1. Home
  2. GAQM
  3. CEH-001

GAQM CEH-001 Online Practice Questions and Exam Preparation

CEH-001 Exam Details

  • Exam Code
    :CEH-001
  • Exam Name
    :Certified Ethical Hacker (CEH)
  • Certification
    :GAQM Certifications
  • Vendor
    :GAQM
  • Total Questions
    :878 Q&As
  • Last Updated
    :May 30, 2026

GAQM CEH-001 Online Questions & Answers

  • Question 321:

    What is the correct order of steps in CEH System Hacking Cycle?

    A. Option A
    B. Option B
    C. Option C
    D. Option D

  • Question 322:

    Basically, there are two approaches to network intrusion detection: signature detection, and anomaly detection. The signature detection approach utilizes well- known signatures for network traffic to identify potentially malicious traffic. The anomaly detection approach utilizes a previous history of network traffic to search for patterns that are abnormal, which would indicate an intrusion. How can an attacker disguise his buffer overflow attack signature such that there is a greater probability of his attack going undetected by the IDS?

    A. He can use a shellcode that will perform a reverse telnet back to his machine
    B. He can use a dynamic return address to overwrite the correct value in the target machine computer memory
    C. He can chain NOOP instructions into a NOOP "sled" that advances the processor's instruction pointer to a random place of choice
    D. He can use polymorphic shell code-with a tool such as ADMmutate - to change the signature of his exploit as seen by a network IDS

  • Question 323:

    Which tool can be used to silently copy files from USB devices?

    A. USB Grabber
    B. USB Dumper
    C. USB Sniffer
    D. USB Snoopy

  • Question 324:

    Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network. He receives the following SMS message during the weekend.

    An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason's network with the hping command. Which of the following hping2 command is responsible for the above snort alert?

    A. chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118
    B. chenrocks:/home/siew # hping -F -Q -J -A -C -W 192.168.2.56 -p 22 -c 5 -t 118
    C. chenrocks:/home/siew # hping -D -V -R -S -Z -Y 192.168.2.56 -p 22 -c 5 -t 118
    D. chenrocks:/home/siew # hping -G -T -H -S -L -W 192.168.2.56 -p 22 -c 5 -t 118

  • Question 325:

    A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?

    A. Say nothing and continue with the security testing.
    B. Stop work immediately and contact the authorities.
    C. Delete the pornography, say nothing, and continue security testing.
    D. Bring the discovery to the financial organization's human resource department.

  • Question 326:

    If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

    A. SDLC process
    B. Honey pot
    C. SQL injection
    D. Trap door

  • Question 327:

    You are attempting to map out the firewall policy for an organization. You discover your target system is one hop beyond the firewall. Using hping2, you send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024. What is this process known as?

    A. Footprinting
    B. Firewalking
    C. Enumeration
    D. Idle scanning

  • Question 328:

    Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the "echo" command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill's problem?

    A. You cannot use a buffer overflow to deface a web page
    B. There is a problem with the shell and he needs to run the attack again
    C. The HTML file has permissions of read only
    D. The system is a honeypot

  • Question 329:

    Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

    A. WebBugs
    B. WebGoat
    C. VULN_HTML
    D. WebScarab

  • Question 330:

    Which definition among those given below best describes a covert channel?

    A. A server program using a port that is not well known.
    B. Making use of a protocol in a way it is not intended to be used.
    C. It is the multiplexing taking place on a communication link.
    D. It is one of the weak channels used by WEP which makes it insecure.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GAQM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CEH-001 exam preparations and GAQM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.