GAQM CEH-001 Online Practice Questions and Exam Preparation

GAQM CEH-001 Online Questions & Answers

• Question 271:

  Ron has configured his network to provide strong perimeter security. As part of his network architecture, he has included a host that is fully exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or filtering router. What would you call such a host?

  A. Honeypot
  B. DMZ host
  C. DWZ host
  D. Bastion Host
  A. Honeypot

• Question 272:

  A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location.

  During a meeting with an outside consultant, the Chief Security Officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the Network Administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis.

  Which of the following is an issue with the situation?

  A. Segregation of duties
  B. Undue influence
  C. Lack of experience
  D. Inadequate disaster recovery plan
  A. Segregation of duties

• Question 273:

  The GET method should never be used when sensitive data such as credit card is being sent to a CGI program. This is because any GET command will appear in the URL, and will be logged by any servers. For example, let's say that you've

  entered your credit card information into a form that uses the GET method. The URL may appear like this:

  https://www.xsecurity-bank.com/creditcard.asp?cardnumber=453453433532234

  The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information. How would you protect from this type of attack?

  A. Never include sensitive information in a script
  B. Use HTTPS SSLv3 to send the data instead of plain HTTPS
  C. Replace the GET with POST method when sending data
  D. Encrypt the data before you send using GET method
  C. Replace the GET with POST method when sending data

• Question 274:

  Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?

  A. Bob can explain that using a weak key management technique is a form of programming error
  B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
  C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique
  D. Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error
  A. Bob can explain that using a weak key management technique is a form of programming error

• Question 275:

  Smart cards use which protocol to transfer the certificate in a secure manner?

  A. Extensible Authentication Protocol (EAP)
  B. Point to Point Protocol (PPP)
  C. Point to Point Tunneling Protocol (PPTP)
  D. Layer 2 Tunneling Protocol (L2TP)
  A. Extensible Authentication Protocol (EAP)

• Question 276:

  Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

  A. Truecrypt
  B. Sub7
  C. Nessus
  D. Clamwin
  C. Nessus

• Question 277:

  This tool is widely used for ARP Poisoning attack. Name the tool.

  

  A. Cain and Able
  B. Beat Infector
  C. Poison Ivy
  D. Webarp Infector
  A. Cain and Able

• Question 278:

  Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords. (Choose all that apply.

  A. Linux passwords can be encrypted with MD5
  B. Linux passwords can be encrypted with SHA
  C. Linux passwords can be encrypted with DES
  D. Linux passwords can be encrypted with Blowfish
  E. Linux passwords are encrypted with asymmetric algrothims
  A. Linux passwords can be encrypted with MD5
  C. Linux passwords can be encrypted with DES
  D. Linux passwords can be encrypted with Blowfish

• Question 279:

  You have just installed a new Linux file server at your office. This server is going to be used by several individuals in the organization, and unauthorized personnel must not be able to modify any data.

  What kind of program can you use to track changes to files on the server?

  A. Network Based IDS (NIDS)
  B. Personal Firewall
  C. System Integrity Verifier (SIV)
  D. Linux IP Chains
  C. System Integrity Verifier (SIV)

• Question 280:

  Jason works in the sales and marketing department for a very large advertising agency located in Atlanta. Jason is working on a very important marketing campaign for his company's largest client. Before the project could be completed and implemented, a competing advertising company comes out with the exact same marketing materials and advertising, thus rendering all the work done for Jason's client unusable. Jason is questioned about this and says he has no idea how all the material ended up in the hands of a competitor. Without any proof, Jason's company cannot do anything except move on. After working on another high profile client for about a month, all the marketing and sales material again ends up in the hands of another competitor and is released to the public before Jason's company can finish the project. Once again, Jason says that he had nothing to do with it and does not know how this could have happened. Jason is given leave with pay until they can figure out what is going on.

  Jason's supervisor decides to go through his email and finds a number of emails that were sent to the competitors that ended up with the marketing material. The only items in the emails were attached jpg files, but nothing else. Jason's supervisor opens the picture files, but cannot find anything out of the ordinary with them.

  What technique has Jason most likely used?

  A. Stealth Rootkit Technique
  B. ADS Streams Technique
  C. Snow Hiding Technique
  D. Image Steganography Technique
  D. Image Steganography Technique