1. Home
  2. GAQM
  3. CEH-001

GAQM CEH-001 Online Practice Questions and Exam Preparation

CEH-001 Exam Details

  • Exam Code
    :CEH-001
  • Exam Name
    :Certified Ethical Hacker (CEH)
  • Certification
    :GAQM Certifications
  • Vendor
    :GAQM
  • Total Questions
    :878 Q&As
  • Last Updated
    :May 30, 2026

GAQM CEH-001 Online Questions & Answers

  • Question 121:

    John the Ripper is a technical assessment tool used to test the weakness of which of the following?

    A. Usernames
    B. File permissions
    C. Firewall rulesets
    D. Passwords

  • Question 122:

    When analyzing the IDS logs, the system administrator notices connections from outside of the LAN have been sending packets where the Source IP address and Destination IP address are the same. There have been no alerts sent via

    email or logged in the IDS.

    Which type of an alert is this?

    A. False positive
    B. False negative
    C. True positive
    D. True negative

  • Question 123:

    While footprinting a network, what port/service should you look for to attempt a zone transfer?

    A. 53 UDP
    B. 53 TCP
    C. 25 UDP
    D. 25 TCP
    E. 161 UDP
    F. 22 TCP
    G. 60 TCP

  • Question 124:

    A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

    The engineer receives this output:

    HTTP/1.1 200 OK

    Server: Microsoft-IIS/6

    Expires: Tue, 17 Jan 2011 01:41:33 GMT

    DatE. Mon, 16 Jan 2011 01:41:33 GMT

    Content-TypE. text/html

    Accept-Ranges: bytes

    Last-ModifieD. Wed, 28 Dec 2010 15:32:21 GMT

    ETaG. "b0aac0542e25c31:89d"

    Content-Length: 7369

    Which of the following is an example of what the engineer performed?

    A. Cross-site scripting
    B. Banner grabbing
    C. SQL injection
    D. Whois database query

  • Question 125:

    You are having problems while retrieving results after performing port scanning during internal testing. You verify that there are no security devices between you and the target system. When both stealth and connect scanning do not work, you decide to perform a NULL scan with NMAP. The first few systems scanned shows all ports open.

    Which one of the following statements is probably true?

    A. The systems have all ports open.
    B. The systems are running a host based IDS.
    C. The systems are web servers.
    D. The systems are running Windows.

  • Question 126:

    A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.)

    A. ARP spoofing
    B. MAC duplication
    C. MAC flooding
    D. SYN flood
    E. Reverse smurf attack
    F. ARP broadcasting

  • Question 127:

    On wireless networks, SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless networks?

    A. The SSID is only 32 bits in length.
    B. The SSID is transmitted in clear text.
    C. The SSID is the same as the MAC address for all vendors.
    D. The SSID is to identify a station, not a network.

  • Question 128:

    While probing an organization you discover that they have a wireless network. From your attempts to connect to the WLAN you determine that they have deployed MAC filtering by using ACL on the access points. What would be the easiest way to circumvent and communicate on the WLAN?

    A. Attempt to crack the WEP key using Airsnort.
    B. Attempt to brute force the access point and update or delete the MAC ACL.
    C. Steel a client computer and use it to access the wireless network.
    D. Sniff traffic if the WLAN and spoof your MAC address to one that you captured.

  • Question 129:

    You visit a website to retrieve the listing of a company's staff members. But you can not find it on the website. You know the listing was certainly present one year before. How can you retrieve information from the outdated website?

    A. Through Google searching cached files
    B. Through Archive.org
    C. Download the website and crawl it
    D. Visit customers' and prtners' websites

  • Question 130:

    A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

    A. Use port security on his switches.
    B. Use a tool like ARPwatch to monitor for strange ARP activity.
    C. Use a firewall between all LAN segments.
    D. If you have a small network, use static ARP entries.
    E. Use only static IP addresses on all PC's.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GAQM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CEH-001 exam preparations and GAQM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.