Access
Questions 102

If you come across a sheepdip machine at your client’s site, what should you do?

Options:
A.

A sheepdip computer is used only for virus-checking.

B.

A sheepdip computer is another name for a honeypot

C.

A sheepdip coordinates several honeypots.

D.

A sheepdip computers defers a denial of service attack.

Questions 103

A Buffer Overflow attack involves:

Options:
A.

Using a trojan program to direct data traffic to the target host's memory stack

B.

Flooding the target network buffers with data traffic to reduce the bandwidth available to legitimate users

C.

Using a dictionary to crack password buffers by guessing user names and passwords

D.

Poorly written software that allows an attacker to execute arbitrary code on a target system

Questions 104

Exhibit:

CEH-001 Question 104

Given the following extract from the snort log on a honeypot, what do you infer from the attack?

Options:
A.

A new port was opened

B.

A new user id was created

C.

The exploit was successful

D.

The exploit was not successful

Questions 105

You are gathering competitive intelligence on XYZ.com. You notice that they have jobs listed on a few Internet job-hunting sites. There are two job postings for network and system administrators. How can this help you in footprint the organization?

Options:
A.

The IP range used by the target network

B.

An understanding of the number of employees in the company

C.

How strong the corporate security policy is

D.

The types of operating systems and applications being used.

Questions 106

Which of the following wireless technologies can be detected by NetStumbler? (Select all that apply)

Options:
A.

802.11b

B.

802.11e

C.

802.11a

D.

802.11g

E.

802.11

Questions 107

The following exploit code is extracted from what kind of attack?

CEH-001 Question 107

Options:
A.

Remote password cracking attack

B.

SQL Injection

C.

Distributed Denial of Service

D.

Cross Site Scripting

E.

Buffer Overflow

Questions 108

What is the outcome of the comm”nc -l -p 2222 | nc 10.1.0.43 1234"?

Options:
A.

Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222.

B.

Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.

C.

Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222.

D.

Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

Questions 109

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

Options:
A.

Timing attack

B.

Replay attack

C.

Memory trade-off attack

D.

Chosen plain-text attack

Questions 110

If the final set of security controls does not eliminate all risk in a system, what could be done next?

Options:
A.

Continue to apply controls until there is zero risk.

B.

Ignore any remaining risk.

C.

If the residual risk is low enough, it can be accepted.

D.

Remove current controls since they are not completely effective.

Questions 111

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

Options:
A.

Penetration testing

B.

Social engineering

C.

Vulnerability scanning

D.

Access control list reviews

Questions 112

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

Options:
A.

A bottom-up approach

B.

A top-down approach

C.

A senior creation approach

D.

An IT assurance approach

Questions 113

A corporation hired an ethical hacker to test if it is possible to obtain users' login credentials using methods other than social engineering. Access to offices and to a network node is granted. Results from server scanning indicate all are adequately patched and physical access is denied, thus, administrators have access only through Remote Desktop. Which technique could be used to obtain login credentials?

Options:
A.

Capture every users' traffic with Ettercap.

B.

Capture LANMAN Hashes and crack them with LC6.

C.

Guess passwords using Medusa or Hydra against a network service.

D.

Capture administrators RDP traffic and decode it with Cain and Abel.

Questions 114

A circuit level gateway works at which of the following layers of the OSI Model?

Options:
A.

Layer 5 - Application

B.

Layer 4 – TCP

C.

Layer 3 – Internet protocol

D.

Layer 2 – Data link

Questions 115

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input fielD.

IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox("Vulnerable");>"

When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".

Which web applications vulnerability did the analyst discover?

Options:
A.

Cross-site request forgery

B.

Command injection

C.

Cross-site scripting

D.

SQL injection

Questions 116

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network’s IDS?

Options:
A.

Timing options to slow the speed that the port scan is conducted

B.

Fingerprinting to identify which operating systems are running on the network

C.

ICMP ping sweep to determine which hosts on the network are not available

D.

Traceroute to control the path of the packets sent during the scan

Questions 117

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for www.eccouncil.org and receives an error message stating there is no response from the server. What should the administrator do next?

Options:
A.

Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.

B.

Configure the firewall to allow traffic on TCP ports 80 and UDP port 443.

C.

Configure the firewall to allow traffic on TCP port 53.

D.

Configure the firewall to allow traffic on TCP port 8080.

Questions 118

Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

Options:
A.

Detective

B.

Passive

C.

Intuitive

D.

Reactive

Questions 119

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

Options:
A.

Firewall

B.

Honeypot

C.

Core server

D.

Layer 4 switch

Questions 120

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

Options:
A.

NMAP

B.

Metasploit

C.

Nessus

D.

BeEF