1. Home
  2. GAQM
  3. CEH-001

Certified Ethical Hacker (CEH)

Exam Details

  • Exam Code
    :CEH-001
  • Exam Name
    :Certified Ethical Hacker (CEH)
  • Certification
    :GAQM Certifications
  • Vendor
    :GAQM
  • Total Questions
    :878 Q&As
  • Last Updated
    :May 10, 2025

GAQM GAQM Certifications CEH-001 Questions & Answers

  • Question 201:

    Exhibit:

    ettercap CLzs --quiet

    What does the command in the exhibit do in "Ettercap"?

    A. This command will provide you the entire list of hosts in the LAN

    B. This command will check if someone is poisoning you and will report its IP.

    C. This command will detach from console and log all the collected passwords from the network to a file.

    D. This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.

  • Question 202:

    A file integrity program such as Tripwire protects against Trojan horse attacks by:

    A. Automatically deleting Trojan horse programs

    B. Rejecting packets generated by Trojan horse programs

    C. Using programming hooks to inform the kernel of Trojan horse behavior

    D. Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse

  • Question 203:

    Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He enters the following at the command prompt.

    $ nc -l -p 1026 -u -v

    In response, he sees the following message.

    cell(?(c)????STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.

    Windows has found 47 Critical Errors.

    To fix the errors please do the following:

    1.

    Download Registry Repair from: www.reg-patch.com

    2.

    Install Registry Repair

    3.

    Run Registry Repair

    4.

    Reboot your computer

    FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!

    What would you infer from this alert?

    A. The machine is redirecting traffic to www.reg-patch.com using adware

    B. It is a genuine fault of windows registry and the registry needs to be backed up

    C. An attacker has compromised the machine and backdoored ports 1026 and 1027

    D. It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities

  • Question 204:

    Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports?

    A. Netcat -h -U

    B. Netcat -hU

    C. Netcat -sU -p 1-1024

    D. Netcat -u -v -w2 1-1024 E. Netcat -sS -O target/1024

  • Question 205:

    Sniffing is considered an active attack.

    A. True

    B. False

  • Question 206:

    John wishes to install a new application onto his Windows 2000 server.

    He wants to ensure that any application he uses has not been Trojaned.

    What can he do to help ensure this?

    A. Compare the file's MD5 signature with the one published on the distribution media

    B. Obtain the application via SSL

    C. Compare the file's virus signature with the one published on the distribution media

    D. Obtain the application from a CD-ROM disc

  • Question 207:

    Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?

    A. Port 1890 (Net-Devil Trojan)

    B. Port 1786 (Net-Devil Trojan)

    C. Port 1909 (Net-Devil Trojan)

    D. Port 6667 (Net-Devil Trojan)

  • Question 208:

    In Linux, the three most common commands that hackers usually attempt to Trojan are:

    A. car, xterm, grep

    B. netstat, ps, top

    C. vmware, sed, less

    D. xterm, ps, nc

  • Question 209:

    You have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming.

    Which command would you execute to extract the Trojan to a standalone file?

    A. c:\> type readme.txt:virus.exe > virus.exe

    B. c:\> more readme.txt | virus.exe > virus.exe

    C. c:\> cat readme.txt:virus.exe > virus.exe

    D. c:\> list redme.txt$virus.exe > virus.exe

  • Question 210:

    You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open.

    What is the next step you would do?

    A. Re-install the operating system.

    B. Re-run anti-virus software.

    C. Install and run Trojan removal software.

    D. Run utility fport and look for the application executable that listens on port 6666.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GAQM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CEH-001 exam preparations and GAQM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.