Weekend Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Free GAQM CPEH-001 Practice Exam with Questions & Answers | Set: 13

Questions 181

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

Options:
A.

Sarbanes-Oxley Act (SOX)

B.

Gramm-Leach-Bliley Act (GLBA)

C.

Fair and Accurate Credit Transactions Act (FACTA)

D.

Federal Information Security Management Act (FISMA)

GAQM CPEH-001 Premium Access
Questions 182

How can a policy help improve an employee's security awareness?

Options:
A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Questions 183

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

Options:
A.

OWASP is for web applications and OSSTMM does not include web applications.

B.

OSSTMM is gray box testing and OWASP is black box testing.

C.

OWASP addresses controls and OSSTMM does not.

D.

OSSTMM addresses controls and OWASP does not.

Questions 184

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

Options:
A.

Certificate issuance

B.

Certificate validation

C.

Certificate cryptography

D.

Certificate revocation

Questions 185

In the OSI model, where does PPTP encryption take place?

Options:
A.

Transport layer

B.

Application layer

C.

Data link layer

D.

Network layer

Questions 186

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

Options:
A.

WebBugs

B.

WebGoat

C.

VULN_HTML

D.

WebScarab

Questions 187

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

Options:
A.

Implementing server-side PKI certificates for all connections

B.

Mandating only client-side PKI certificates for all connections

C.

Requiring client and server PKI certificates for all connections

D.

Requiring strong authentication for all DNS queries

Questions 188

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network’s IDS?

Options:
A.

Timing options to slow the speed that the port scan is conducted

B.

Fingerprinting to identify which operating systems are running on the network

C.

ICMP ping sweep to determine which hosts on the network are not available

D.

Traceroute to control the path of the packets sent during the scan

Questions 189

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

Options:
A.

Start by foot printing the network and mapping out a plan of attack.

B.

Ask the employer for authorization to perform the work outside the company.

C.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

D.

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

Questions 190

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

Options:
A.

The gateway is not routing to a public IP address.

B.

The computer is using an invalid IP address.

C.

The gateway and the computer are not on the same network.

D.

The computer is not using a private IP address.

Questions 191

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?

Options:
A.

Key registry

B.

Recovery agent

C.

Directory

D.

Key escrow

Questions 192

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?

Options:
A.

Poly key exchange

B.

Cross certification

C.

Poly key reference

D.

Cross-site exchange

Questions 193

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules.

Which of the following types of firewalls can protect against SQL injection attacks?

Options:
A.

Data-driven firewall

B.

Stateful firewall

C.

Packet firewall

D.

Web application firewall

Questions 194

Developers at your company are creating a web application which will be available for use by anyone on the Internet, The developers have taken the approach of implementing a Three-Tier Architecture for the web application. The developers are now asking you which network should the Presentation Tier (front- end web server) be placed in?

Options:
A.

isolated vlan network

B.

Mesh network

C.

DMZ network

D.

Internal network

Questions 195

From the following table, identify the wrong answer in terms of Range (ft).

CPEH-001 Question 195

Options:
A.

802.11b

B.

802.11g

C.

802.16(WiMax)

D.

802.11a

Exam Code: CPEH-001
Certification Provider: GAQM
Exam Name: Certified Professional Ethical Hacker (CPEH)
Last Update: Jul 12, 2025
Questions: 736

GAQM Related Exams

CDCE-001 - Certified Data Centre Expert (CDCE)
ISO-9001-CLA - ISO 9001 : 2008 - Certified Lead Auditor
CSTA-001 - Certified Software Testing Analyst (CSTA)
CAMT-001 - IMTQN Certified Advanced Mobile Tester (CAMT)
ISO-IEC-385 - ISO/IEC 38500 - Lead IT Corporate Governance Manager
CSM-002 - Certified Software Manager (CSM)
CCCM-001 - Certified Call Centre Manager (CCCM)
CSST-001 - Certified Software Security Tester (CSST)
ISO27019LA - ISO 27019:2017 - Certified Lead Auditor
FCDO-001 - Foundation Certificate in DevOps (FCDO)
ISO-IEC-LI - ISO / IEC 27002 - Lead Implementer
CMCT-001 - Certified Mobile Cloud Tester (CMCT)
CTIL-001 - Certified Software Tester - Intermediate Level (CSTIL)
CEH-001 - Certified Ethical Hacker (CEH)
CPT-001 - Certified Professional Trainer (CPT)
GAQM Free Access
Get GAQM Full Access

GAQM Free Exams
GAQM Free Exams
Unlock free GAQM exam resources and practice tests at Examstrack. Boost your GAQM exam readiness with top-notch materials.