GAQM CEH-001 Exam Questions 2019

Want to know CEH-001 Braindumps features? Want to lear more about CEH-001 Braindumps experience? Study CEH-001 Free Practice Questions. Gat a success with an absolute guarantee to pass GAQM CEH-001 (Certified Ethical Hacker (CEH)) test on your first attempt.

Online GAQM CEH-001 free dumps demo Below:

Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to save the page locally, so that he can modify the page variables. In the context of web application security, what do you think Bubba has changes?

  • A. A hidden form field value.
  • B. A hidden price value.
  • C. An integer variable.
  • D. A page cannot be changed locally, as it is served by a web server.

Answer: A

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it?
Select the best answers.

  • A. Use port security on his switches.
  • B. Use a tool like ARPwatch to monitor for strange ARP activity.
  • C. Use a firewall between all LAN segments.
  • D. If you have a small network, use static ARP entries.
  • E. Use only static IP addresses on all PC's.

Answer: ABD

Explanation: Explanations:
By using port security on his switches, the switches will only allow the first MAC address that is connected to the switch to use that port, thus preventing ARP spoofing.ARPWatch is a tool that monitors for strange ARP activity. This may help identify ARP spoofing when it happens. Using firewalls between all LAN segments is possible and may help, but is usually pretty unrealistic. On a very small network, static ARP entries are a possibility. However, on a large network, this is not an realistic option. ARP spoofing doesn't have anything to do with static or dynamic IP addresses. Thus, this option won't help you.

Tess King is making use of Digest Authentication for her Web site. Why is this considered to be more secure than Basic authentication?

  • A. Basic authentication is broken
  • B. The password is never sent in clear text over the network
  • C. The password sent in clear text over the network is never reused.
  • D. It is based on Kerberos authentication protocol

Answer: B

Explanation: Digest access authentication is one of the agreed methods a web page can use to negotiate credentials with a web user (using the HTTP protocol). This method builds upon (and obsoletes) the basic authentication scheme, allowing user identity to be established without having to send a password in plaintext over the network.

You ping a target IP to check if the host is up. You do not get a response. You suspect ICMP is blocked at the firewall. Next you use hping2 tool to ping the target host and you get a response. Why does the host respond to hping2 and not ping packet?
CEH-001 dumps exhibit

  • A. Ping packets cannot bypass firewalls
  • B. You must use ping switch
  • C. Hping2 uses stealth TCP packets to connect
  • D. Hping2 uses TCP instead of ICMP by default

Answer: D

Frederickson Security Consultants is currently conducting a security audit on the networks of Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises conducts business daily with the federal government, they must abide by very stringent security policies. Frederickson is testing all of Hawthorn's physical and logical security measures including biometrics, passwords, and permissions. The federal government requires that all users must utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson has confirmed that all Hawthorn employees use a random password generator for their network passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn's servers using Pwdump6 and are going to try and crack the network passwords. What method of attack is best suited to crack these passwords in the shortest amount of time?

  • A. Brute force attack
  • B. Birthday attack
  • C. Dictionary attack
  • D. Brute service attack

Answer: A

You want to capture Facebook website traffic in Wireshark. What display filter should you use that shows all TCP packets that contain the word 'facebook'?

  • A. display==facebook
  • B. traffic.content==facebook
  • C. tcp contains facebook
  • D. list.display.facebook

Answer: C

Which of the following programming languages is most vulnerable to buffer overflow attacks?

  • A. Perl
  • B. C++
  • C. Python
  • D. Java

Answer: B

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

  • A. Block port 25 at the firewall.
  • B. Shut off the SMTP service on the server.
  • C. Force all connections to use a username and password.
  • D. Switch from Windows Exchange to UNIX Sendmail.
  • E. None of the above.

Answer: E

Explanation: Blocking port 25 in the firewall or forcing all connections to use username and password would have the consequences that the server is unable to communicate with other SMTP servers. Turning of the SMTP service would disable the email function completely. All email servers use SMTP to communicate with other email servers and therefore changing email server will not help.

Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain. What do you think Tess King is trying to accomplish? Select the best answer.

  • A. A zone harvesting
  • B. A zone transfer
  • C. A zone update
  • D. A zone estimate

Answer: B

Explanation: The zone transfer is the method a secondary DNS server uses to update its information from the primary DNS server. DNS servers within a domain are organized using a master-slave method where the slaves get updated DNS information from the master DNS. One should configure the master DNS server to allow zone transfers only from secondary (slave) DNS servers but this is often not implemented. By connecting to a specific DNS server and successfully issuing the ls –d domain-name > file-name you have initiated a zone transfer.

RC4 is known to be a good stream generator. RC4 is used within the WEP standard on wireless LAN. WEP is known to be insecure even if we are using a stream cipher that is known to be secured.
What is the most likely cause behind this?

  • A. There are some flaws in the implementation.
  • B. There is no key management.
  • C. The IV range is too small.
  • D. All of the above.
  • E. None of the above.

Answer: D

Explanation: Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability
the same IV will repeat after 5000 packets.
Many WEP systems require a key in hexadecimal format. Some users choose keys that spell words in the limited 0-9, A-F hex character set, for example C0DE C0DE C0DE C0DE. Such keys are often easily guessed.

Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports?

  • A. Netcat -h -U
  • B. Netcat -hU <host(s.>
  • C. Netcat -sU -p 1-1024 <host(s.>
  • D. Netcat -u -v -w2 <host> 1-1024
  • E. Netcat -sS -O target/1024

Answer: D

Explanation: The proper syntax for a UDP scan using Netcat is "Netcat -u -v -w2 <host> 1-1024". Netcat is considered the Swiss-army knife of hacking tools because it is so versatile.

This method is used to determine the Operating system and version running on a remote target system. What is it called?

  • A. Service Degradation
  • B. OS Fingerprinting
  • C. Manual Target System
  • D. Identification Scanning

Answer: B

Which of the following tools can be used to perform a zone transfer?

  • A. NSLookup
  • B. Finger
  • C. Dig
  • D. Sam Spade
  • E. Host
  • F. Netcat
  • G. Neotrace

Answer: ACDE

Explanation: There are a number of tools that can be used to perform a zone transfer. Some of these include: NSLookup, Host, Dig, and Sam Spade.

One of your team members has asked you to analyze the following SOA record. What is the version? (200302028 3600
3600 604800 2400.

  • A. 200303028
  • B. 3600
  • C. 604800
  • D. 2400
  • E. 60
  • F. 4800

Answer: A

Explanation: The SOA starts with the format of YYYYMMDDVV where VV is the version.

Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?

  • A. RSA, LSA, POP
  • B. SSID, WEP, Kerberos
  • C. SMB, SMTP, Smart card
  • D. Kerberos, Smart card, Stanford SRP

Answer: D

Explanation: Kerberos, Smart cards and Stanford SRP are techniques where the password never leaves the computer.

You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges?

  • A. Administrator
  • D. Whatever account IIS was installed with

Answer: C

Explanation: If you manage to get the system to start a shell for you, that shell will be running as LOCAL_SYSTEM.

CEH-001 dumps exhibit
An attacker finds a web page for a target organization that supplies contact information for the company. Using available details to make the message seem authentic, the attacker drafts e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential information, such as a network administrator.
The email asks the employee to log into a bogus page that requests the employee's user name and password or click on a link that will download spyware or other malicious programming.
Google's Gmail was hacked using this technique and attackers stole source code and sensitive data from Google servers. This is highly sophisticated attack using zero-day exploit vectors, social engineering and malware websites that focused on targeted individuals working for the company.
What is this deadly attack called?

  • A. Spear phishing attack
  • B. Trojan server attack
  • C. Javelin attack
  • D. Social networking attack

Answer: A

What is the term 8 to describe an attack that falsifies a broadcast ICMP echo request and includes a primary and secondary victim?

  • A. Fraggle Attack
  • B. Man in the Middle Attack
  • C. Trojan Horse Attack
  • D. Smurf Attack
  • E. Back Orifice Attack

Answer: D

Explanation: Trojan and Back orifice are Trojan horse attacks.Man in the middle spoofs the Ip and redirects the victems packets to the cracker The infamous Smurf attack. preys on ICMP's
capability to send traffic to the broadcast address. Many hosts can listen and respond to a single ICMP echo request sent to a broadcast address.
Network Intrusion Detection third Edition by Stephen Northcutt and Judy Novak pg 70 The "smurf" attack's cousin is called "fraggle", which uses UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of "smurf".

Which of the following is true of the wireless Service Set ID (SSID)? (Select all that apply.)

  • A. Identifies the wireless network
  • B. Acts as a password for network access
  • C. Should be left at the factory default setting
  • D. Not broadcasting the SSID defeats NetStumbler and other wireless discovery tools

Answer: AB

P.S. Certleader now are offering 100% pass ensure CEH-001 dumps! All CEH-001 exam questions have been updated with correct answers: (878 New Questions)