We offers CEH-001 Exam Questions. "Certified Ethical Hacker (CEH)", also known as CEH-001 exam, is a GAQM Certification. This set of posts, Passing the CEH-001 exam with CEH-001 Exam Questions and Answers, will help you answer those questions. The CEH-001 Study Guides covers all the knowledge points of the real exam. 100% real CEH-001 Dumps Questions and revised by experts!
Online CEH-001 free questions and answers of New Version:
NEW QUESTION 1
While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:
Remote operating system guess: Too many signatures match to reliably guess the OS. Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds
What should be your next step to identify the OS?
- A. Perform a firewalk with that system as the target IP
- B. Perform a tcp traceroute to the system using port 53
- C. Run an nmap scan with the -v-v option to give a better output
- D. Connect to the active services and review the banner information
Explanation: Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.
NEW QUESTION 2
Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet:
How can you protect/fix the problem of your application as shown above?
- A. Because the counter starts with 0, we would stop when the counter is less than 200
- B. Because the counter starts with 0, we would stop when the counter is more than 200
- C. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data
- D. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data
NEW QUESTION 3
When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is
- A. OWASP is for web applications and OSSTMM does not include web applications.
- B. OSSTMM is gray box testing and OWASP is black box testing.
- C. OWASP addresses controls and OSSTMM does not.
- D. OSSTMM addresses controls and OWASP does not.
NEW QUESTION 4
Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers)
- A. Bogus ECHO reply packets are flooded on the network spoofing the IP and MAC address
- B. The ICMP packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim's network
- C. ECHO packets are flooded on the network saturating the bandwidth of the subnet causing denial of service
- D. A DDoS ICMP flood attack occurs when the zombies send large volumes of ICMP_ECHO_REPLY packets to the victim system.
NEW QUESTION 5
This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do.
- A. UDP Scanning
- B. IP Fragment Scanning
- C. Inverse TCP flag scanning
- D. ACK flag scanning
NEW QUESTION 6
Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?
- A. Cross-site scripting
- B. SQL injection
- C. Missing patches
- D. CRLF injection
Explanation: Topic 5, Volume E
NEW QUESTION 7
Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library.
What is the name of this library?
- A. NTPCAP
- B. LibPCAP
- C. WinPCAP
- D. PCAP
Explanation: WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.
NEW QUESTION 8
Which of the following best describes session key creation in SSL?
- A. It is created by the server after verifying theuser's identity
- B. It is created by the server upon connection by the client
- C. It is created by the client from the server's public key
- D. It is created by the client after verifying the server's identity
Explanation: An SSL session always begins with an exchange of messages called the SSL handshake. The handshake allows the server to authenticate itself to the client using public-key techniques, then allows the client and the server to cooperate in the creation of symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows. Optionally, the handshake also allows the client to authenticate itself to the server.
NEW QUESTION 9
Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack. What should Peter do to prevent a smurf attack?
Select the best answer.
- A. He should disable unicast on all routers
- B. Disable multicast on the router
- C. Turn off fragmentation on his router
- D. Make sure all anti-virus protection is updated on all systems
- E. Make sure his router won't take a directed broadcast
Unicasts are one-to-one IP transmissions, by disabling this he would disable most network transmissions but still not prevent the smurf attack. Turning of multicast or fragmentation on the router has nothing to do with Peter’s concerns as a smurf attack uses broadcast, not multicast and has nothing to do with fragmentation. Anti-virus protection will not help prevent a smurf attack. A smurf attack is a broadcast from a spoofed source. If directed broadcasts are enabled on the destination all the computers at the destination will respond to the spoofed source, which is really the victim. Disabling directed broadcasts on a router can prevent the attack.
NEW QUESTION 10
Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs. What is this attack most appropriately called?
- A. Spoof attack
- B. Replay attack
- C. Injection attack
- D. Rebound attack
Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).
NEW QUESTION 11
If an attacker's computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response?
- A. 31400
- B. 31402
- C. The zombie will not send a response
- D. 31401
Explanation: 31402 is the correct answer.
NEW QUESTION 12
Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?
- A. Key registry
- B. Recovery agent
- C. Directory
- D. Key escrow
NEW QUESTION 13
A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?
- A. The consultant will ask for money on the bid because of great work.
- B. The consultant may expose vulnerabilities of other companies.
- C. The company accepting bids will want the same type of format of testing.
- D. The company accepting bids will hire the consultant because of the great work performed.
NEW QUESTION 14
Jim’s organization has just completed a major Linux roll out and now all of the organization’s systems are running the Linux 2.5 kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ.
Which built-in functionality of Linux can achieve this?
- A. IP Tables
- B. IP Chains
- C. IP Sniffer
- D. IP ICMP
Explanation: iptables is a user space application program that allows a system administrator to configure the netfilter tables, chains, and rules (described above). Because iptables requires elevated privileges to operate, it must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /sbin/iptables. IP Tables performs stateful inspection while the older IP Chains only performs stateless inspection.
NEW QUESTION 15
Which types of detection methods are employed by Network Intrusion Detection Systems (NIDS)? (Choose two.)
- A. Signature
- B. Anomaly
- C. Passive
- D. Reactive
NEW QUESTION 16
Which of the following command line switch would you use for OS detection in Nmap?
- A. -D
- B. -O
- C. -P
- D. -X
Explanation: OS DETECTION:
-O: Enable OS detection (try 2nd generation w/fallback to 1st)
-O2: Only use the new OS detection system (no fallback)
-O1: Only use the old (1st generation) OS detection system
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
NEW QUESTION 17
LAN Manager Passwords are concatenated to 14 bytes, and split in half. The two halves are hashed individually. If the password is 7 characters or less, than the second half of the hash is always:
- A. 0xAAD3B435B51404EE
- B. 0xAAD3B435B51404AA
- C. 0xAAD3B435B51404BB
- D. 0xAAD3B435B51404CC
NEW QUESTION 18
You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don't get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next?
- A. Run NULL TCP hping2 against 192.168.1.10
- B. Run nmap XMAS scan against 192.168.1.10
- C. The firewall is blocking all the scans to 192.168.1.10
- D. Use NetScan Tools Pro to conduct the scan
NEW QUESTION 19
Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.)
- A. Install DNS logger and track vulnerable packets
- B. Disable DNS timeouts
- C. Install DNS Anti-spoofing
- D. Disable DNS Zone Transfer
Explanation: Implement DNS Anit-Spoofing measures to prevent DNS Cache Pollution to occur.
P.S. Easily pass CEH-001 Exam with 878 Q&As Simply pass Dumps & pdf Version, Welcome to Download the Newest Simply pass CEH-001 Dumps: https://www.simply-pass.com/GAQM-exam/CEH-001-dumps.html (878 New Questions)