Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the GAQM CEH-001 Exam: A Detailed Certified Ethical Hacker (CEH) Guide

Questions 1

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

Options:

A.

Certificate issuance

B.

Certificate validation

C.

Certificate cryptography

D.

Certificate revocation

Buy Now
Questions 2

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

Options:

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Buy Now
Questions 3

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

Options:

A.

Threaten to publish the penetration test results if not paid.

B.

Follow proper legal procedures against the company to request payment.

C.

Tell other customers of the financial problems with payments from this company.

D.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Buy Now
Questions 4

Which types of detection methods are employed by Network Intrusion Detection Systems (NIDS)? (Choose two.)

Options:

A.

Signature

B.

Anomaly

C.

Passive

D.

Reactive

Buy Now
Questions 5

How many bits encryption does SHA-1 use?

Options:

A.

64 bits

B.

128 bits

C.

160 bits

D.

256 bits

Buy Now
Questions 6

If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).

Options:

A.

True

B.

False

Buy Now
Questions 7

You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges?

Options:

A.

Administrator

B.

IUSR_COMPUTERNAME

C.

LOCAL_SYSTEM

D.

Whatever account IIS was installed with

Buy Now
Questions 8

You have been called to investigate a sudden increase in network traffic at XYZ. It seems that the traffic generated was too heavy that normal business functions could no longer be rendered to external employees and clients. After a quick investigation, you find that the computer has services running attached to TFN2k and Trinoo software. What do you think was the most likely cause behind this sudden increase in traffic?

Options:

A.

A distributed denial of service attack.

B.

A network card that was jabbering.

C.

A bad route on the firewall.

D.

Invalid rules entry at the gateway.

Buy Now
Questions 9

WinDump is a popular sniffer which results from the porting to Windows of TcpDump for Linux. What library does it use?

Options:

A.

LibPcap

B.

WinPcap

C.

Wincap

D.

None of the above

Buy Now
Questions 10

A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?

Options:

A.

An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database

B.

An attacker submits user input that executes an operating system command to compromise a target system

C.

An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access

D.

An attacker utilizes an incorrect configuration that leads to access with higher-than-expected privilege of the database

Buy Now
Questions 11

Take a look at the following attack on a Web Server using obstructed URL:

http://www.example.com/script.ext?template%2e%2e%2e%2e%2e%2f%2e%2f%65%74%63%2f%70%61%73%73%77%64

The request is made up of:

 %2e%2e%2f%2e%2e%2f%2e%2f% = ../../../

 %65%74%63 = etc

 %2f = /

 %70%61%73%73%77%64 = passwd

How would you protect information systems from these attacks?

Options:

A.

Configure Web Server to deny requests involving Unicode characters.

B.

Create rules in IDS to alert on strange Unicode requests.

C.

Use SSL authentication on Web Servers.

D.

Enable Active Scripts Detection at the firewall and routers.

Buy Now
Questions 12

Which of the following is not an effective countermeasure against replay attacks?

Options:

A.

Digital signatures

B.

Time Stamps

C.

System identification

D.

Sequence numbers

Buy Now
Questions 13

Exhibit:

TCP TTL:50 TOS:0×0 ID:53476 DF

*****PA* Seq: 0x33BC72AD Ack: 0x110CE81E Win: 0x7D78

TCP Options => NOP NOP TS: 126045057 105803098

50 41 53 53 20 90 90 90 90 90 90 90 90 90 90 90 PASS ………..

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….

90 90 90 90 90 90 90 31 C0 31 DB 31 C9 B0 46 CD …….1.1.1..F.

80 31 C0 31 DB 43 89 D9 41 B0 3F CD 80 EB 6B 5E .1.1.C..A.?…k^

31 C0 31 C9 8D 5E 01 88 46 04 66 B9 FF FF 01 B0 1.1..^..F.f…..

27 CD 80 31 C0 8D 5E 01 B0 3D CD 80 31 C0 31 DB ‘..1..^..=..1.1.

8D 5E 08 89 43 02 31 C9 FE C9 31 C0 8D 5E 08 B0 .^..C.1…1..^..

0C CD 80 FE C9 75 F3 31 C0 88 46 09 8D 5E 08 B0 …..u.1..F..^..

3D CD 80 FE 0E B0 30 FE C8 88 46 04 31 C0 88 46 =…..0…F.1..F

07 89 76 08 89 46 0C 89 F3 8D 4E 08 8D 56 0C B0 ..v..F….N..V..

0B CD 80 31 C0 31 DB B0 01 CD 80 E8 90 FF FF FF …1.1……….

FF FF FF 30 62 69 6E 30 73 68 31 2E 2E 31 31 76 …0bin0sh1..11v

65 6E 67 6C 69 6E 40 6B 6F 63 68 61 6D 2E 6B 61 englin@kocham.ka

73 69 65 2E 63 6F 6D 0D 0A sie.com..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

12/09-01:22:31.169534 172.16.1.104:21 -> 207.219.207.240:1882

TCP TTL:63 TOS:0×10 ID:48231 DF

*****PA* Seq: 0x110CE81E Ack: 0x33BC7446 Win: 0x7D78

TCP Options => NOP NOP TS: 105803113 126045057

35 33 30 20 4C 6F 67 69 6E 20 69 6E 63 6F 72 72 530 Login incorr

65 63 74 2E 0D 0A ect…

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

12/09-01:22:39.878150 172.16.1.104:21 -> 207.219.207.240:1882 TCP TTL:63 TOS:0×10 ID:48233 DF

*****PA* Seq: 0x110CE834 Ack: 0x33BC7447 Win: 0x7D78

TCP Options => NOP NOP TS: 105803984 126045931

32 32 31 20 59 6F 75 20 63 6F 75 6C 64 20 61 74 221 You could at

20 6C 65 61 73 74 20 73 61 79 20 67 6F 6F 64 62 least say goodb

79 65 2E 0D 0A ye…

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

12/09-01:22:39.880154 172.16.1.104:21 -> 207.219.207.240:1882

TCP TTL:63 TOS:0×10 ID:48234 DF

***F**A* Seq: 0x110CE859 Ack: 0x33BC7447 Win: 0x7D78

TCP Options => NOP NOP TS: 105803984 126045931

Given the following extract from the snort log on a honeypot, what service is being exploited? :

Options:

A.

FTP

B.

SSH

C.

Telnet

D.

SMTP

Buy Now
Questions 14

Which type of antenna is used in wireless communication?

Options:

A.

Omnidirectional

B.

Parabolic

C.

Uni-directional

D.

Bi-directional

Buy Now
Questions 15

One way to defeat a multi-level security solution is to leak data via

Options:

A.

a bypass regulator.

B.

steganography.

C.

a covert channel.

D.

asymmetric routing.

Buy Now
Questions 16

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

Options:

A.

Perform a dictionary attack.

B.

Perform a brute force attack.

C.

Perform an attack with a rainbow table.

D.

Perform a hybrid attack.

Buy Now
Questions 17

During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

Options:

A.

The tester must capture the WPA2 authentication handshake and then crack it.

B.

The tester must use the tool inSSIDer to crack it using the ESSID of the network.

C.

The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.

D.

The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

Buy Now
Questions 18

SSL has been seen as the solution to a lot of common security problems. Administrator will often time make use of SSL to encrypt communications from points A to point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between point A and B?

Options:

A.

SSL is redundant if you already have IDS's in place

B.

SSL will trigger rules at regular interval and force the administrator to turn them off

C.

SSL will slow down the IDS while it is breaking the encryption to see the packet content

D.

SSL will blind the content of the packet and Intrusion Detection Systems will not be able to detect them

Buy Now
Questions 19

The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination.

The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.

CEH-001 Question 19

How would you overcome the Firewall restriction on ICMP ECHO packets?

Options:

A.

Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.

B.

Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.

C.

Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.

D.

Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command

E.

\> JOHNTHETRACER www.eccouncil.org -F -evade

Buy Now
Questions 20

Least privilege is a security concept that requires that a user is

Options:

A.

limited to those functions required to do the job.

B.

given root or administrative privileges.

C.

trusted to keep all data and access to that data under their sole control.

D.

given privileges equal to everyone else in the department.

Buy Now