GAQM CEH-001 Free Practice Questions

NEW QUESTION 1

How would you prevent session hijacking attacks?

• A. Using biometrics access tokens secures sessions against hijacking
• B. Using non-Internet protocols like http secures sessions against hijacking
• C. Using hardware-based authentication secures sessions against hijacking
• D. Using unpredictable sequence numbers secures sessions against hijacking

Answer: D

Explanation:
Protection of a session needs to focus on the unique session identifier because it is the only thing that distinguishes users. If the session ID is compromised, attackers can impersonate other users on the system. The first thing is to ensure that the sequence of identification numbers issued by the session management system is unpredictable; otherwise, it's trivial to hijack another user's session. Having a large number of possible session IDs (meaning that they should be very long) means that there are a lot more permutations for an attacker to try.

NEW QUESTION 2

WEP is used on 802.11 networks, what was it designed for?

• A. WEP is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what it usually expected of a wired LAN.
• B. WEP is designed to provide strong encryption to a wireless local area network (WLAN) with a lever of integrity and privacy adequate for sensible but unclassified information.
• C. WEP is designed to provide a wireless local area network (WLAN) with a level of availability and privacy comparable to what is usually expected of a wired LAN.
• D. WEOP is designed to provide a wireless local area network (WLAN) with a level of privacy comparable to what it usually expected of a wired LAN.

Answer: A

Explanation:
WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004.

NEW QUESTION 3

An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to match too many signatures hence it cannot reliably be identified:
21 ftp
23 telnet
80 http
443 https
What does this suggest?

• A. This is a Windows Domain Controller
• B. The host is not firewalled
• C. The host is not a Linux or Solaris system
• D. The host is not properly patched

Answer: C

NEW QUESTION 4

There is some dispute between two network administrators at your company. Your boss asks you to come and meet with the administrators to set the record straight. Which of these are true about PKI and encryption?
Select the best answers.

• A. PKI provides data with encryption, compression, and restorability.
• B. Public-key encryption was invented in 1976 by Whitfield Diffie and Martin Hellman.
• C. When it comes to eCommerce, as long as you have authenticity, and authenticity, you do not need encryption.
• D. RSA is a type of encryption.

Answer: BD

Explanation:
PKI provides confidentiality, integrity, and authenticity of the messages exchanged between these two types of systems. The 3rd party provides the public key and the receiver verifies the message with a combination of the private and public key. Public- key encryption WAS invented in 1976 by Whitfield Diffie and Martin Hellman. The famous hashing algorithm Diffie-Hellman was named after them. The RSA Algorithm is created by the RSA Security company that also has created other widely used encryption algorithms.

NEW QUESTION 5

What does an ICMP (Code 13) message normally indicates?

• A. It indicates that the destination host is unreachable
• B. It indicates to the host that the datagram which triggered the source quench message will need to be re-sent
• C. It indicates that the packet has been administratively dropped in transit
• D. It is a request to the host to cut back the rate at which it is sending traffic to the Internet destination

Answer: C

Explanation:
CODE 13 and type 3 is destination unreachable due to communication administratively prohibited by filtering hence maybe they meant "code 13", therefore would be C).
Note:
A - Type 3 B - Type 4
C - Type 3 Code 13 D - Typ4 4

NEW QUESTION 6

Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic?

• A. Network aliasing
• B. Domain Name Server (DNS) poisoning
• C. Reverse Address Resolution Protocol (ARP)
• D. Port scanning

Answer: B

Explanation:
This reference is close to the one listed DNS poisoning is the correct answer.
This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred to as cache poisoning.

NEW QUESTION 7

Botnets are networks of compromised computers that are controlled remotely and surreptitiously by one or more cyber criminals. How do cyber criminals infect a victim's computer with bots? (Select 4 answers)

• A. Attackers physically visit every victim's computer to infect them with malicious software
• B. Home computers that have security vulnerabilities are prime targets for botnets
• C. Spammers scan the Internet looking for computers that are unprotected and use these "open-doors" to install malicious software
• D. Attackers use phishing or spam emails that contain links or attachments
• E. Attackers use websites to host the bots utilizing Web Browser vulnerabilities

Answer: BCDE

Explanation:
New Questions

NEW QUESTION 8

Pandora is used to attack network operating systems.

• A. Windows
• B. UNIX
• C. Linux
• D. Netware
• E. MAC OS

Answer: D

Explanation:
While there are not lots of tools available to attack Netware, Pandora is one that can be used.

NEW QUESTION 9

Which of the following is NOT true of cryptography?

• A. Science of protecting information by encoding it into an unreadable format
• B. Method of storing and transmitting data in a form that only those it is intended for can read and process
• C. Most (if not all) algorithms can be broken by both technical and non-technical means
• D. An effective way of protecting sensitive information in storage but not in transit

Answer: D

Explanation:
Cryptography will protect data in both storage and in transit.

NEW QUESTION 10

Vulnerability mapping occurs after which phase of a penetration test?

• A. Host scanning
• B. Passive information gathering
• C. Analysis of host scanning
• D. Network level discovery

Answer: C

Explanation:
The order should be Passive information gathering, Network level discovery, Host scanning and Analysis of host scanning.

NEW QUESTION 11

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

• A. The root CA is the recovery agent used to encrypt data when a user's certificate is lost.
• B. The root CA stores the user's hash value for safekeeping.
• C. The CA is the trusted root that issues certificates.
• D. The root CA is used to encrypt email messages to prevent unintended disclosure of data.

Answer: C

NEW QUESTION 12

Which of the following represent weak password? (Select 2 answers)

• A. Passwords that contain letters, special characters, and numbers Exampl
• B. ap1$%##f@52
• C. Passwords that contain only numbers Exampl
• D. 23698217
• E. Passwords that contain only special characters Exampl
• F. &*#@!(%)
• G. Passwords that contain letters and numbers Exampl
• H. meerdfget123
• I. Passwords that contain only letters Exampl
• J. QWERTYKLRTY
• K. Passwords that contain only special characters and numbers Exampl
• L. 123@$45
• M. Passwords that contain only letters and special characters Exampl
• N. bob@&ba
• O. Passwords that contain Uppercase/Lowercase from a dictionary list Exampl
• P. OrAnGe

Answer: EH

NEW QUESTION 13

What file system vulnerability does the following command take advantage of?
type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

• A. HFS
• B. ADS
• C. NTFS
• D. Backdoor access

Answer: B

Explanation:
ADS (or Alternate Data Streams) is a “feature” in the NTFS file system that makes it possible to hide information in alternate data streams in existing files. The file can have multiple data streams and the data streams are accessed by filename:stream.

NEW QUESTION 14

Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?

• A. The initial traffic from 192.168.12.35 was being spoofed.
• B. The traffic from 192.168.12.25 is from a Linux computer.
• C. The TTL of 21 means that the client computer is on wireless.
• D. The client computer at 192.168.12.35 is a zombie computer.

Answer: A

NEW QUESTION 15

A hacker, who posed as a heating and air conditioning specialist, was able to install a
sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?

• A. Fraggle
• B. MAC Flood
• C. Smurf
• D. Tear Drop

Answer: B

NEW QUESTION 16

Which tool can be used to silently copy files from USB devices?

• A. USB Grabber
• B. USB Dumper
• C. USB Sniffer
• D. USB Snoopy

Answer: B

NEW QUESTION 17

Which system consists of a publicly available set of databases that contain domain name registration contact information?

• A. WHOIS
• B. IANA
• C. CAPTCHA
• D. IETF

Answer: A

NEW QUESTION 18

What are the default passwords used by SNMP? (Choose two.)

• A. Password
• B. SA
• C. Private
• D. Administrator
• E. Public
• F. Blank

Answer: CE

Explanation:
Besides the fact that it passes information in clear text, SNMP also uses well-known passwords. Public and private are the default passwords used by SNMP.

NEW QUESTION 19

What type of port scan is represented here.

• A. Stealth Scan
• B. Full Scan
• C. XMAS Scan
• D. FIN Scan

Answer: A

NEW QUESTION 20

Which of the following would be the best reason for sending a single SMTP message to an address that does not exist within the target company?

• A. To create a denial of service attack.
• B. To verify information about the mail administrator and his address.
• C. To gather information about internal hosts used in email treatment.
• D. To gather information about procedures that are in place to deal with such messages.

Answer: C

Explanation:
The replay from the email server that states that there is no such recipient will also give you some information about the name of the email server, versions used and so on.

NEW QUESTION 21
......