GAQM CEH-001 Online Practice Questions and Exam Preparation

GAQM CEH-001 Online Questions & Answers

• Question 651:

  What is the best defense against privilege escalation vulnerability?

  A. Patch systems regularly and upgrade interactive login privileges at the system administrator level.
  B. Run administrator and applications on least privileges and use a content registry for tracking.
  C. Run services with least privileged accounts and implement multi-factor authentication and authorization.
  D. Review user roles and administrator privileges for maximum utilization of automation services.
  C. Run services with least privileged accounts and implement multi-factor authentication and authorization.

• Question 652:

  Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses. He planned the attack carefully and carried out the attack at the appropriate moment.

  Meanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked. As a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access

  the resources of the company. This process involves human interaction to fix it.

  What kind of Denial of Service attack was best illustrated in the scenario above?

  A. Simple DDoS attack
  B. DoS attacks which involves flooding a network or system
  C. DoS attacks which involves crashing a network or system
  D. DoS attacks which is done accidentally or deliberately
  C. DoS attacks which involves crashing a network or system

• Question 653:

  Attackers send an ACK probe packet with random sequence number, no response means port is filtered (Stateful firewall is present) and RST response means the port is not filtered. What type of Port Scanning is this?

  A. RST flag scanning
  B. FIN flag scanning
  C. SYN flag scanning
  D. ACK flag scanning
  D. ACK flag scanning

• Question 654:

  Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?

  A. Cain
  B. John the Ripper
  C. Nikto
  D. Hping
  A. Cain

• Question 655:

  John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the log files to investigate the attack. Take a look at the following Linux log file snippet. The hacker compromised and "owned" a

  Linux machine.

  What is the hacker trying to accomplish here?

  

  A. The hacker is attempting to compromise more machines on the network
  B. The hacker is planting a rootkit
  C. The hacker is running a buffer overflow exploit to lock down the system
  D. The hacker is trying to cover his tracks
  D. The hacker is trying to cover his tracks

• Question 656:

  Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?

  A. Snort
  B. argus
  C. TCPflow
  D. Tcpdump
  C. TCPflow

• Question 657:

  After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen, and then opens a second connection from a forged IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP address is used for authentication, then the attacker can use the one-sided communication to break into the server. What attacks can you successfully launch against a server using the above technique?

  A. Denial of Service attacks
  B. Session Hijacking attacks
  C. Web page defacement attacks
  D. IP spoofing attacks
  B. Session Hijacking attacks

• Question 658:

  You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

  Dear valued customers,

  We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your

  antivirus code:

  Antivirus code: 5014

  http://www.juggyboy/virus/virus.html

  Thank you for choosing us, the worldwide leader Antivirus solutions.

  Mike Robertson

  PDF Reader Support

  Copyright Antivirus 2010 ?All rights reserved

  If you want to stop receiving mail, please go to:

  http://www.juggyboy.com

  or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

  How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

  A. Look at the website design, if it looks professional then it is a Real Anti-Virus website
  B. Connect to the site using SSL, if you are successful then the website is genuine
  C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
  D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
  E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
  C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

• Question 659:

  Which of the following is a hashing algorithm?

  A. MD5
  B. PGP
  C. DES
  D. ROT13
  A. MD5

• Question 660:

  In an attempt to secure his wireless network, Bob turns off broadcasting of the SSID. He concludes that since his access points require the client computer to have the proper SSID, it would prevent others from connecting to the wireless

  network. Unfortunately unauthorized users are still able to connect to the wireless network.

  Why do you think this is possible?

  A. Bob forgot to turn off DHCP.
  B. All access points are shipped with a default SSID.
  C. The SSID is still sent inside both client and AP packets.
  D. Bob's solution only works in ad-hoc mode.
  B. All access points are shipped with a default SSID.