New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the GAQM CEH-001 Exam: A Detailed Certified Ethical Hacker (CEH) Guide

Questions 201

Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network.

He receives the following SMS message during the weekend.

CEH-001 Question 201

An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason's network with the hping command.

Which of the following hping2 command is responsible for the above snort alert?

Options:
A.

chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118

B.

chenrocks:/home/siew # hping -F -Q -J -A -C -W 192.168.2.56 -p 22 -c 5 -t 118

C.

chenrocks:/home/siew # hping -D -V -R -S -Z -Y 192.168.2.56 -p 22 -c 5 -t 118

D.

chenrocks:/home/siew # hping -G -T -H -S -L -W 192.168.2.56 -p 22 -c 5 -t 118

GAQM CEH-001 Premium Access
Questions 202

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

Options:
A.

Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

B.

Package the Sales.xls using Trojan wrappers and telnet them back your home computer

C.

You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

D.

Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

Questions 203

What are two things that are possible when scanning UDP ports? (Choose two.

Options:
A.

A reset will be returned

B.

An ICMP message will be returned

C.

The four-way handshake will not be completed

D.

An RFC 1294 message will be returned

E.

Nothing

Questions 204

User which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

Options:
A.

18 U.S.C 1029 Possession of Access Devices

B.

18 U.S.C 1030 Fraud and related activity in connection with computers

C.

18 U.S.C 1343 Fraud by wire, radio or television

D.

18 U.S.C 1361 Injury to Government Property

E.

18 U.S.C 1362 Government communication systems

F.

18 U.S.C 1831 Economic Espionage Act

G.

18 U.S.C 1832 Trade Secrets Act

Questions 205

What are the two basic types of attacks? (Choose two.

Options:
A.

DoS

B.

Passive

C.

Sniffing

D.

Active

E.

Cracking

Questions 206

SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts.

Which of the following features makes this possible? (Choose two)

Options:
A.

It used TCP as the underlying protocol.

B.

It uses community string that is transmitted in clear text.

C.

It is susceptible to sniffing.

D.

It is used by all network devices on the market.

Questions 207

What are two types of ICMP code used when using the ping command?

Options:
A.

It uses types 0 and 8.

B.

It uses types 13 and 14.

C.

It uses types 15 and 17.

D.

The ping command does not use ICMP but uses UDP.

Questions 208

Because UDP is a connectionless protocol: (Select 2)

Options:
A.

UDP recvfrom() and write() scanning will yield reliable results

B.

It can only be used for Connect scans

C.

It can only be used for SYN scans

D.

There is no guarantee that the UDP packets will arrive at their destination

E.

ICMP port unreachable messages may not be returned successfully

Questions 209

Exhibit

CEH-001 Question 209

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

Options:
A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes form port 31337.

C.

The attacker wants to avoid creating a sub-carries connection that is not normally valid.

D.

These packets were crafted by a tool, they were not created by a standard IP stack.

Questions 210

Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)

Options:
A.

CHAT rooms

B.

WHOIS database

C.

News groups

D.

Web sites

E.

Search engines

F.

Organization’s own web site

Questions 211

What port scanning method is the most reliable but also the most detectable?

Options:
A.

Null Scanning

B.

Connect Scanning

C.

ICMP Scanning

D.

Idlescan Scanning

E.

Half Scanning

F.

Verbose Scanning

Questions 212

What type of port scan is shown below?

CEH-001 Question 212

Options:
A.

Idle Scan

B.

Windows Scan

C.

XMAS Scan

D.

SYN Stealth Scan

Questions 213

One of your team members has asked you to analyze the following SOA record. What is the version?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600

3600 604800 2400.

Options:
A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Questions 214

Use the traceroute results shown above to answer the following question:

CEH-001 Question 214

The perimeter security at targetcorp.com does not permit ICMP TTL-expired packets out.

Options:
A.

True

B.

False

Questions 215

Which of the following systems would not respond correctly to an nmap XMAS scan?

Options:
A.

Windows 2000 Server running IIS 5

B.

Any Solaris version running SAMBA Server

C.

Any version of IRIX

D.

RedHat Linux 8.0 running Apache Web Server

Questions 216

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

Options:
A.

The zombie you are using is not truly idle.

B.

A stateful inspection firewall is resetting your queries.

C.

Hping2 cannot be used for idle scanning.

D.

These ports are actually open on the target system.

Questions 217

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect's workstation. He comes across a file that is just called "file.txt" but when he opens it, he finds the following:

CEH-001 Question 217

What can he infer from this file?

Options:
A.

A picture that has been renamed with a .txt extension

B.

An encrypted file

C.

An encoded file

D.

A buffer overflow

Questions 218

_________ is one of the programs used to wardial.

Options:
A.

DialIT

B.

Netstumbler

C.

TooPac

D.

Kismet

E.

ToneLoc

Questions 219

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

Options:
A.

An attacker, working slowly enough, can evade detection by the IDS.

B.

Network packets are dropped if the volume exceeds the threshold.

C.

Thresholding interferes with the IDS’ ability to reassemble fragmented packets.

D.

The IDS will not distinguish among packets originating from different sources.

Questions 220

Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately.

Which organization coordinates computer crime investigations throughout the United States?

Options:
A.

NDCA

B.

NICP

C.

CIRP

D.

NPC

E.

CIA