CEH-001 | All About Realistic CEH-001 Free Download

Your success in GAQM CEH-001 is our sole target and we develop all our CEH-001 braindumps in a way that facilitates the attainment of this target. Not only is our CEH-001 study material the best you can find, it is also the most detailed and the most updated. CEH-001 Practice Exams for GAQM CEH-001 are written to the highest standards of technical accuracy.

Free demo questions for GAQM CEH-001 Exam Dumps Below:


Symmetric encryption algorithms are known to be fast but present great challenges on the key management side. Asymmetric encryption algorithms are slow but allow communication with a remote host without having to transfer a key out of band or in person. If we combine the strength of both crypto systems where we use the symmetric algorithm to encrypt the bulk of the data and then use the asymmetric encryption system to encrypt the symmetric key, what would this type of usage be known as?

  • A. Symmetric system
  • B. Combined system
  • C. Hybrid system
  • D. Asymmetric system

Answer: C

Because of the complexity of the underlying problems, most public-key algorithms involve operations such as modular multiplication and exponentiation, which are much more computationally expensive than the techniques used in most block ciphers, especially with typical key sizes. As a result, public-key cryptosystems are commonly "hybrid" systems, in which a fast symmetric-key encryption algorithm is used for the message itself, while the relevant symmetric key is sent with the message, but encrypted using a public-key algorithm. Similarly, hybrid signature schemes are often used, in which a cryptographic hash function is computed, and only the resulting hash is digitally signed.


In Trojan terminology, what is a covert channel?
CEH-001 dumps exhibit

  • A. A channel that transfers information within a computer system or network in a way that violates the security policy
  • B. A legitimate communication path within a computer system or network for transfer of data
  • C. It is a kernel operation that hides boot processes and services to mask detection
  • D. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Answer: A


Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for?
Select the best answers.

  • A. SNMPUtil
  • B. SNScan
  • C. SNMPScan
  • D. Solarwinds IP Network Browser
  • E. NMap

Answer: ABD

SNMPUtil is a SNMP enumeration utility that is a part of the Windows 2000 resource kit. With SNMPUtil, you can retrieve all sort of valuable information through SNMP. SNScan is a SNMP network scanner by Foundstone. It does SNMP scanning to find open SNMP ports. Solarwinds IP Network Browser is a SNMP enumeration tool with a graphical tree- view of the remote machine's SNMP data.


Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

  • A. WebBugs
  • B. WebGoat
  • D. WebScarab

Answer: B


Name two software tools used for OS guessing? (Choose two.

  • A. Nmap
  • B. Snadboy
  • C. Queso
  • D. UserInfo
  • E. NetBus

Answer: AC

Nmap and Queso are the two best-known OS guessing programs. OS guessing software has the ability to look at peculiarities in the way that each vendor implements the RFC's. These differences are compared with its database of known OS fingerprints. Then a best guess of the OS is provided to the user.


How do you defend against MAC attacks on a switch?
CEH-001 dumps exhibit

  • A. Disable SPAN port on the switch
  • B. Enable SNMP Trap on the switch
  • C. Configure IP security on the switch
  • D. Enable Port Security on the switch

Answer: D


John the hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct MiTM attack. What is the destination MAC address of a broadcast frame?


Answer: A


For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

  • A. Sender's public key
  • B. Receiver's private key
  • C. Receiver's public key
  • D. Sender's private key

Answer: D


In an attempt to secure his 802.11b wireless network, Ulf decides to use a strategic antenna positioning. He places the antenna for the access points near the center of the building. For those access points near the outer edge of the building he uses semi- directional antennas that face towards the building’s center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Ulf figures that with this and his placement of antennas, his wireless network will be safe from attack.
Which of the following statements is true?

  • A. With the 300 feet limit of a wireless signal, Ulf’s network is safe.
  • B. Wireless signals can be detected from miles away, Ulf’s network is not safe.
  • C. Ulf’s network will be safe but only of he doesn’t switch to 802.11a.
  • D. Ulf’s network will not be safe until he also enables WEP.

Answer: D


You want to hide a secret.txt document inside c:windowssystem32tcpip.dll kernel library using ADS streams. How will you accomplish this?

  • A. copy secret.txt c:windowssystem32tcpip.dll kernel>secret.txt
  • B. copy secret.txt c:windowssystem32tcpip.dll:secret.txt
  • C. copy secret.txt c:windowssystem32tcpip.dll |secret.txt
  • D. copy secret.txt >< c:windowssystem32tcpip.dll kernel secret.txt

Answer: B


You have just received an assignment for an assessment at a company site. Company's management is concerned about external threat and wants to take appropriate steps to insure security is in place. Anyway the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing ?

  • A. Black box testing
  • B. Black hat testing
  • C. Gray box testing
  • D. Gray hat testing
  • E. White box testing
  • F. White hat testing

Answer: C

Internal Testing is also referred to as Gray-box testing.


Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)

  • A. CHAT rooms
  • B. WHOIS database
  • C. News groups
  • D. Web sites
  • E. Search engines
  • F. Organization’s own web site

Answer: ABCDEF

A Security tester should search for information everywhere that he/she can access. You never know where you find that small piece of information that could penetrate a strong defense.


You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:

  • A. Sending a mail message to a valid address on the target network, and examining the header information generated by the IMAP servers
  • B. Examining the SMTP header information generated by using the –mx command parameter of DIG
  • C. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address
  • D. Sending a mail message to an invalid address on the target network, and examining the header information generated by the POP servers

Answer: C


Under what conditions does a secondary name server request a zone transfer from a primary name server?

  • A. When a primary SOA is higher that a secondary SOA
  • B. When a secondary SOA is higher that a primary SOA
  • C. When a primary name server has had its service restarted
  • D. When a secondary name server has had its service restarted
  • E. When the TTL falls to zero

Answer: A

Understanding DNS is critical to meeting the requirements of the CEH. When the serial number that is within the SOA record of the primary server is higher than the Serial number within the SOA record of the secondary DNS server, a zone transfer will take place.


A circuit level gateway works at which of the following layers of the OSI Model?

  • A. Layer 5 - Application
  • B. Layer 4 – TCP
  • C. Layer 3 – Internet protocol
  • D. Layer 2 – Data link

Answer: B


How does an operating system protect the passwords used for account logins?

  • A. The operating system performs a one-way hash of the passwords.
  • B. The operating system stores the passwords in a secret file that users cannot find.
  • C. The operating system encrypts the passwords, and decrypts them when needed.
  • D. The operating system stores all passwords in a protected segment of non-volatile memory.

Answer: A


Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder's IP address for a period of 24 hours' time after more than three unsuccessful attempts. He is confident that this rule will secure his network from hackers on the Internet.
But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall rule.
Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder's attempts.
Samuel wants to completely block hackers brute force attempts on his network.
What are the alternatives to defending against possible brute-force password attacks on his site?

  • A. Enforce a password policy and use account lockouts after three wrong logon attempts even though this might lock out legit users
  • B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at theFirewall manually
  • C. Enforce complex password policy on your network so that passwords are more difficult to brute force
  • D. You cannot completely block the intruders attempt if they constantly switch proxies

Answer: D


What makes web application vulnerabilities so aggravating? (Choose two)

  • A. They can be launched through an authorized port.
  • B. A firewall will not stop them.
  • C. They exist only on the Linux platform.
  • D. They are detectable by most leading antivirus software.

Answer: AB

As the vulnerabilities exists on a web server, incoming traffic on port 80 will probably be allowed and no firewall rules will stop the attack.


Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to
perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:
SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%'
What will the SQL statement accomplish?

  • A. If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin
  • B. This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com
  • C. This Select SQL statement will log James in if there are any users with NULL passwords
  • D. James will be able to see if there are any default user accounts in the SQL database

Answer: B

This query will search for admin user with blank password with mail address @testers.com


During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

  • A. The tester must capture the WPA2 authentication handshake and then crack it.
  • B. The tester must use the tool inSSIDer to crack it using the ESSID of the network.
  • C. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.
  • D. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

Answer: A


A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

  • A. if (billingAddress = 50) {update field} else exit
  • B. if (billingAddress != 50) {update field} else exit
  • C. if (billingAddress >= 50) {update field} else exit
  • D. if (billingAddress <= 50) {update field} else exit

Answer: D


NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from your laptop by sniffing the wire. Which port does SMB over TCP/IP use?

  • A. 443
  • B. 139
  • C. 179
  • D. 445

Answer: D


A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?

  • A. The consultant will ask for money on the bid because of great work.
  • B. The consultant may expose vulnerabilities of other companies.
  • C. The company accepting bids will want the same type of format of testing.
  • D. The company accepting bids will hire the consultant because of the great work performed.

Answer: B


Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?

  • A. Finger
  • B. FTP
  • C. Samba
  • D. SMB

Answer: D

The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.


Bob is a very security conscious computer user. He plans to test a site that is known to have malicious applets, code, and more. Bob always make use of a basic Web Browser to perform such testing.
Which of the following web browser can adequately fill this purpose?

  • A. Internet Explorer
  • B. Mozila
  • C. Lynx
  • D. Tiger

Answer: C

Lynx is a program used to browse the World Wide Web, which works on simple text terminals, rather than requiring a graphical computer display terminal.


Which security strategy requires using several, varying methods to protect IT systems against attacks?

  • A. Defense in depth
  • B. Three-way handshake
  • C. Covert channels
  • D. Exponential backoff algorithm

Answer: A


As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? Select the best answers.

  • A. Use the same machines for DNS and other applications
  • B. Harden DNS servers
  • C. Use split-horizon operation for DNS servers
  • D. Restrict Zone transfers
  • E. Have subnet diversity between DNS servers

Answer: BCDE

A is not a correct answer as it is never recommended to use a DNS server for any other application. Hardening of the DNS servers makes them less vulnerable to attack. It is recommended to split internal and external DNS servers (called split-horizon operation). Zone transfers should only be accepted from authorized DNS servers.
By having DNS servers on different subnets, you may prevent both from going down, even if one of your networks goes down.


Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

  • A. Covert keylogger
  • B. Stealth keylogger
  • C. Software keylogger
  • D. Hardware keylogger

Answer: D

As the hardware keylogger never interacts with the Operating System it is undetectable by anti-virus or anti-spyware products.


Recommend!! Get the Full CEH-001 dumps in VCE and PDF From 2passeasy, Welcome to Download: https://www.2passeasy.com/dumps/CEH-001/ (New 878 Q&As Version)