1. Home
  2. GAQM
  3. CEH-001

GAQM CEH-001 Online Practice Questions and Exam Preparation

CEH-001 Exam Details

  • Exam Code
    :CEH-001
  • Exam Name
    :Certified Ethical Hacker (CEH)
  • Certification
    :GAQM Certifications
  • Vendor
    :GAQM
  • Total Questions
    :878 Q&As
  • Last Updated
    :May 30, 2026

GAQM CEH-001 Online Questions & Answers

  • Question 701:

    Bob, an Administrator at XYZ was furious when he discovered that his buddy Trent, has launched a session hijack attack against his network, and sniffed on his communication, including administrative tasks suck as configuring routers,

    firewalls, IDS, via Telnet.

    Bob, being an unhappy administrator, seeks your help to assist him in ensuring that attackers such as Trent will not be able to launch a session hijack in XYZ.

    Based on the above scenario, please choose which would be your corrective measurement actions. (Choose two)

    A. Use encrypted protocols, like those found in the OpenSSH suite.
    B. Implement FAT32 filesystem for faster indexing and improved performance.
    C. Configure the appropriate spoof rules on gateways (internal and external).
    D. Monitor for CRP caches, by using IDS products.

  • Question 702:

    What does the following command in netcat do? nc -l -u -p55555 < /etc/passwd

    A. logs the incoming connections to /etc/passwd file
    B. loads the /etc/passwd file to the UDP port 55555
    C. grabs the /etc/passwd file when connected to UDP port 55555
    D. deletes the /etc/passwd file when connected to the UDP port 55555

  • Question 703:

    An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application? (Choose the best answer)

    A. Create a network tunnel.
    B. Create a multiple false positives.
    C. Create a SYN flood.
    D. Create a ping flood.

  • Question 704:

    Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code and decides to save the page locally to modify some of the page variables. In the context of web application security, what do you think Jane has changed?

    A. An integer variable
    B. A 'hidden' price value
    C. A 'hidden' form field value
    D. A page cannot be changed locally; it can only be served by a web server

  • Question 705:

    How can rainbow tables be defeated?

    A. Password salting
    B. Use of non-dictionary words
    C. All uppercase character passwords
    D. Lockout accounts under brute force password cracking attempts

  • Question 706:

    Bank of Timbuktu is a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web application recently. Customers can access their account balances, transfer money between accounts, pay bills and conduct online financial business using a Web browser.

    John Stevens is in charge of information security at Bank of Timbuktu. After one month in production, several customers have complained about the Internet enabled banking application. Strangely, the account balances of many of the bank's customers had been changed! However, money hasn't been removed from the bank; instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application's logs and found the following entries:

    What kind of attack did the Hacker attempt to carry out at the bank?

    A. Brute force attack in which the Hacker attempted guessing login ID and password from password cracking tools.
    B. The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason's session.
    C. The Hacker used a generator module to pass results to the Web server and exploited Web application CGI vulnerability.
    D. The Hacker first attempted logins with suspected user names, then used SQL Injection to gain access to valid bank login IDs.

  • Question 707:

    What are the limitations of Vulnerability scanners? (Select 2 answers)

    A. There are often better at detecting well-known vulnerabilities than more esoteric ones
    B. The scanning speed of their scanners are extremely high
    C. It is impossible for any, one scanning product to incorporate all known vulnerabilities in a timely manner
    D. The more vulnerabilities detected, the more tests required
    E. They are highly expensive and require per host scan license

  • Question 708:

    A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator classify this situation?

    A. True negatives
    B. False negatives
    C. True positives
    D. False positives

  • Question 709:

    What does FIN in TCP flag define?

    A. Used to abort a TCP connection abruptly
    B. Used to close a TCP connection
    C. Used to acknowledge receipt of a previous packet or transmission
    D. Used to indicate the beginning of a TCP connection

  • Question 710:

    What are the differences between SSL and S-HTTP?

    A. SSL operates at the network layer and S-HTTP operates at the application layer
    B. SSL operates at the application layer and S-HTTP operates at the network layer
    C. SSL operates at the transport layer and S-HTTP operates at the application layer
    D. SSL operates at the application layer and S-HTTP operates at the transport layer

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GAQM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CEH-001 exam preparations and GAQM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.