1. Home
  2. GAQM
  3. CEH-001

GAQM CEH-001 Online Practice Questions and Exam Preparation

CEH-001 Exam Details

  • Exam Code
    :CEH-001
  • Exam Name
    :Certified Ethical Hacker (CEH)
  • Certification
    :GAQM Certifications
  • Vendor
    :GAQM
  • Total Questions
    :878 Q&As
  • Last Updated
    :May 30, 2026

GAQM CEH-001 Online Questions & Answers

  • Question 381:

    A circuit level gateway works at which of the following layers of the OSI Model?

    A. Layer 5 - Application
    B. Layer 4 - TCP
    C. Layer 3 - Internet protocol
    D. Layer 2 - Data link

  • Question 382:

    While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out. What is the most likely cause behind this response?

    A. The firewall is dropping the packets.
    B. An in-line IDS is dropping the packets.
    C. A router is blocking ICMP.
    D. The host does not respond to ICMP packets.

  • Question 383:

    You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

    A. There is no way to completely block tracerouting into this area
    B. Block UDP at the firewall
    C. Block TCP at the firewall
    D. Block ICMP at the firewall

  • Question 384:

    A simple compiler technique used by programmers is to add a terminator 'canary word' containing four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are terminated. If the canary word has been altered when the function returns, and the program responds by emitting an intruder alert into syslog, and then halts what does it indicate?

    A. A buffer overflow attack has been attempted
    B. A buffer overflow attack has already occurred
    C. A firewall has been breached and this is logged
    D. An intrusion detection system has been triggered
    E. The system has crashed

  • Question 385:

    A denial of Service (DoS) attack works on the following principle:

    A. MS-DOS and PC-DOS operating system utilize a weaknesses that can be compromised and permit them to launch an attack easily.
    B. All CLIENT systems have TCP/IP stack implementation weakness that can be compromised and permit them to lunch an attack easily.
    C. Overloaded buffer systems can easily address error conditions and respond appropriately.
    D. Host systems cannot respond to real traffic, if they have an overwhelming number of incomplete connections (SYN/RCVD State).
    E. A server stops accepting connections from certain networks one those network become flooded.

  • Question 386:

    What is the main advantage that a network-based IDS/IPS system has over a host-based solution?

    A. They do not use host system resources.
    B. They are placed at the boundary, allowing them to inspect all traffic.
    C. They are easier to install and configure.
    D. They will not interfere with user interfaces.

  • Question 387:

    Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

    A. They are written in Java.
    B. They send alerts to security monitors.
    C. They use the same packet analysis engine.
    D. They use the same packet capture utility.

  • Question 388:

    Steven the hacker realizes that the network administrator of XYZ is using syskey to protect organization resources in the Windows 2000 Server. Syskey independently encrypts the hashes so that physical access to the server, tapes, or ERDs is only first step to cracking the passwords. Steven must break through the encryption used by syskey before he can attempt to brute force dictionary attacks on the hashes. Steven runs a program called "SysCracker" targeting the Windows 2000 Server machine in attempting to crack the hash used by Syskey. He needs to configure the encryption level before he can launch attach.

    How many bits does Syskey use for encryption?

    A. 40 bit
    B. 64 bit
    C. 256 bit
    D. 128 bit

  • Question 389:

    Joe the Hacker breaks into XYZ's Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode.

    What can Joe do to hide the wiretap program from being detected by ifconfig command?

    A. Block output to the console whenever the user runs ifconfig command by running screen capture utiliyu
    B. Run the wiretap program in stealth mode from being detected by the ifconfig command.
    C. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console.
    D. You cannot disable Promiscuous mode detection on Linux systems.

  • Question 390:

    What type of session hijacking attack is shown in the exhibit?

    A. Cross-site scripting Attack
    B. SQL Injection Attack
    C. Token sniffing Attack
    D. Session Fixation Attack

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GAQM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CEH-001 exam preparations and GAQM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.