GAQM CEH-001 Online Practice Questions and Exam Preparation

GAQM CEH-001 Online Questions & Answers

• Question 281:

  After studying the following log entries, what is the attacker ultimately trying to achieve as inferred from the log sequence?

  1.

  mkdir -p /etc/X11/applnk/Internet/.etc

  2.

  mkdir -p /etc/X11/applnk/Internet/.etcpasswd

  3.

  touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd

  4.

  touch -acmr /etc /etc/X11/applnk/Internet/.etc

  5.

  passwd nobody -d

  6.

  /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

  7.

  passwd dns -d

  8.

  touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd

  9.

  touch -acmr /etc/X11/applnk/Internet/.etc /etc

  A. Change password of user nobody
  B. Extract information from a local directory
  C. Change the files Modification Access Creation times
  D. Download rootkits and passwords into a new directory
  C. Change the files Modification Access Creation times

• Question 282:

  Hampton is the senior security analyst for the city of Columbus in Ohio. His primary responsibility is to ensure that all physical and logical aspects of the city's computer network are secure from all angles. Bill is an IT technician that works with Hampton in the same IT department. Bill's primary responsibility is to keep PC's and servers up to date and to keep track of all the agency laptops that the company owns and lends out to its employees. After Bill setup a wireless network for the agency, Hampton made sure that everything was secure. He instituted encryption, rotating keys, turned off SSID broadcasting, and enabled MAC filtering. According to agency policy, only company laptops are allowed to use the wireless network, so Hampton entered all the MAC addresses for those laptops into the wireless security utility so that only those laptops should be able to access the wireless network. Hampton does not keep track of all the laptops, but he is pretty certain that the agency only purchases Dell laptops. Hampton is curious about this because he notices Bill working on a Toshiba laptop one day and saw that he was on the Internet. Instead of jumping to conclusions, Hampton decides to talk to Bill's boss and see if they had purchased a Toshiba laptop instead of the usual Dell. Bill's boss said no, so now Hampton is very curious to see how Bill is accessing the Internet. Hampton does site surveys every couple of days, and has yet to see any outside wireless network signals inside the company's building.

  How was Bill able to get Internet access without using an agency laptop?

  A. Bill spoofed the MAC address of Dell laptop
  B. Bill connected to a Rogue access point
  C. Toshiba and Dell laptops share the same hardware address
  D. Bill brute forced the Mac address ACLs
  A. Bill spoofed the MAC address of Dell laptop

• Question 283:

  What is the goal of a Denial of Service Attack?

  A. Capture files from a remote computer.
  B. Render a network or computer incapable of providing normal service.
  C. Exploit a weakness in the TCP stack.
  D. Execute service at PS 1009.
  B. Render a network or computer incapable of providing normal service.

• Question 284:

  The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

  A. Physical
  B. Procedural
  C. Technical
  D. Compliance
  B. Procedural

• Question 285:

  Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately.

  Which organization coordinates computer crime investigations throughout the United States?

  A. NDCA
  B. NICP
  C. CIRP
  D. NPC
  E. CIA
  D. NPC

• Question 286:

  Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

  A. Teardrop
  B. SYN flood
  C. Smurf attack
  D. Ping of death
  A. Teardrop

• Question 287:

  This TCP flag instructs the sending system to transmit all buffered data immediately.

  A. SYN
  B. RST
  C. PSH
  D. URG
  E. FIN
  C. PSH

• Question 288:

  A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

  A. Firewall-management policy
  B. Acceptable-use policy
  C. Remote-access policy
  D. Permissive policy
  C. Remote-access policy

• Question 289:

  You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement numbers to successfully hijack the telnet session.

  Here is the captured data in tcpdump.

  

  What are the next sequence and acknowledgement numbers that the router will send to the victim machine?

  A. Sequence number: 82980070 Acknowledgement number: 17768885A.
  B. Sequence number: 17768729 Acknowledgement number: 82980070B.
  C. Sequence number: 87000070 Acknowledgement number: 85320085C.
  D. Sequence number: 82980010 Acknowledgement number: 17768885D.
  A. Sequence number: 82980070 Acknowledgement number: 17768885A.

• Question 290:

  Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.

  

  

  How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)

  A. Alternate between typing the login credentials and typing characters somewhere else in the focus window
  B. Type a wrong password first, later type the correct password on the login page defeating the keylogger recording
  C. Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.
  D. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd". Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies "asdfsd"
  E. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd". Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies "asdfsd"
  A. Alternate between typing the login credentials and typing characters somewhere else in the focus window
  C. Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.
  D. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd". Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies "asdfsd"
  E. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd". Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies "asdfsd"