Hot Vendors

CPEH-001 Certified Professional Ethical Hacker (CPEH) Questions and Answers

Questions 4

A server has been infected by a certain type of Trojan. The hacker intended to utilize it to send and host junk mails. What type of Trojan did the hacker use?

Options:

A.

Turtle Trojans

B.

Ransomware Trojans

C.

Botnet Trojan

D.

Banking Trojans

Buy Now
Questions 5

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

Options:

A.

A biometric system that bases authentication decisions on behavioral attributes.

B.

A biometric system that bases authentication decisions on physical attributes.

C.

An authentication system that creates one-time passwords that are encrypted with secret keys.

D.

An authentication system that uses passphrases that are converted into virtual passwords.

Buy Now
Questions 6

What is not a PCI compliance recommendation?

Options:

A.

Limit access to card holder data to as few individuals as possible.

B.

Use encryption to protect all transmission of card holder data over any public network.

C.

Rotate employees handling credit card transactions on a yearly basis to different departments.

D.

Use a firewall between the public network and the payment card data.

Buy Now
Questions 7

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

Options:

A.

The network devices are not all synchronized.

B.

Proper chain of custody was not observed while collecting the logs.

C.

The attacker altered or erased events from the logs.

D.

The security breach was a false positive.

Buy Now
Questions 8

You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

Options:

A.

False Negative

B.

False Positive

C.

True Negative

D.

True Positive

Buy Now
Questions 9

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

Options:

A.

The gateway is not routing to a public IP address.

B.

The computer is using an invalid IP address.

C.

The gateway and the computer are not on the same network.

D.

The computer is not using a private IP address.

Buy Now
Questions 10

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.

What is this document called?

Options:

A.

Information Audit Policy (IAP)

B.

Information Security Policy (ISP)

C.

Penetration Testing Policy (PTP)

D.

Company Compliance Policy (CCP)

Buy Now
Questions 11

You are monitoring the network of your organizations. You notice that:

1. There are huge outbound connections from your Internal Network to External IPs.

2. On further investigation, you see that the External IPs are blacklisted.

3. Some connections are accepted, and some are dropped.

4. You find that it is a CnC communication.

Which of the following solution will you suggest?

Options:

A.

Block the Blacklist IP’s @ Firewall

B.

Update the Latest Signatures on your IDS/IPS

C.

Clean the Malware which are trying to Communicate with the External Blacklist IP’s

D.

Both B and C

Buy Now
Questions 12

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

Options:

A.

Gateway-based IDS

B.

Network-based IDS

C.

Host-based IDS

D.

Open source-based

Buy Now
Questions 13

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

Options:

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

Buy Now
Questions 14

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 – 54373 10.249.253.15 – 22 tcp_ip

Options:

A.

SSH communications are encrypted it’s impossible to know who is the client or the server

B.

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server

C.

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server

D.

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the server

Buy Now
Questions 15

An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

Options:

A.

Since the company's policy is all about Customer Service, he/she will provide information.

B.

Disregarding the call, the employee should hang up.

C.

The employee should not provide any information without previous management authorization.

D.

The employees can not provide any information; but, anyway, he/she will provide the name of the person in charge.

Buy Now
Questions 16

Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.

Options:

A.

Protect the payload and the headers

B.

Authenticate

C.

Encrypt

D.

Work at the Data Link Layer

Buy Now
Questions 17

Which service in a PKI will vouch for the identity of an individual or company?

Options:

A.

KDC

B.

CA

C.

CR

D.

CBC

Buy Now
Questions 18

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites.

77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

Options:

A.

The packets were sent by a worm spoofing the IP addresses of 47 infected sites

B.

ICMP ID and Seq numbers were most likely set by a tool and not by the operating system

C.

All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number

D.

13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0

Buy Now
Questions 19

A new wireless client that is 802.11 compliant cannot connect to a wireless network given that the client can see the network and it has compatible hardware and software installed. Upon further tests and investigation, it was found out that the Wireless Access Point (WAP) was not responding to the association requests being sent by the wireless client. What MOST likely is the issue on this scenario?

Options:

A.

The client cannot see the SSID of the wireless network

B.

The WAP does not recognize the client’s MAC address.

C.

The wireless client is not configured to use DHCP.

D.

Client is configured for the wrong channel

Buy Now
Questions 20

Which of the following is the primary objective of a rootkit?

Options:

A.

It opens a port to provide an unauthorized service

B.

It creates a buffer overflow

C.

It replaces legitimate programs

D.

It provides an undocumented opening in a program

Buy Now
Questions 21

While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site:

<script>alert(" Testing Testing Testing ")</script>

Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: "Testing Testing Testing". Which vulnerability has been detected in the web application?

Options:

A.

Buffer overflow

B.

Cross-site request forgery

C.

Distributed denial of service

D.

Cross-site scripting

Buy Now
Questions 22

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

Options:

A.

Cross-site scripting

B.

SQL injection

C.

VPath injection

D.

XML denial of service issues

Buy Now
Questions 23

An attacker scans a host with the below command. Which three flags are set? (Choose three.)

#nmap –sX host.domain.com

Options:

A.

This is ACK scan. ACK flag is set

B.

This is Xmas scan. SYN and ACK flags are set

C.

This is Xmas scan. URG, PUSH and FIN are set

D.

This is SYN scan. SYN flag is set

Buy Now
Questions 24

Which of the following statements is TRUE?

Options:

A.

Sniffers operate on Layer 2 of the OSI model

B.

Sniffers operate on Layer 3 of the OSI model

C.

Sniffers operate on both Layer 2 & Layer 3 of the OSI model.

D.

Sniffers operate on the Layer 1 of the OSI model.

Buy Now
Questions 25

You perform a scan of your company’s network and discover that TCP port 123 is open. What services by default run on TCP port 123?

Options:

A.

Telnet

B.

POP3

C.

Network Time Protocol

D.

DNS

Buy Now
Questions 26

What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

Options:

A.

logs the incoming connections to /etc/passwd file

B.

loads the /etc/passwd file to the UDP port 55555

C.

grabs the /etc/passwd file when connected to UDP port 55555

D.

deletes the /etc/passwd file when connected to the UDP port 55555

Buy Now
Questions 27

This kind of password cracking method uses word lists in combination with numbers and special characters:

Options:

A.

Hybrid

B.

Linear

C.

Symmetric

D.

Brute Force

Buy Now
Questions 28

What is the algorithm used by LM for Windows2000 SAM?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Buy Now
Questions 29

In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

Options:

A.

Chosen-plaintext attack

B.

Ciphertext-only attack

C.

Adaptive chosen-plaintext attack

D.

Known-plaintext attack

Buy Now
Questions 30

Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends “many” IP packets, based on the average number of packets sent by all origins and using some thresholds.

In concept, the solution developed by Bob is actually:

Options:

A.

Just a network monitoring tool

B.

A signature-based IDS

C.

A hybrid IDS

D.

A behavior-based IDS

Buy Now
Questions 31

What attack is used to crack passwords by using a precomputed table of hashed passwords?

Options:

A.

Brute Force Attack

B.

Hybrid Attack

C.

Rainbow Table Attack

D.

Dictionary Attack

Buy Now
Questions 32

A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine whether this packets are indeed malicious. What tool are you going to use?

Options:

A.

Intrusion Prevention System (IPS)

B.

Vulnerability scanner

C.

Protocol analyzer

D.

Network sniffer

Buy Now
Questions 33

A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw?

Options:

A.

Insufficient security management

B.

Insufficient database hardening

C.

Insufficient input validation

D.

Insufficient exception handling

Buy Now
Questions 34

Which of the following is NOT an ideal choice for biometric controls?

Options:

A.

Iris patterns

B.

Fingerprints

C.

Height and weight

D.

Voice

Buy Now
Questions 35

An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

Options:

A.

Use fences in the entrance doors.

B.

Install a CCTV with cameras pointing to the entrance doors and the street.

C.

Use an IDS in the entrance doors and install some of them near the corners.

D.

Use lights in all the entrance doors and along the company's perimeter.

Buy Now
Questions 36

A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location.

During a meeting with an outside consultant, the Chief Security Officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the Network Administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis.

Which of the following is an issue with the situation?

Options:

A.

Segregation of duties

B.

Undue influence

C.

Lack of experience

D.

Inadequate disaster recovery plan

Buy Now
Questions 37

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Options:

A.

Data items and vulnerability scanning

B.

Interviewing employees and network engineers

C.

Reviewing the firewalls configuration

D.

Source code review

Buy Now
Questions 38

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules.

Which of the following types of firewalls can protect against SQL injection attacks?

Options:

A.

Data-driven firewall

B.

Stateful firewall

C.

Packet firewall

D.

Web application firewall

Buy Now
Questions 39

Which of the following is the most important phase of ethical hacking wherein you need to spend considerable amount of time?

Options:

A.

Gaining access

B.

Escalating privileges

C.

Network mapping

D.

Footprinting

Buy Now
Questions 40

SOAP services use which technology to format information?

Options:

A.

SATA

B.

PCI

C.

XML

D.

ISDN

Buy Now
Questions 41

A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?

Options:

A.

Public key

B.

Private key

C.

Modulus length

D.

Email server certificate

Buy Now
Questions 42

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

Options:

A.

Harvesting

B.

Windowing

C.

Hardening

D.

Stealthing

Buy Now
Questions 43

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

Options:

A.

Threaten to publish the penetration test results if not paid.

B.

Follow proper legal procedures against the company to request payment.

C.

Tell other customers of the financial problems with payments from this company.

D.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Buy Now
Questions 44

Which of the following items is unique to the N-tier architecture method of designing software applications?

Options:

A.

Application layers can be separated, allowing each layer to be upgraded independently from other layers.

B.

It is compatible with various databases including Access, Oracle, and SQL.

C.

Data security is tied into each layer and must be updated for all layers when any upgrade is performed.

D.

Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

Buy Now
Questions 45

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Options:

A.

Certificate authority

B.

Validation authority

C.

Registration authority

D.

Verification authority

Buy Now
Questions 46

What is the correct process for the TCP three-way handshake connection establishment and connection termination?

Options:

A.

Connection Establishment: FIN, ACK-FIN, ACKConnection Termination: SYN, SYN-ACK, ACK

B.

Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: ACK, ACK-SYN, SYN

C.

Connection Establishment: ACK, ACK-SYN, SYNConnection Termination: FIN, ACK-FIN, ACK

D.

Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: FIN, ACK-FIN, ACK

Buy Now
Questions 47

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

Options:

A.

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

B.

Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

C.

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

D.

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Buy Now
Questions 48

Which cipher encrypts the plain text digit (bit or byte) one by one?

Options:

A.

Classical cipher

B.

Block cipher

C.

Modern cipher

D.

Stream cipher

Buy Now
Questions 49

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

Options:

A.

Implementing server-side PKI certificates for all connections

B.

Mandating only client-side PKI certificates for all connections

C.

Requiring client and server PKI certificates for all connections

D.

Requiring strong authentication for all DNS queries

Buy Now
Questions 50

An attacker runs netcat tool to transfer a secret file between two hosts.

CPEH-001 Question 50

He is worried about information being sniffed on the network.

How would the attacker use netcat to encrypt the information before transmitting onto the wire?

Options:

A.

Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

Buy Now
Questions 51

Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

CPEH-001 Question 51

What is she trying to achieve?

Options:

A.

She is encrypting the file.

B.

She is using John the Ripper to view the contents of the file.

C.

She is using ftp to transfer the file to another hacker named John.

D.

She is using John the Ripper to crack the passwords in the secret.txt file.

Buy Now
Questions 52

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you.

He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

What is Peter Smith talking about?

Options:

A.

Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

B.

"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

C.

"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

D.

Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Buy Now
Questions 53

One of your team members has asked you to analyze the following SOA record.

What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

Options:

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Buy Now
Questions 54

In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of e-mails?

Options:

A.

A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name.

B.

Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers continuously.

C.

A blacklist of companies that have their mail server relays configured to be wide open.

D.

Tools that will reconfigure a mail server's relay component to send the e-mail back to the spammers occasionally.

Buy Now
Questions 55

Which command can be used to show the current TCP/IP connections?

Options:

A.

Netsh

B.

Netstat

C.

Net use connection

D.

Net use

Buy Now
Questions 56

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

Options:

A.

Hardware, Software, and Sniffing.

B.

Hardware and Software Keyloggers.

C.

Passwords are always best obtained using Hardware key loggers.

D.

Software only, they are the most effective.

Buy Now
Questions 57

What is a NULL scan?

Options:

A.

A scan in which all flags are turned off

B.

A scan in which certain flags are off

C.

A scan in which all flags are on

D.

A scan in which the packet size is set to zero

E.

A scan with an illegal packet size

Buy Now
Questions 58

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

Options:

A.

User Access Control (UAC)

B.

Data Execution Prevention (DEP)

C.

Address Space Layout Randomization (ASLR)

D.

Windows firewall

Buy Now
Questions 59

Which of the following command line switch would you use for OS detection in Nmap?

Options:

A.

-D

B.

-O

C.

-P

D.

–X

Buy Now
Questions 60

Which of the following descriptions is true about a static NAT?

Options:

A.

A static NAT uses a many-to-many mapping.

B.

A static NAT uses a one-to-many mapping.

C.

A static NAT uses a many-to-one mapping.

D.

A static NAT uses a one-to-one mapping.

Buy Now
Questions 61

Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?

Options:

A.

a port scanner

B.

a vulnerability scanner

C.

a virus scanner

D.

a malware scanner

Buy Now
Questions 62

The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

What is the closest approximate cost of this replacement and recovery operation per year?

Options:

A.

$146

B.

$1320

C.

$440

D.

$100

Buy Now
Questions 63

Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?

Options:

A.

Chosen-Cipher text Attack

B.

Ciphertext-only Attack

C.

Timing Attack

D.

Rubber Hose Attack

Buy Now
Questions 64

Fingerprinting VPN firewalls is possible with which of the following tools?

Options:

A.

Angry IP

B.

Nikto

C.

Ike-scan

D.

Arp-scan

Buy Now
Questions 65

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

CPEH-001 Question 65

What is most likely taking place?

Options:

A.

Ping sweep of the 192.168.1.106 network

B.

Remote service brute force attempt

C.

Port scan of 192.168.1.106

D.

Denial of service attack on 192.168.1.106

Buy Now
Questions 66

You want to analyze packets on your wireless network. Which program would you use?

Options:

A.

Wireshark with Airpcap

B.

Airsnort with Airpcap

C.

Wireshark with Winpcap

D.

Ethereal with Winpcap

Buy Now
Questions 67

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

Options:

A.

The zombie you are using is not truly idle.

B.

A stateful inspection firewall is resetting your queries.

C.

Hping2 cannot be used for idle scanning.

D.

These ports are actually open on the target system.

Buy Now
Questions 68

When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?

Options:

A.

AH Tunnel mode

B.

AH promiscuous

C.

ESP transport mode

D.

ESP confidential

Buy Now
Questions 69

From the two screenshots below, which of the following is occurring?

CPEH-001 Question 69

Options:

A.

10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

B.

10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

C.

10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

D.

10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

Buy Now
Questions 70

A pentester gains access to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?

Options:

A.

Netsh firewall show config

B.

WMIC firewall show config

C.

Net firewall show config

D.

Ipconfig firewall show config

Buy Now
Questions 71

Under the "Post-attack Phase and Activities", it is the responsibility of the tester to restore the systems to a pre-test state.

Which of the following activities should not be included in this phase? (see exhibit)

Exhibit:

CPEH-001 Question 71

Options:

A.

III

B.

IV

C.

III and IV

D.

All should be included.

Buy Now
Questions 72

Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

Options:

A.

Use a scan tool like Nessus

B.

Use the built-in Windows Update tool

C.

Check MITRE.org for the latest list of CVE findings

D.

Create a disk image of a clean Windows installation

Buy Now
Questions 73

Which of the following statements is TRUE?

Options:

A.

Sniffers operate on Layer 2 of the OSI model

B.

Sniffers operate on Layer 3 of the OSI model

C.

Sniffers operate on both Layer 2 & Layer 3 of the OSI model.

D.

Sniffers operate on the Layer 1 of the OSI model.

Buy Now
Questions 74

Which of the following is an extremely common IDS evasion technique in the web world?

Options:

A.

unicode characters

B.

spyware

C.

port knocking

D.

subnetting

Buy Now
Questions 75

Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

Options:

A.

tcpdump

B.

nessus

C.

etherea

D.

Jack the ripper

Buy Now
Questions 76

It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.

Which of the following regulations best matches the description?

Options:

A.

HIPAA

B.

ISO/IEC 27002

C.

COBIT

D.

FISMA

Buy Now
Questions 77

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.

What is this type of DNS configuration commonly called?

Options:

A.

Split DNS

B.

DNSSEC

C.

DynDNS

D.

DNS Scheme

Buy Now
Questions 78

What is a "Collision attack" in cryptography?

Options:

A.

Collision attacks try to find two inputs producing the same hash.

B.

Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key.

C.

Collision attacks try to get the public key.

D.

Collision attacks try to break the hash into three parts to get the plaintext value.

Buy Now
Questions 79

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.

What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?

Options:

A.

Terms of Engagement

B.

Project Scope

C.

Non-Disclosure Agreement

D.

Service Level Agreement

Buy Now
Questions 80

Which of the following is not a Bluetooth attack?

Options:

A.

Bluedriving

B.

Bluejacking

C.

Bluesmacking

D.

Bluesnarfing

Buy Now
Questions 81

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account.

What should you do?

Options:

A.

Report immediately to the administrator

B.

Do not report it and continue the penetration test.

C.

Transfer money from the administrator's account to another account.

D.

Do not transfer the money but steal the bitcoins.

Buy Now
Questions 82

During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded.

What type of firewall is inspecting outbound traffic?

Options:

A.

Application

B.

Circuit

C.

Stateful

D.

Packet Filtering

Buy Now
Questions 83

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

Options:

A.

None of these scenarios compromise the privacy of Alice’s data

B.

Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrew’s attempt to access the stored data

C.

Hacker Harry breaks into the cloud server and steals the encrypted data

D.

Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

Buy Now
Questions 84

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.

Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

Options:

A.

“GET/restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”

B.

“GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com”

C.

“GET/restricted/bank.getaccount(‘Ned’) HTTP/1.1 Host: westbank.com”

D.

“GET/restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”

Buy Now
Questions 85

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

Options:

A.

All three servers need to be placed internally

B.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

C.

A web server and the database server facing the Internet, an application server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

Buy Now
Questions 86

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.

When users accessed any page, the applet ran and exploited many machines.

Which one of the following tools the hacker probably used to inject HTML code?

Options:

A.

Wireshark

B.

Ettercap

C.

Aircrack-ng

D.

Tcpdump

Buy Now
Questions 87

A virus that attempts to install itself inside the file it is infecting is called?

Options:

A.

Tunneling virus

B.

Cavity virus

C.

Polymorphic virus

D.

Stealth virus

Buy Now
Questions 88

ICMP ping and ping sweeps are used to check for active systems and to check

Options:

A.

if ICMP ping traverses a firewall.

B.

the route that the ICMP ping took.

C.

the location of the switchport in relation to the ICMP ping.

D.

the number of hops an ICMP ping takes to reach a destination.

Buy Now
Questions 89

When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?

Options:

A.

Drops the packet and moves on to the next one

B.

Continues to evaluate the packet until all rules are checked

C.

Stops checking rules, sends an alert, and lets the packet continue

D.

Blocks the connection with the source IP address in the packet

Buy Now
Questions 90

Which tool can be used to silently copy files from USB devices?

Options:

A.

USB Grabber

B.

USB Dumper

C.

USB Sniffer

D.

USB Snoopy

Buy Now
Questions 91

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

Options:

A.

Recipient's private key

B.

Recipient's public key

C.

Master encryption key

D.

Sender's public key

Buy Now
Questions 92

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

C.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D.

Overwrites the original MBR and only executes the new virus code

Buy Now
Questions 93

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?

Options:

A.

The consultant will ask for money on the bid because of great work.

B.

The consultant may expose vulnerabilities of other companies.

C.

The company accepting bids will want the same type of format of testing.

D.

The company accepting bids will hire the consultant because of the great work performed.

Buy Now
Questions 94

Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

Options:

A.

UDP 123

B.

UDP 541

C.

UDP 514

D.

UDP 415

Buy Now
Questions 95

A security policy will be more accepted by employees if it is consistent and has the support of

Options:

A.

coworkers.

B.

executive management.

C.

the security officer.

D.

a supervisor.

Buy Now
Questions 96

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?

Options:

A.

Blue Book

B.

ISO 26029

C.

Common Criteria

D.

The Wassenaar Agreement

Buy Now
Questions 97

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

Options:

A.

Vulnerability scanning

B.

Social engineering

C.

Application security testing

D.

Network sniffing

Buy Now
Questions 98

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

Options:

A.

Fast processor to help with network traffic analysis

B.

They must be dual-homed

C.

Similar RAM requirements

D.

Fast network interface cards

Buy Now
Questions 99

It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short-range wireless connection.

Which of the following terms best matches the definition?

Options:

A.

Bluetooth

B.

Radio-Frequency Identification

C.

WLAN

D.

InfraRed

Buy Now
Questions 100

The network administrator contacts you and tells you that she noticed the temperature on the internal wireless router increases by more than 20% during weekend hours when the office was closed. She asks you to investigate the issue because she is busy dealing with a big conference and she doesn’t have time to perform the task.

What tool can you use to view the network traffic being sent and received by the wireless router?

Options:

A.

Wireshark

B.

Nessus

C.

Netcat

D.

Netstat

Buy Now
Questions 101

env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

Options:

A.

Display passwd content to prompt

B.

Removes the passwd file

C.

Changes all passwords in passwd

D.

Add new user to the passwd file

Buy Now
Questions 102

The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorized wireless devices.

Options:

A.

Wireless Intrusion Prevention System

B.

Wireless Access Point

C.

Wireless Access Control List

D.

Wireless Analyzer

Buy Now
Questions 103

Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication, which option below offers that?

Options:

A.

A new username and password

B.

A fingerprint scanner and his username and password.

C.

Disable his username and use just a fingerprint scanner.

D.

His username and a stronger password.

Buy Now
Questions 104

What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?

What kind of Web application vulnerability likely exists in their software?

Options:

A.

Host-Based Intrusion Detection System

B.

Security through obscurity

C.

Defense in depth

D.

Network-Based Intrusion Detection System

Buy Now
Questions 105

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Options:

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Buy Now
Questions 106

Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

Options:

A.

SYN scan

B.

ACK scan

C.

RST scan

D.

Connect scan

E.

FIN scan

Buy Now
Questions 107

What are two things that are possible when scanning UDP ports? (Choose two.)

Options:

A.

A reset will be returned

B.

An ICMP message will be returned

C.

The four-way handshake will not be completed

D.

An RFC 1294 message will be returned

E.

Nothing

Buy Now
Questions 108

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

Options:

A.

RC4

B.

RC5

C.

MD4

D.

MD5

Buy Now
Questions 109

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

Options:

A.

SDLC process

B.

Honey pot

C.

SQL injection

D.

Trap door

Buy Now
Questions 110

The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

Options:

A.

network Sniffer

B.

Vulnerability Scanner

C.

Intrusion prevention Server

D.

Security incident and event Monitoring

Buy Now
Exam Code: CPEH-001
Exam Name: Certified Professional Ethical Hacker (CPEH)
Last Update: Nov 18, 2024
Questions: 736

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now CPEH-001 testing engine

PDF (Q&A)

$31.5  $104.99
buy now CPEH-001 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Nov 2024