CEH-001 Exam Details

  • Exam Code
    :CEH-001
  • Exam Name
    :Certified Ethical Hacker (CEH)
  • Certification
    :GAQM Certifications
  • Vendor
    :GAQM
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 10, 2026

GAQM CEH-001 Online Questions & Answers

  • Question 31:

    What is the command used to create a binary log file using tcpdump?

    A. tcpdump -w ./log
    B. tcpdump -r log
    C. tcpdump -vde logtcpdump -vde ? log
    D. tcpdump -l /var/log/

  • Question 32:

    XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities.

    What is the correct code when converted to html entities?

    A. Option A
    B. Option B
    C. Option C
    D. Option D

  • Question 33:

    Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers)

    A. Bogus ECHO reply packets are flooded on the network spoofing the IP and MAC address
    B. The ICMP packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim's network
    C. ECHO packets are flooded on the network saturating the bandwidth of the subnet causing denial of service
    D. A DDoS ICMP flood attack occurs when the zombies send large volumes of ICMP_ECHO_REPLY packets to the victim system.

  • Question 34:

    While performing a ping sweep of a local subnet you receive an ICMP reply of Code 3/Type 13 for all the pings you have sent out. What is the most likely cause of this?

    A. The firewall is dropping the packets
    B. An in-line IDS is dropping the packets
    C. A router is blocking ICMP
    D. The host does not respond to ICMP packets

  • Question 35:

    An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be seen by your IDS, as it may take action to stop him. What tool might he use to bypass the IDS? Select the best answer.

    A. Firewalk
    B. Manhunt
    C. Fragrouter
    D. Fragids

  • Question 36:

    What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

    A. All are hacking tools developed by the legion of doom
    B. All are tools that can be used not only by hackers, but also security personnel
    C. All are DDOS tools
    D. All are tools that are only effective against Windows
    E. All are tools that are only effective against Linux

  • Question 37:

    An Attacker creates a zuckerjournals.com website by copying and mirroring HACKERJOURNALS.COM site to spread the news that Hollywood actor Jason Jenkins died in a car accident. The attacker then submits his fake site for indexing in major search engines. When users search for "Jason Jenkins", attacker's fake site shows up and dupes victims by the fake news.

    This is another great example that some people do not know what URL's are. Real website: Fake website: http://www.zuckerjournals.com

    The website is clearly not WWW.HACKERJOURNALS.COM. It is obvious for many, but unfortunately some people still do not know what an URL is. It's the address that you enter into the address bar at the top your browser and this is clearly not legit site, its www.zuckerjournals.com

    How would you verify if a website is authentic or not?

    A. Visit the site using secure HTTPS protocol and check the SSL certificate for authenticity
    B. Navigate to the site by visiting various blogs and forums for authentic links
    C. Enable Cache on your browser and lookout for error message warning on the screen
    D. Visit the site by clicking on a link from Google search engine

  • Question 38:

    Study the log below and identify the scan type.

    A. nmap -sR 192.168.1.10
    B. nmap -sS 192.168.1.10
    C. nmap -sV 192.168.1.10
    D. nmap -sO -T 192.168.1.10

  • Question 39:

    A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:

    Untrust (Internet) -(Remote network = 217.77.88.0/24)

    DMZ (DMZ)-(11.12.13.0/24)

    Trust (Intranet) -(192.168.0.0/24)

    The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?

    A. Permit 217.77.88.0/24 11.12.13.0/24 RDP 3389
    B. Permit 217.77.88.12 11.12.13.50 RDP 3389
    C. Permit 217.77.88.12 11.12.13.0/24 RDP 3389
    D. Permit 217.77.88.0/24 11.12.13.50 RDP 3389

  • Question 40:

    Take a look at the following attack on a Web Server using obstructed URL:

    How would you protect from these attacks?

    A. Configure the Web Server to deny requests involving "hex encoded" characters
    B. Create rules in IDS to alert on strange Unicode requests
    C. Use SSL authentication on Web Servers
    D. Enable Active Scripts Detection at the firewall and routers

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GAQM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CEH-001 exam preparations and GAQM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.