GAQM CEH-001 Online Practice Questions and Exam Preparation

GAQM CEH-001 Online Questions & Answers

• Question 181:

  When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

  A. At least once a year and after any significant upgrade or modification
  B. At least once every three years or after any significant upgrade or modification
  C. At least twice a year or after any significant upgrade or modification
  D. At least once every two years and after any significant upgrade or modification
  A. At least once a year and after any significant upgrade or modification

• Question 182:

  One way to defeat a multi-level security solution is to leak data via

  A. a bypass regulator.
  B. steganography.
  C. a covert channel.
  D. asymmetric routing.
  C. a covert channel.

• Question 183:

  What is the following command used for?

  net use \targetipc$ "" /u:""

  A. Grabbing the etc/passwd file
  B. Grabbing the SAM
  C. Connecting to a Linux computer through Samba.
  D. This command is used to connect as a null session
  E. Enumeration of Cisco routers
  D. This command is used to connect as a null session

• Question 184:

  You have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming. Which command would you execute to extract the Trojan to a standalone file?

  A. c:\> type readme.txt:virus.exe > virus.exe
  B. c:\> more readme.txt | virus.exe > virus.exe
  C. c:\> cat readme.txt:virus.exe > virus.exe
  D. c:\> list redme.txt$virus.exe > virus.exe
  C. c:\> cat readme.txt:virus.exe > virus.exe

• Question 185:

  Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display, or modify ACL's (access control lists) to files or folders and also one that can be used within batch files. Which of the following tools can be used for that purpose? (Choose the best answer)

  A. PERM.exe
  B. CACLS.exe
  C. CLACS.exe
  D. NTPERM.exe
  B. CACLS.exe

• Question 186:

  A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

  A. Perform a dictionary attack.
  B. Perform a brute force attack.
  C. Perform an attack with a rainbow table.
  D. Perform a hybrid attack.
  C. Perform an attack with a rainbow table.

• Question 187:

  A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

  A. IP Security (IPSEC)
  B. Multipurpose Internet Mail Extensions (MIME)
  C. Pretty Good Privacy (PGP)
  D. Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)
  C. Pretty Good Privacy (PGP)

• Question 188:

  Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals that they are not responses from the internal hosts' requests but simply responses coming from the Internet.

  What could be the most likely cause?

  A. Someone has spoofed Clive's IP address while doing a smurf attack.
  B. Someone has spoofed Clive's IP address while doing a land attack.
  C. Someone has spoofed Clive's IP address while doing a fraggle attack.
  D. Someone has spoofed Clive's IP address while doing a DoS attack.
  A. Someone has spoofed Clive's IP address while doing a smurf attack.

• Question 189:

  Which security control role does encryption meet?

  A. Preventative
  B. Detective
  C. Offensive
  D. Defensive
  A. Preventative

• Question 190:

  The follows is an email header. What address is that of the true originator of the message?

  

  A. 19.25.19.10
  B. 51.32.123.21
  C. 168.150.84.123
  D. 215.52.220.122
  E. 8.10.2/8.10.2
  C. 168.150.84.123