GAQM CEH-001 Online Practice Questions and Exam Preparation

GAQM CEH-001 Online Questions & Answers

• Question 591:

  Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a

  login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:

  SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%'

  What will the SQL statement accomplish?

  A. If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin
  B. This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com
  C. This Select SQL statement will log James in if there are any users with NULL passwords
  D. James will be able to see if there are any default user accounts in the SQL database
  B. This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com

• Question 592:

  Web servers are often the most targeted and attacked hosts on organizations' networks. Attackers may exploit software bugs in the Web server, underlying operating system, or active content to gain unauthorized access.

  

  Identify the correct statement related to the above Web Server installation?

  A. Lack of proper security policy, procedures and maintenance
  B. Bugs in server software, OS and web applications
  C. Installing the server with default settings
  D. Unpatched security flaws in the server software, OS and applications
  C. Installing the server with default settings

• Question 593:

  Which of the statements concerning proxy firewalls is correct?

  A. Proxy firewalls increase the speed and functionality of a network.
  B. Firewall proxy servers decentralize all activity for an application.
  C. Proxy firewalls block network packets from passing to and from a protected network.
  D. Computers establish a connection with a proxy firewall which initiates a new network connection for the client.
  D. Computers establish a connection with a proxy firewall which initiates a new network connection for the client.

• Question 594:

  This kind of password cracking method uses word lists in combination with numbers and special characters:

  A. Hybrid
  B. Linear
  C. Symmetric
  D. Brute Force
  A. Hybrid

• Question 595:

  Which set of access control solutions implements two-factor authentication?

  A. USB token and PIN
  B. Fingerprint scanner and retina scanner
  C. Password and PIN
  D. Account and password
  A. USB token and PIN

• Question 596:

  Study the snort rule given below:

  

  From the options below, choose the exploit against which this rule applies.

  A. WebDav
  B. SQL Slammer
  C. MS Blaster
  D. MyDoom
  C. MS Blaster

• Question 597:

  You have been called to investigate a sudden increase in network traffic at XYZ. It seems that the traffic generated was too heavy that normal business functions could no longer be rendered to external employees and clients. After a quick investigation, you find that the computer has services running attached to TFN2k and Trinoo software. What do you think was the most likely cause behind this sudden increase in traffic?

  A. A distributed denial of service attack.
  B. A network card that was jabbering.
  C. A bad route on the firewall.
  D. Invalid rules entry at the gateway.
  A. A distributed denial of service attack.

• Question 598:

  Rebecca is a security analyst and knows of a local root exploit that has the ability to enable local users to use available exploits to gain root privileges. This vulnerability exploits a condition in the Linux kernel within the execve() system call. There is no known workaround that exists for this vulnerability. What is the correct action to be taken by Rebecca in this situation as a recommendation to management?

  A. Rebecca should make a recommendation to disable the () system call
  B. Rebecca should make a recommendation to upgrade the Linux kernel promptly
  C. Rebecca should make a recommendation to set all child-process to sleep within the execve()
  D. Rebecca should make a recommendation to hire more system administrators to monitor all child processes to ensure that each child process can't elevate privilege
  B. Rebecca should make a recommendation to upgrade the Linux kernel promptly

• Question 599:

  Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He enters the following at the command prompt.

  $ nc -l -p 1026 -u -v

  In response, he sees the following message.

  cell(?(c)????STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.

  Windows has found 47 Critical Errors.

  To fix the errors please do the following:

  1.

  Download Registry Repair from: www.reg-patch.com

  2.

  Install Registry Repair

  3.

  Run Registry Repair

  4.

  Reboot your computer

  FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!

  What would you infer from this alert?

  A. The machine is redirecting traffic to www.reg-patch.com using adware
  B. It is a genuine fault of windows registry and the registry needs to be backed up
  C. An attacker has compromised the machine and backdoored ports 1026 and 1027
  D. It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities
  D. It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities

• Question 600:

  File extensions provide information regarding the underlying server technology. Attackers can use this information to search vulnerabilities and launch attacks. How would you disable file extensions in Apache servers?

  A. Use disable-eXchange
  B. Use mod_negotiation
  C. Use Stop_Files
  D. Use Lib_exchanges
  B. Use mod_negotiation