CEH-001 Exam Details

  • Exam Code
    :CEH-001
  • Exam Name
    :Certified Ethical Hacker (CEH)
  • Certification
    :GAQM Certifications
  • Vendor
    :GAQM
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 10, 2026

GAQM CEH-001 Online Questions & Answers

  • Question 861:

    Which of the following statements would NOT be a proper definition for a Trojan Horse?

    A. An authorized program that has been designed to capture keyboard keystroke while the user is unaware of such activity being performed
    B. An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user
    C. A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user
    D. Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user

  • Question 862:

    Perimeter testing means determining exactly what your firewall blocks and what it allows. To conduct a good test, you can spoof source IP addresses and source ports. Which of the following command results in packets that will appear to originate from the system at 10.8.8.8? Such a packet is useful for determining whether the firewall is allowing random packets in or out of your network.

    A. hping3 -T 10.8.8.8 -S netbios -c 2 -p 80
    B. hping3 -Y 10.8.8.8 -S windows -c 2 -p 80
    C. hping3 -O 10.8.8.8 -S server -c 2 -p 80
    D. hping3 -a 10.8.8.8 -S springfield -c 2 -p 80

  • Question 863:

    Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference?

    A. Eric network has been penetrated by a firewall breach
    B. The attacker is using the ICMP protocol to have a covert channel
    C. Eric has a Wingate package providing FTP redirection on his network
    D. Somebody is using SOCKS on the network to communicate through the firewall

  • Question 864:

    Henry is an attacker and wants to gain control of a system and use it to flood a target system with requests, so as to prevent legitimate users from gaining access. What type of attack is Henry using?

    A. Henry is executing commands or viewing data outside the intended target path
    B. Henry is using a denial of service attack which is a valid threat used by an attacker
    C. Henry is taking advantage of an incorrect configuration that leads to access with higher- than-expected privilege
    D. Henry uses poorly designed input validation routines to create or alter commands to gain access to unintended data or execute commands

  • Question 865:

    NSLookup is a good tool to use to gain additional information about a target network. What does the following command accomplish? nslookup

    > server

    > set type =any

    > ls -d

    A. Enables DNS spoofing
    B. Loads bogus entries into the DNS table
    C. Verifies zone security
    D. Performs a zone transfer
    E. Resets the DNS cache

  • Question 866:

    Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

    Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

    A. Hardware, Software, and Sniffing.
    B. Hardware and Software Keyloggers.
    C. Passwords are always best obtained using Hardware key loggers.
    D. Software only, they are the most effective.

  • Question 867:

    Your company has blocked all the ports via external firewall and only allows port 80/443 to connect to the Internet. You want to use FTP to connect to some remote server on the Internet. How would you accomplish this?

    A. Use HTTP Tunneling
    B. Use Proxy Chaining
    C. Use TOR Network
    D. Use Reverse Chaining

  • Question 868:

    When Nmap performs a ping sweep, which of the following sets of requests does it send to the target device?

    A. ICMP ECHO_REQUEST and TCP SYN
    B. ICMP ECHO_REQUEST and TCP ACK
    C. ICMP ECHO_REPLY and TFP RST
    D. ICMP ECHO_REPLY and TCP FIN

  • Question 869:

    A majority of attacks come from insiders, people who have direct access to a company's computer system as part of their job function or a business relationship. Who is considered an insider?

    A. A competitor to the company because they can directly benefit from the publicity generated by making such an attack
    B. Disgruntled employee, customers, suppliers, vendors, business partners, contractors, temps, and consultants
    C. The CEO of the company because he has access to all of the computer systems
    D. A government agency since they know the company's computer system strengths and weaknesses

  • Question 870:

    Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder's IP address for a period of 24 hours' time after more than three unsuccessful attempts. He is confident that this rule will secure his network from hackers on the Internet.

    But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall rule.

    Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder's attempts.

    Samuel wants to completely block hackers brute force attempts on his network. What are the alternatives to defending against possible brute-force password attacks on his site?

    A. Enforce a password policy and use account lockouts after three wrong logon attempts even though this might lock out legit users
    B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the Firewall manually
    C. Enforce complex password policy on your network so that passwords are more difficult to brute force
    D. You cannot completely block the intruders attempt if they constantly switch proxies

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GAQM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CEH-001 exam preparations and GAQM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.