GAQM CEH-001 Online Practice Questions and Exam Preparation

GAQM CEH-001 Online Questions & Answers

• Question 751:

  What command would you type to OS fingerprint a server using the command line?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  C. Option C

• Question 752:

  Passive reconnaissance involves collecting information through which of the following?

  A. Social engineering
  B. Network traffic sniffing
  C. Man in the middle attacks
  D. Publicly accessible sources
  D. Publicly accessible sources

• Question 753:

  Which security strategy requires using several, varying methods to protect IT systems against attacks?

  A. Defense in depth
  B. Three-way handshake
  C. Covert channels
  D. Exponential backoff algorithm
  A. Defense in depth

• Question 754:

  Which of the following is a detective control?

  A. Smart card authentication
  B. Security policy
  C. Audit trail
  D. Continuity of operations plan
  C. Audit trail

• Question 755:

  You have initiated an active operating system fingerprinting attempt with nmap against a target system:

  

  What operating system is the target host running based on the open ports shown above?

  A. Windows XP
  B. Windows 98 SE
  C. Windows NT4 Server
  D. Windows 2000 Server
  D. Windows 2000 Server

• Question 756:

  Bryan notices the error on the web page and asks Liza to enter liza' or '1'='1 in the email field. They are greeted with a message "Your login information has been mailed to [email protected]". What do you think has occurred?

  A. The web application picked up a record at random
  B. The web application returned the first record it found
  C. The server error has caused the application to malfunction
  D. The web application emailed the administrator about the error
  B. The web application returned the first record it found

• Question 757:

  Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

  A. Ping of death
  B. SYN flooding
  C. TCP hijacking
  D. Smurf attack
  A. Ping of death

• Question 758:

  ETHER: Destination address : 0000BA5EBA11 ETHER: Source address :

  

  An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application?

  A. Create a SYN flood
  B. Create a network tunnel
  C. Create multiple false positives
  D. Create a ping flood
  B. Create a network tunnel

• Question 759:

  Which of the following is an example of two factor authentication?

  A. PIN Number and Birth Date
  B. Username and Password
  C. Digital Certificate and Hardware Token
  D. Fingerprint and Smartcard ID
  B. Username and Password

• Question 760:

  A company is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purposes. This could lead to prosecution for the sender and for the company's directors if, for example, outgoing email was found to contain material that was pornographic, racist, or likely to incite someone to commit an act of terrorism. You can always defend yourself by "ignorance of the law" clause.

  A. true
  B. false
  B. false