Free GAQM CPEH-001 Practice Exam with Questions & Answers

Name: How to Pass CPEH-001 Exams
Brand: Examstrack
SKU: cpeh-001
Price: 42 USD
Availability: InStock

Questions 1

What is the most common method to exploit the “Bash Bug” or “ShellShock" vulnerability?

Options:

Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

Manipulate format strings in text fields

SSH

SYN Flood

GAQM CPEH-001 Premium Access

Santiago

27-May-2025

Thanks to examstrack.com, I confidently faced the CPEH-001 certification exam and succeeded!

Questions 2

Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication, which option below offers that?

Options:

A new username and password

A fingerprint scanner and his username and password.

Disable his username and use just a fingerprint scanner.

His username and a stronger password.

Questions 3

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

Options:

Use cryptographic storage to store all PII

Use encrypted communications protocols to transmit PII

Use full disk encryption on all hard drives to protect PII

Use a security token to log into all Web applications that use PII

Questions 4

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

Options:

ARP Poisoning

Smurf Attack

DNS spoofing

MAC Flooding

Questions 5

Scenario: 1. Victim opens the attacker’s web site.

2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make S100 In a day?',

3. Victim clicks to the interesting and attractive content url.

4- Attacker creates a transparent iframe' in front of the url which victim attempt to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/sne clicks to the content or url that exists in the transparent iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

Options:

HTTP Parameter Pollution

HTML Injection

Session Fixation

ClickJacking Attack

Questions 6

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Options:

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

Attempts by attackers to access the user and password information stored in the company's SQL database.

Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

Questions 7

The "gray box testing" methodology enforces what kind of restriction?

Options:

The internal operation of a system is only partly accessible to the tester.

The internal operation of a system is completely known to the tester.

Only the external operation of a system is accessible to the tester.

Only the internal operation of a system is known to the tester.

Questions 8

The security concept of "separation of duties" is most similar to the operation of which type of security device?

Options:

Firewall

Bastion host

Intrusion Detection System

Honeypot

Questions 9

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client.

What is a possible source of this problem?

Options:

The WAP does not recognize the client’s MAC address

The client cannot see the SSID of the wireless network

Client is configured for the wrong channel

The wireless client is not configured to use DHCP

Questions 10

What is the role of test automation in security testing?

Options:

It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

It is an option but it tends to be very expensive.

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

Test automation is not usable in security due to the complexity of the tests.

Questions 11

Which of the following tools can be used for passive OS fingerprinting?

Options:

tcpdump

nmap

ping

tracert

Questions 12

Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries.) More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

Basic example to understand how cryptography works is given below:

CPEH-001 Question 12

Which of the following choices is true about cryptography?

Options:

Algorithm is not the secret, key is the secret.

Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext.

Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way.

Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.

Questions 13

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place.

What Web browser-based security vulnerability was exploited to compromise the user?

Options:

Cross-Site Request Forgery

Cross-Site Scripting

Clickjacking

Web form input validation

Questions 14

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

Options:

The document can be sent to the accountant using an exclusive USB for that document.

The CFO can use a hash algorithm in the document once he approved the financial statements.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.

The CFO can use an excel file with a password.

Questions 15

Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

Options:

Blind SQLi

DMS-specific SQLi

Classic SQLi

Compound SQLi