Weekend Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Free GAQM CPEH-001 Practice Exam with Questions & Answers | Set: 10

Questions 136

Which tool can be used to silently copy files from USB devices?

Options:
A.

USB Grabber

B.

USB Dumper

C.

USB Sniffer

D.

USB Snoopy

GAQM CPEH-001 Premium Access
Questions 137

A botnet can be managed through which of the following?

Options:
A.

IRC

B.

E-Mail

C.

Linkedin and Facebook

D.

A vulnerable FTP server

Questions 138

Which of the following is a symmetric cryptographic standard?

Options:
A.

DSA

B.

PKI

C.

RSA

D.

3DES

Questions 139

Which of the following is an example of two factor authentication?

Options:
A.

PIN Number and Birth Date

B.

Username and Password

C.

Digital Certificate and Hardware Token

D.

Fingerprint and Smartcard ID

Questions 140

Which of the following is an example of an asymmetric encryption implementation?

Options:
A.

SHA1

B.

PGP

C.

3DES

D.

MD5

Questions 141

Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?

Options:
A.

Netstat WMI Scan

B.

Silent Dependencies

C.

Consider unscanned ports as closed

D.

Reduce parallel connections on congestion

Questions 142

While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. What specific octet within the subnet does the technician see?

Options:
A.

10.10.10.10

B.

127.0.0.1

C.

192.168.1.1

D.

192.168.168.168

Questions 143

Which of the following processes evaluates the adherence of an organization to its stated security policy?

Options:
A.

Vulnerability assessment

B.

Penetration testing

C.

Risk assessment

D.

Security auditing

Questions 144

From the two screenshots below, which of the following is occurring?

CPEH-001 Question 144

Options:
A.

10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

B.

10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

C.

10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

D.

10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

Questions 145

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?

Options:
A.

Cross-site scripting

B.

SQL injection

C.

Missing patches

D.

CRLF injection

Questions 146

Which of the following problems can be solved by using Wireshark?

Options:
A.

Tracking version changes of source code

B.

Checking creation dates on all webpages on a server

C.

Resetting the administrator password on multiple systems

D.

Troubleshooting communication resets between two systems

Questions 147

Which of the following is a preventive control?

Options:
A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Questions 148

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field:

CPEH-001 Question 148

When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".

Which web applications vulnerability did the analyst discover?

Options:
A.

Cross-site request forgery

B.

Command injection

C.

Cross-site scripting

D.

SQL injection

Questions 149

During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

Options:
A.

The tester must capture the WPA2 authentication handshake and then crack it.

B.

The tester must use the tool inSSIDer to crack it using the ESSID of the network.

C.

The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.

D.

The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

Questions 150

In the software security development life cycle process, threat modeling occurs in which phase?

Options:
A.

Design

B.

Requirements

C.

Verification

D.

Implementation

Exam Code: CPEH-001
Certification Provider: GAQM
Exam Name: Certified Professional Ethical Hacker (CPEH)
Last Update: Sep 13, 2025
Questions: 736

GAQM Related Exams

CPT-001 - Certified Professional Trainer (CPT)
CGTP-001 - Certified Global Tax Practitioner (CGTP)
ISO-31000-CLA - ISO 31000 - Certified Lead Risk Manager
CCMP-001 - Certified Change Manager - Practitioner (CCMP)
CSM-002 - Certified Software Manager (CSM)
ISO-45001-CLA - ISO 45001:2018 - Certified Lead Auditor
CDM-001 - Certified DevOps Master (CDM)
CDCFOM-001 - Certified Data Centre Facilities Operations Manager (CDCFOM)
ISO27-13-001 - ISO 27001 : 2013 - Certified Lead Auditor
CAD-001 - Certified Agile Developer (CAD)
ISO-17020-CLA - ISO/IEC 17020:2012 - Certified Lead Auditor
CLSSGB - Certified Lean Six Sigma Green Belt (CLSSGB)
CNA-001 - Certified Nursing Assistant (CNA)
CMAT-001 - IMTQN Certified Mobile Application Tester (CMAT)
ISO-ISMS-CIA - ISO 27001 ISMS - Certified Internal Auditor
GAQM Free Access
Get GAQM Full Access

GAQM Free Exams
GAQM Free Exams
Unlock free GAQM exam resources and practice tests at Examstrack. Boost your GAQM exam readiness with top-notch materials.