GAQM CEH-001 Free Practice Questions

NEW QUESTION 1

What does black box testing mean?

• A. You have full knowledge of the environment
• B. You have no knowledge of the environment
• C. You have partial knowledge of the environment

Answer: B

Explanation:
Black box testing is conducted when you have no knowledge of the environment. It is more time consuming and expensive.

NEW QUESTION 2

A hacker was able to sniff packets on a company's wireless network. The following information was discovereD.
The Key 10110010 01001011
The Cyphertext 01100101 01011010
Using the Exlcusive OR, what was the original message?

• A. 00101000 11101110
• B. 11010111 00010001
• C. 00001101 10100100
• D. 11110010 01011011

Answer: B

NEW QUESTION 3

Which of the following Registry location does a Trojan add entries to make it persistent on Windows 7? (Select 2 answers)

• A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\System32\CurrentVersion\ Run
• C. HKEY_CURRENT_USER\Software\Microsoft\Windows\System32\CurrentVersion\Run
• D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Answer: AD

NEW QUESTION 4

The Slammer Worm exploits a stack-based overflow that occurs in a DLL implementing the Resolution Service.
Which of the following Database Server was targeted by the slammer worm?

• A. Oracle
• B. MSSQL
• C. MySQL
• D. Sybase
• E. DB2

Answer: B

Explanation:
W32.Slammer is a memory resident worm that propagates via UDP Port 1434 and exploits a vulnerability in SQL Server 2000 systems and systems with MSDE 2000 that have not applied the patch released by Microsoft Security Bulletin MS02-039.

NEW QUESTION 5

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server. They notice that there is an excessive number of fgets() and gets() on the source code. These C++ functions do not check bounds.
What kind of attack is this program susceptible to?

• A. Buffer of Overflow
• B. Denial of Service
• C. Shatter Attack
• D. Password Attack

Answer: A

Explanation:
C users must avoid using dangerous functions that do not check bounds unless they've ensured that the bounds will never get exceeded. A buffer overflow occurs when you write a set of values (usually a string of characters) into a fixed length buffer and write at least one value outside that buffer's boundaries (usually past its end). A buffer overflow can occur when reading input from the user into a buffer, but it can also occur during other kinds of processing in a program.

NEW QUESTION 6

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?

• A. The consultant will ask for money on the bid because of great work.
• B. The consultant may expose vulnerabilities of other companies.
• C. The company accepting bids will want the same type of format of testing.
• D. The company accepting bids will hire the consultant because of the great work performed.

Answer: B

NEW QUESTION 7

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?

• A. Information Audit Policy (IAP)
• B. Information Security Policy (ISP)
• C. Penetration Testing Policy (PTP)
• D. Company Compliance Policy (CCP)

Answer: B

NEW QUESTION 8

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

• A. white box
• B. grey box
• C. red box
• D. black box

Answer: D

NEW QUESTION 9

What framework architecture is shown in this exhibit?

• A. Core Impact
• B. Metasploit
• C. Immunity Canvas
• D. Nessus

Answer: B

NEW QUESTION 10

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.)

• A. Install DNS logger and track vulnerable packets
• B. Disable DNS timeouts
• C. Install DNS Anti-spoofing
• D. Disable DNS Zone Transfer

Answer: C

Explanation:
Implement DNS Anit-Spoofing measures to prevent DNS Cache Pollution to occur.

NEW QUESTION 11

A zone file consists of which of the following Resource Records (RRs)?

• A. DNS, NS, AXFR, and MX records
• B. DNS, NS, PTR, and MX records
• C. SOA, NS, AXFR, and MX records
• D. SOA, NS, A, and MX records

Answer: D

Explanation:
The zone file typically contains the following records: SOA – Start Of Authority
NS – Name Server record MX – Mail eXchange record A – Address record

NEW QUESTION 12

What type of port scan is shown below?

• A. Idle Scan
• B. FIN Scan
• C. XMAS Scan
• D. Windows Scan

Answer: B

NEW QUESTION 13

Fingerprinting an Operating System helps a cracker because:

• A. It defines exactly what software you have installed
• B. It opens a security-delayed window based on the port being scanned
• C. It doesn't depend on the patches that have been applied to fix existing security holes
• D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

Answer: D

Explanation:
When a cracker knows what OS and Services you use he also knows which exploits might work on your system. If he would have to try all possible exploits for all possible Operating Systems and Services it would take too long time and the possibility of being detected increases.

NEW QUESTION 14

During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

• A. The tester must capture the WPA2 authentication handshake and then crack it.
• B. The tester must use the tool inSSIDer to crack it using the ESSID of the network.
• C. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.
• D. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

Answer: A

NEW QUESTION 15

An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be seen by your IDS, as it may take action to stop him. What tool might he use to bypass the IDS?
Select the best answer.

• A. Firewalk
• B. Manhunt
• C. Fragrouter
• D. Fragids

Answer: C

Explanation:
Explanations:
Firewalking is a way to disguise a portscan. Thus, firewalking is not a tool, but a method of
conducting a port scan in which it can be hidden from some firewalls. Synamtec Man-Hunt is an IDS, not a tool to evade an IDS.
Fragrouter is a tool that can take IP traffic and fragment it into multiple pieces. There is a legitimate reason that fragmentation is done, but it is also a technique that can help an attacker to evade detection while Fragids is a made-up tool and does not exist.

NEW QUESTION 16

What is the main advantage that a network-based IDS/IPS system has over a host-based solution?

• A. They do not use host system resources.
• B. They are placed at the boundary, allowing them to inspect all traffic.
• C. They are easier to install and configure.
• D. They will not interfere with user interfaces.

Answer: A

NEW QUESTION 17

Which definition among those given below best describes a covert channel?

• A. A server program using a port that is not well known.
• B. Making use of a protocol in a way it is not intended to be used.
• C. It is the multiplexing taking place on a communication link.
• D. It is one of the weak channels used by WEP which makes it insecure.

Answer: B

Explanation:
A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information.

NEW QUESTION 18

A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation
and/or execution, but in addition to the expected function steals information or harms the system.

The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today's end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software.
What is Rogue security software?

• A. A flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites
• B. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the compute
• C. This kind of software is known as rogue security software.
• D. Rogue security software is based on social engineering technique in which the attackers lures victim to visit spear phishing websites
• E. This software disables firewalls and establishes reverse connecting tunnel between the victim's machine and that of the attacker

Answer: B

NEW QUESTION 19

What type of session hijacking attack is shown in the exhibit?

• A. Session Sniffing Attack
• B. Cross-site scripting Attack
• C. SQL Injection Attack
• D. Token sniffing Attack

Answer: A

NEW QUESTION 20

Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three)

• A. Internet Printing Protocol (IPP) buffer overflow
• B. Code Red Worm
• C. Indexing services ISAPI extension buffer overflow
• D. NeXT buffer overflow

Answer: ABC

Explanation:
Both the buffer overflow in the Internet Printing Protocol and the ISAPI
extension buffer overflow is explained in Microsoft Security Bulletin MS01-023. The Code Red worm was a computer worm released on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server.

NEW QUESTION 21
......