Month End Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Achieve Success in the GAQM CEH-001 Exam: A Detailed Certified Ethical Hacker (CEH) Guide

Questions 81

Which one of the following instigates a SYN flood attack?

Options:
A.

Generating excessive broadcast packets.

B.

Creating a high number of half-open connections.

C.

Inserting repetitive Internet Relay Chat (IRC) messages.

D.

A large number of Internet Control Message Protocol (ICMP) traces.

GAQM CEH-001 Premium Access
Questions 82

Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three)

Options:
A.

Converts passwords to uppercase.

B.

Hashes are sent in clear text over the network.

C.

Makes use of only 32 bit encryption.

D.

Effective length is 7 characters.

Questions 83

E-mail scams and mail fraud are regulated by which of the following?

Options:
A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Questions 84

Most NIDS systems operate in layer 2 of the OSI model. These systems feed raw traffic into a detection engine and rely on the pattern matching and/or statistical analysis to determine what is malicious. Packets are not processed by the host's TCP/IP stack allowing the NIDS to analyze traffic the host would otherwise discard. Which of the following tools allows an attacker to intentionally craft packets to confuse pattern-matching NIDS systems, while still being correctly assembled by the host TCP/IP stack to render the attack payload?

Options:
A.

Defrag

B.

Tcpfrag

C.

Tcpdump

D.

Fragroute

Questions 85

Bob, an Administrator at XYZ was furious when he discovered that his buddy Trent, has launched a session hijack attack against his network, and sniffed on his communication, including administrative tasks suck as configuring routers, firewalls, IDS, via Telnet.

Bob, being an unhappy administrator, seeks your help to assist him in ensuring that attackers such as Trent will not be able to launch a session hijack in XYZ.

Based on the above scenario, please choose which would be your corrective measurement actions. (Choose two)

Options:
A.

Use encrypted protocols, like those found in the OpenSSH suite.

B.

Implement FAT32 filesystem for faster indexing and improved performance.

C.

Configure the appropriate spoof rules on gateways (internal and external).

D.

Monitor for CRP caches, by using IDS products.

Questions 86

Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware?

Options:
A.

System integrity verification tools

B.

Anti-Virus Software

C.

A properly configured gateway

D.

There is no way of finding out until a new updated signature file is released

Questions 87

John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong.

In the context of Session hijacking why would you consider this as a false sense of security?

Options:
A.

The token based security cannot be easily defeated.

B.

The connection can be taken over after authentication.

C.

A token is not considered strong authentication.

D.

Token security is not widely used in the industry.

Questions 88

What is a primary advantage a hacker gains by using encryption or programs such as Loki?

Options:
A.

It allows an easy way to gain administrator rights

B.

It is effective against Windows computers

C.

It slows down the effective response of an IDS

D.

IDS systems are unable to decrypt it

E.

Traffic will not be modified in transit

Questions 89

When referring to the Domain Name Service, what is denoted by a ‘zone’?

Options:
A.

It is the first domain that belongs to a company.

B.

It is a collection of resource records.

C.

It is the first resource record type in the SOA.

D.

It is a collection of domains.

Questions 90

Which of the following are potential attacks on cryptography? (Select 3)

Options:
A.

One-Time-Pad Attack

B.

Chosen-Ciphertext Attack

C.

Man-in-the-Middle Attack

D.

Known-Ciphertext Attack

E.

Replay Attack

Questions 91

All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?

Options:
A.

They are all Windows based webserver

B.

They are all Unix based webserver

C.

The company is not using IDS

D.

The company is not using a stateful firewall

Questions 92

Tess King is making use of Digest Authentication for her Web site. Why is this considered to be more secure than Basic authentication?

Options:
A.

Basic authentication is broken

B.

The password is never sent in clear text over the network

C.

The password sent in clear text over the network is never reused.

D.

It is based on Kerberos authentication protocol

Questions 93

Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals that they are not responses from the internal hosts’ requests but simply responses coming from the Internet.

What could be the most likely cause?

Options:
A.

Someone has spoofed Clive’s IP address while doing a smurf attack.

B.

Someone has spoofed Clive’s IP address while doing a land attack.

C.

Someone has spoofed Clive’s IP address while doing a fraggle attack.

D.

Someone has spoofed Clive’s IP address while doing a DoS attack.

Questions 94

Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.

Choose the attack type from the choices given below.

Options:
A.

Database Fingerprinting

B.

Database Enumeration

C.

SQL Fingerprinting

D.

SQL Enumeration

Questions 95

John is discussing security with Jane. Jane had mentioned to John earlier that she suspects an LKM has been installed on her server. She believes this is the reason that the server has been acting erratically lately. LKM stands for Loadable Kernel Module.

What does this mean in the context of Linux Security?

Options:
A.

Loadable Kernel Modules are a mechanism for adding functionality to a file system without requiring a kernel recompilation.

B.

Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel after it has been recompiled and the system rebooted.

C.

Loadable Kernel Modules are a mechanism for adding auditing to an operating-system kernel without requiring a kernel recompilation.

D.

Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel without requiring a kernel recompilation.

Questions 96

Why would an ethical hacker use the technique of firewalking?

Options:
A.

It is a technique used to discover wireless network on foot.

B.

It is a technique used to map routers on a network link.

C.

It is a technique used to discover the nature of rules configured on a gateway.

D.

It is a technique used to discover interfaces in promiscuous mode.

Questions 97

You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250.

Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server?

Options:
A.

200-250

B.

121-371

C.

120-321

D.

121-231

E.

120-370

Questions 98

While probing an organization you discover that they have a wireless network. From your attempts to connect to the WLAN you determine that they have deployed MAC filtering by using ACL on the access points. What would be the easiest way to circumvent and communicate on the WLAN?

Options:
A.

Attempt to crack the WEP key using Airsnort.

B.

Attempt to brute force the access point and update or delete the MAC ACL.

C.

Steel a client computer and use it to access the wireless network.

D.

Sniff traffic if the WLAN and spoof your MAC address to one that you captured.

Questions 99

What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System?

Options:
A.

Encryption of agent communications will conceal the presence of the agents

B.

The monitor will know if counterfeit messages are being generated because they will not be encrypted

C.

Alerts are sent to the monitor when a potential intrusion is detected

D.

An intruder could intercept and delete data or alerts and the intrusion can go undetected

Questions 100

Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code and decides to save the page locally to modify some of the page variables. In the context of web application security, what do you think Jane has changed?

Options:
A.

An integer variable

B.

A 'hidden' price value

C.

A 'hidden' form field value

D.

A page cannot be changed locally; it can only be served by a web server