1. Home
  2. GAQM
  3. CEH-001

GAQM CEH-001 Online Practice Questions and Exam Preparation

CEH-001 Exam Details

  • Exam Code
    :CEH-001
  • Exam Name
    :Certified Ethical Hacker (CEH)
  • Certification
    :GAQM Certifications
  • Vendor
    :GAQM
  • Total Questions
    :878 Q&As
  • Last Updated
    :May 30, 2026

GAQM CEH-001 Online Questions & Answers

  • Question 501:

    What happens during a SYN flood attack?

    A. TCP connection requests floods a target machine is flooded with randomized source address and ports for the TCP ports.
    B. A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host's address as both source and destination, and is using the same port on the target host as both source and destination.
    C. A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field.
    D. A TCP packet is received with both the SYN and the FIN bits set in the flags field.

  • Question 502:

    The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

    A. Asymmetric
    B. Confidential
    C. Symmetric
    D. Non-confidential

  • Question 503:

    Exhibit

    Study the log given in the exhibit,

    Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

    A. Disallow UDP 53 in from outside to DNS server
    B. Allow UDP 53 in from DNS server to outside
    C. Disallow TCP 53 in form secondaries or ISP server to DNS server
    D. Block all UDP traffic

  • Question 504:

    What is a primary advantage a hacker gains by using encryption or programs such as Loki?

    A. It allows an easy way to gain administrator rights
    B. It is effective against Windows computers
    C. It slows down the effective response of an IDS
    D. IDS systems are unable to decrypt it
    E. Traffic will not be modified in transit

  • Question 505:

    Which of the following Registry location does a Trojan add entries to make it persistent on Windows 7? (Select 2 answers)

    A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\System32\CurrentVersion\ Run
    C. HKEY_CURRENT_USER\Software\Microsoft\Windows\System32\CurrentVersion\Run
    D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

  • Question 506:

    You have chosen a 22 character word from the dictionary as your password. How long will it take to crack the password by an attacker?

    A. 16 million years
    B. 5 minutes
    C. 23 days
    D. 200 years

  • Question 507:

    Which of the following is most effective against passwords? Select the Answer:

    A. Dictionary Attack
    B. BruteForce attack
    C. Targeted Attack
    D. Manual password Attack

  • Question 508:

    Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?

    A. The initial traffic from 192.168.12.35 was being spoofed.
    B. The traffic from 192.168.12.25 is from a Linux computer.
    C. The TTL of 21 means that the client computer is on wireless.
    D. The client computer at 192.168.12.35 is a zombie computer.

  • Question 509:

    At a Windows Server command prompt, which command could be used to list the running services?

    A. Sc query type= running
    B. Sc query \\servername
    C. Sc query
    D. Sc config

  • Question 510:

    During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

    A. The tester must capture the WPA2 authentication handshake and then crack it.
    B. The tester must use the tool inSSIDer to crack it using the ESSID of the network.
    C. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.
    D. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GAQM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CEH-001 exam preparations and GAQM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.