GAQM CEH-001 Exam Dumps 2019

We offers CEH-001 Exam Questions. "Certified Ethical Hacker (CEH)", also known as CEH-001 exam, is a GAQM Certification. This set of posts, Passing the CEH-001 exam with CEH-001 Exam Questions and Answers, will help you answer those questions. The CEH-001 Study Guides covers all the knowledge points of the real exam. 100% real CEH-001 Dumps Questions and revised by experts!

Online CEH-001 free questions and answers of New Version:

While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:
CEH-001 dumps exhibit
Remote operating system guess: Too many signatures match to reliably guess the OS. Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds
What should be your next step to identify the OS?

  • A. Perform a firewalk with that system as the target IP
  • B. Perform a tcp traceroute to the system using port 53
  • C. Run an nmap scan with the -v-v option to give a better output
  • D. Connect to the active services and review the banner information

Answer: D

Explanation: Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.

Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet:
CEH-001 dumps exhibit
How can you protect/fix the problem of your application as shown above?

  • A. Because the counter starts with 0, we would stop when the counter is less than 200
  • B. Because the counter starts with 0, we would stop when the counter is more than 200
  • C. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data
  • D. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data

Answer: AD

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

  • A. OWASP is for web applications and OSSTMM does not include web applications.
  • B. OSSTMM is gray box testing and OWASP is black box testing.
  • C. OWASP addresses controls and OSSTMM does not.
  • D. OSSTMM addresses controls and OWASP does not.

Answer: D

Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers)
CEH-001 dumps exhibit

  • A. Bogus ECHO reply packets are flooded on the network spoofing the IP and MAC address
  • B. The ICMP packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim's network
  • C. ECHO packets are flooded on the network saturating the bandwidth of the subnet causing denial of service
  • D. A DDoS ICMP flood attack occurs when the zombies send large volumes of ICMP_ECHO_REPLY packets to the victim system.

Answer: BD

This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do.

  • A. UDP Scanning
  • B. IP Fragment Scanning
  • C. Inverse TCP flag scanning
  • D. ACK flag scanning

Answer: B

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?

  • A. Cross-site scripting
  • B. SQL injection
  • C. Missing patches
  • D. CRLF injection

Answer: C

Explanation: Topic 5, Volume E

Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library.
What is the name of this library?

  • B. LibPCAP
  • C. WinPCAP
  • D. PCAP

Answer: C

Explanation: WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

Which of the following best describes session key creation in SSL?

  • A. It is created by the server after verifying theuser's identity
  • B. It is created by the server upon connection by the client
  • C. It is created by the client from the server's public key
  • D. It is created by the client after verifying the server's identity

Answer: D

Explanation: An SSL session always begins with an exchange of messages called the SSL handshake. The handshake allows the server to authenticate itself to the client using public-key techniques, then allows the client and the server to cooperate in the creation of symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows. Optionally, the handshake also allows the client to authenticate itself to the server.

Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack. What should Peter do to prevent a smurf attack?
Select the best answer.

  • A. He should disable unicast on all routers
  • B. Disable multicast on the router
  • C. Turn off fragmentation on his router
  • D. Make sure all anti-virus protection is updated on all systems
  • E. Make sure his router won't take a directed broadcast

Answer: E

Explanation: Explanations:
Unicasts are one-to-one IP transmissions, by disabling this he would disable most network transmissions but still not prevent the smurf attack. Turning of multicast or fragmentation on the router has nothing to do with Peter’s concerns as a smurf attack uses broadcast, not multicast and has nothing to do with fragmentation. Anti-virus protection will not help prevent a smurf attack. A smurf attack is a broadcast from a spoofed source. If directed broadcasts are enabled on the destination all the computers at the destination will respond to the spoofed source, which is really the victim. Disabling directed broadcasts on a router can prevent the attack.

Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs. What is this attack most appropriately called?

  • A. Spoof attack
  • B. Replay attack
  • C. Injection attack
  • D. Rebound attack

Answer: B

Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).

If an attacker's computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response?

  • A. 31400
  • B. 31402
  • C. The zombie will not send a response
  • D. 31401

Answer: B

Explanation: 31402 is the correct answer.

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?

  • A. Key registry
  • B. Recovery agent
  • C. Directory
  • D. Key escrow

Answer: D

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?

  • A. The consultant will ask for money on the bid because of great work.
  • B. The consultant may expose vulnerabilities of other companies.
  • C. The company accepting bids will want the same type of format of testing.
  • D. The company accepting bids will hire the consultant because of the great work performed.

Answer: B

Jim’s organization has just completed a major Linux roll out and now all of the organization’s systems are running the Linux 2.5 kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ.
Which built-in functionality of Linux can achieve this?

  • A. IP Tables
  • B. IP Chains
  • C. IP Sniffer
  • D. IP ICMP

Answer: A

Explanation: iptables is a user space application program that allows a system administrator to configure the netfilter tables, chains, and rules (described above). Because iptables requires elevated privileges to operate, it must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /sbin/iptables. IP Tables performs stateful inspection while the older IP Chains only performs stateless inspection.

Which types of detection methods are employed by Network Intrusion Detection Systems (NIDS)? (Choose two.)

  • A. Signature
  • B. Anomaly
  • C. Passive
  • D. Reactive

Answer: AB

Which of the following command line switch would you use for OS detection in Nmap?

  • A. -D
  • B. -O
  • C. -P
  • D. -X

Answer: B

Explanation: OS DETECTION:
-O: Enable OS detection (try 2nd generation w/fallback to 1st)
-O2: Only use the new OS detection system (no fallback)
-O1: Only use the old (1st generation) OS detection system
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively

LAN Manager Passwords are concatenated to 14 bytes, and split in half. The two halves are hashed individually. If the password is 7 characters or less, than the second half of the hash is always:

  • A. 0xAAD3B435B51404EE
  • B. 0xAAD3B435B51404AA
  • C. 0xAAD3B435B51404BB
  • D. 0xAAD3B435B51404CC

Answer: A

You want to know whether a packet filter is in front of Pings to don't get answered. A basic nmap scan of seems to hang without returning any information. What should you do next?

  • A. Run NULL TCP hping2 against
  • B. Run nmap XMAS scan against
  • C. The firewall is blocking all the scans to
  • D. Use NetScan Tools Pro to conduct the scan

Answer: A

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.)

  • A. Install DNS logger and track vulnerable packets
  • B. Disable DNS timeouts
  • C. Install DNS Anti-spoofing
  • D. Disable DNS Zone Transfer

Answer: C

Explanation: Implement DNS Anit-Spoofing measures to prevent DNS Cache Pollution to occur.

P.S. Easily pass CEH-001 Exam with 878 Q&As Simply pass Dumps & pdf Version, Welcome to Download the Newest Simply pass CEH-001 Dumps: (878 New Questions)