Exam Code: CEH-001 (CEH-001 Exam Questions), Exam Name: Certified Ethical Hacker (CEH), Certification Provider: GAQM Certifitcation, Free Today! Guaranteed Training- Pass CEH-001 Exam.
Free demo questions for GAQM CEH-001 Exam Dumps Below:
NEW QUESTION 1
Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?
- A. Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security
- B. Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure
- C. Registration of critical penetration testing for the Department of Homeland Security and public and private sectors
- D. Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors
NEW QUESTION 2
Pandora is used to attack network operating systems.
- A. Windows
- B. UNIX
- C. Linux
- D. Netware
- E. MAC OS
Explanation: While there are not lots of tools available to attack Netware, Pandora is one that can be used.
NEW QUESTION 3
Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?
- A. The initial traffic from 192.168.12.35 was being spoofed.
- B. The traffic from 192.168.12.25 is from a Linux computer.
- C. The TTL of 21 means that the client computer is on wireless.
- D. The client computer at 192.168.12.35 is a zombie computer.
NEW QUESTION 4
Which Type of scan sends a packets with no flags set? Select the Answer
- A. Open Scan
- B. Null Scan
- C. Xmas Scan
- D. Half-Open Scan
Explanation: The types of port connections supported are:
• TCP Full Connect. This mode makes a full connection to the target's TCP ports and can save any data or banners returned from the target. This mode is the most accurate for determining TCP services, but it is also easily recognized by Intrusion Detection Systems (IDS).
• UDP ICMP Port Unreachable Connect. This mode sends a short UDP packet to the target's UDP ports and looks for an ICMP Port Unreachable message in return. The absence of that message indicates either the port is used, or the target does not return the ICMP message which can lead to false positives. It can save any data or banners returned from the target. This mode is also easily recognized by IDS.
• TCP Full/UDP ICMP Combined. This mode combines the previous two modes into one operation.
• TCP SYN Half Open. (Windows XP/2000 only) This mode sends out a SYN packet to the target port and listens for the appropriate response. Open ports respond with a SYN|ACK and closed ports respond with ACK|RST or RST. This mode is less likely to be noted by IDS, but since the connection is never fully completed, it cannot gather data or banner information. However, the attacker has full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the SYN packet.
• TCP Other. (Windows XP/2000 only) This mode sends out a TCP packet with any combination of the SYN, FIN, ACK, RST, PSH, URG flags set to the target port and listens for the response. Again, the attacker can have full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the custom TCP packet. The Analyze feature helps with analyzing the response based on the flag settings chosen. Each operating system responds differently to these special combinations. The tool includes presets for XMAS, NULL, FIN and ACK flag settings.
NEW QUESTION 5
Which of the following techniques will identify if computer files have been changed?
- A. Network sniffing
- B. Permission sets
- C. Integrity checking hashes
- D. Firewall alerts
NEW QUESTION 6
What are two types of ICMP code used when using the ping command?
- A. It uses types 0 and 8.
- B. It uses types 13 and 14.
- C. It uses types 15 and 17.
- D. The ping command does not use ICMP but uses UDP.
Explanation: ICMP Type 0 = Echo Reply, ICMP Type 8 = Echo
NEW QUESTION 7
Which system consists of a publicly available set of databases that contain domain name registration contact information?
- A. WHOIS
- B. IANA
- C. CAPTCHA
- D. IETF
NEW QUESTION 8
Clive is conducting a pen-test and has just port scanned a system on the network. He has identified the operating system as Linux and been able to elicit responses from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as running DNS service. The client confirms these findings and attests to the current availability of the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On typing other commands, he sees only blank spaces or underscores symbols on the screen. What are you most likely to infer from this?
- A. The services are protected by TCP wrappers
- B. There is a honeypot running on the scanned machine
- C. An attacker has replaced the services with trojaned ones
- D. This indicates that the telnet and SMTP server have crashed
Explanation: TCP Wrapper is a host-based network ACL system, used to filter network access to Internet protocol services run on (Unix-like) operating systems such as Linux or
BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.
NEW QUESTION 9
Your boss Tess King is attempting to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. What would you call such an attack?
- A. SQL Input attack
- B. SQL Piggybacking attack
- C. SQL Select attack
- D. SQL Injection attack
Explanation: This technique is known as SQL injection attack
NEW QUESTION 10
One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term?
- A. Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to process
- B. Providers can increase the bandwidth on critical connections to prevent them from going down in the event of an attack
- C. Replicating servers that can provide additional failsafe protection
- D. Load balance each server in a multiple-server architecture
NEW QUESTION 11
Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs:
From the above list identify the user account with System Administrator privileges?
- A. John
- B. Rebecca
- C. Sheela
- D. Shawn
- E. Somia
- F. Chang
- G. Micah
NEW QUESTION 12
Why would an ethical hacker use the technique of firewalking?
- A. It is a technique used to discover wireless network on foot.
- B. It is a technique used to map routers on a network link.
- C. It is a technique used to discover the nature of rules configured on a gateway.
- D. It is a technique used to discover interfaces in promiscuous mode.
Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway.
NEW QUESTION 13
The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?
- A. Asymmetric
- B. Confidential
- C. Symmetric
- D. Non-confidential
NEW QUESTION 14
Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster's office site in order to find relevant information. What would you call this kind of activity?
- A. CI Gathering
- B. Scanning
- C. Dumpster Diving
- D. Garbage Scooping
NEW QUESTION 15
Leesa is the senior security analyst for a publicly traded company. The IT department recently rolled out an intranet for company use only with information ranging from training, to holiday schedules, to human resources data. Leesa wants to make sure the site is not accessible from outside and she also wants to ensure the site is Sarbanes-Oxley (SOX) compliant. Leesa goes to a public library as she wants to do some Google searching to verify whether the company's intranet is accessible from outside and has been indexed by Google. Leesa wants to search for a website title of "intranet" with part of the URL containing the word "intranet" and the words "human resources" somewhere in the webpage.
What Google search will accomplish this?
- A. related:intranet allinurl:intranet:"human resources"
- B. cache:"human resources" inurl:intranet(SharePoint)
- C. intitle:intranet inurl:intranet+intext:"human resources"
- D. site:"human resources"+intext:intranet intitle:intranet
NEW QUESTION 16
Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?
- A. UDP 123
- B. UDP 541
- C. UDP 514
- D. UDP 415
NEW QUESTION 17
Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?
- A. It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.
- B. If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.
- C. Hashing is faster compared to more traditional encryption algorithms.
- D. Passwords stored using hashes are non-reversible, making finding the password much more difficult.
NEW QUESTION 18
Which of the following LM hashes represents a password of less than 8 characters?
- A. 0182BD0BD4444BF836077A718CCDF409
- B. 44EFCE164AB921CQAAD3B435B51404EE
- C. BA810DBA98995F1817306D272A9441BB
- D. CEC52EB9C8E3455DC2265B23734E0DAC
- E. B757BF5C0D87772FAAD3B435B51404EE
- F. E52CAC67419A9A224A3B108F3FA6CB6D
Explanation: Any password that is shorter than 8 characters will result in the hashing of 7 null bytes, yielding the constant value of 0xAAD3B435B51404EE, hence making it easy to identify short passwords on sight.
NEW QUESTION 19
Which of the following is NOT a reason 802.11 WEP encryption is vulnerable?
- A. There is no mutual authentication between wireless clients and access points
- B. Automated tools like AirSnort are available to discover WEP keys
- C. The standard does not provide for centralized key management
- D. The 24 bit Initialization Vector (IV) field is too small
Explanation: The lack of centralized key management in itself is not a reason that the WEP encryption is vulnerable, it is the people setting the user shared key that makes it unsecure.
Recommend!! Get the Full CEH-001 dumps in VCE and PDF From Dumpscollection, Welcome to Download: http://www.dumpscollection.net/dumps/CEH-001/ (New 878 Q&As Version)