GAQM CEH-001 Online Practice Questions and Exam Preparation

GAQM CEH-001 Online Questions & Answers

• Question 391:

  What are common signs that a system has been compromised or hacked? (Choose three.)

  A. Increased amount of failed logon events
  B. Patterns in time gaps in system and/or event logs
  C. New user accounts created
  D. Consistency in usage baselines
  E. Partitions are encrypted
  F. Server hard drives become fragmented
  A. Increased amount of failed logon events
  B. Patterns in time gaps in system and/or event logs
  C. New user accounts created

• Question 392:

  One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker's source IP address.

  You send a ping request to the broadcast address 192.168.5.255.

  

  There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why?

  A. Windows machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.
  B. Linux machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.
  C. You should send a ping request with this command ping ? 192.168.5.0-255
  D. You cannot ping a broadcast address. The above scenario is wrong.
  A. Windows machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

• Question 393:

  If you come across a sheepdip machine at your client's site, what should you do?

  A. A sheepdip computer is used only for virus-checking.
  B. A sheepdip computer is another name for a honeypot
  C. A sheepdip coordinates several honeypots.
  D. A sheepdip computers defers a denial of service attack.
  A. A sheepdip computer is used only for virus-checking.

• Question 394:

  Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?

  A. Finger
  B. FTP
  C. Samba
  D. SMB
  D. SMB

• Question 395:

  Choose one of the following pseudo codes to describe this statement:

  "If we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any more data."

  A. If (I > 200) then exit (1)
  B. If (I < 200) then exit (1)
  C. If (I
  D. If (I >= 200) then exit (1)
  D. If (I >= 200) then exit (1)

• Question 396:

  What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

  A. Injecting parameters into a connection string using semicolons as a separator
  B. Inserting malicious Javascript code into input parameters
  C. Setting a user's session identifier (SID) to an explicit known value
  D. Adding multiple parameters with the same name in HTTP requests
  A. Injecting parameters into a connection string using semicolons as a separator

• Question 397:

  Advanced encryption standard is an algorithm used for which of the following?

  A. Data integrity
  B. Key discovery
  C. Bulk data encryption
  D. Key recovery
  C. Bulk data encryption

• Question 398:

  Stephanie works as senior security analyst for a manufacturing company in Detroit. Stephanie manages network security throughout the organization. Her colleague Jason told her in confidence that he was able to see confidential corporate information posted on the external website http://www.jeansclothesman.com. He tries random URLs on the company's website and finds confidential information leaked over the web. Jason says this happened about a month ago. Stephanie visits the said URLs, but she finds nothing. She is very concerned about this, since someone should be held accountable if there was sensitive information posted on the website.

  Where can Stephanie go to see past versions and pages of a website?

  A. She should go to the web page Samspade.org to see web pages that might no longer be on the website
  B. If Stephanie navigates to Search.com; she will see old versions of the company website
  C. Stephanie can go to Archive.org to see past versions of the company website
  D. AddressPast.com would have any web pages that are no longer hosted on the company's website
  C. Stephanie can go to Archive.org to see past versions of the company website

• Question 399:

  An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be traced back to the source of the problem?

  A. Install patches
  B. Setup a backdoor
  C. Install a zombie for DDOS
  D. Cover your tracks
  D. Cover your tracks

• Question 400:

  In keeping with the best practices of layered security, where are the best places to place intrusion detection/intrusion prevention systems? (Choose two.)

  A. HID/HIP (Host-based Intrusion Detection/Host-based Intrusion Prevention)
  B. NID/NIP (Node-based Intrusion Detection/Node-based Intrusion Prevention)
  C. NID/NIP (Network-based Intrusion Detection/Network-based Intrusion Prevention)
  D. CID/CIP (Computer-based Intrusion Detection/Computer-based Intrusion Prevention)
  A. HID/HIP (Host-based Intrusion Detection/Host-based Intrusion Prevention)
  C. NID/NIP (Network-based Intrusion Detection/Network-based Intrusion Prevention)

  ---

  Exam C