Master the CEH-001 Certified Ethical Hacker (CEH) content and be ready for exam day success quickly with this Certleader CEH-001 sample question. We guarantee it!We make it a reality and give you real CEH-001 questions in our GAQM CEH-001 braindumps.Latest 100% VALID GAQM CEH-001 Exam Questions Dumps at below page. You can use our GAQM CEH-001 braindumps and pass your exam.
GAQM CEH-001 Free Dumps Questions Online, Read and Test Now.
NEW QUESTION 1
Low humidity in a data center can cause which of the following problems?
Answer: C
NEW QUESTION 2
A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?
Answer: A
Explanation:
Using the poorly designed input validation to alter or steal data from a database is a SQL injection attack.
NEW QUESTION 3
Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Paul notices that when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24Mbps or less. Paul connects to his wireless router's management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop. What is Paul
seeing here?
Answer: A
NEW QUESTION 4
What is Form Scalpel used for?
Answer: A
Explanation:
Form Scalpel automatically extracts forms from a given web page and splits up all fields for editing and manipulation.
NEW QUESTION 5
The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line in the source code that might lead to buffer overflow?
Answer: B
NEW QUESTION 6
Information gathered from social networking websites such as Facebook, Twitter and LinkedIn can be used to launch which of the following types of attacks? (Choose two.)
Answer: BD
NEW QUESTION 7
Which security strategy requires using several, varying methods to protect IT systems against attacks?
Answer: A
NEW QUESTION 8
How does a denial-of-service attack work?
Answer: A
NEW QUESTION 9
What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?
Answer: D
NEW QUESTION 10
While scanning a network you observe that all of the web servers in the DMZ are responding to ACK packets on port 80.
What can you infer from this observation?
Answer: D
Explanation:
If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK.
NEW QUESTION 11
You are the CIO for Avantes Finance International, a global finance company based in Geneva. You are responsible for network functions and logical security throughout the entire corporation. Your company has over 250 servers running Windows Server, 5000 workstations running Windows Vista, and 200 mobile users working from laptops on Windows 7.
Last week, 10 of your company's laptops were stolen from salesmen while at a conference in Amsterdam. These laptops contained proprietary company information. While doing damage assessment on the possible public relations nightmare this may become, a news story leaks about the stolen laptops and also that sensitive information from those computers was posted to a blog online.
What built-in Windows feature could you have implemented to protect the sensitive information on these laptops?
Answer: D
NEW QUESTION 12
Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason's behavior within a security context?
Answer: C
NEW QUESTION 13
Which of the following parameters enables NMAP's operating system detection feature?
Answer: D
NEW QUESTION 14
Pandora is used to attack network operating systems.
Answer: D
Explanation:
While there are not lots of tools available to attack Netware, Pandora is one that can be used.
NEW QUESTION 15
When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?
Answer: A
NEW QUESTION 16
What is the correct PCAP filter to capture all TCP traffic going to or from host
192.168.0.125 on port 25?
Answer: D
NEW QUESTION 17
Take a look at the following attack on a Web Server using obstructed URL:
How would you protect from these attacks?
Answer: B
NEW QUESTION 18
Which set of access control solutions implements two-factor authentication?
Answer: A
NEW QUESTION 19
Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder's IP address for a period of 24 hours' time after more than three unsuccessful attempts. He is confident that this rule will secure his network from hackers on the Internet.
But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall rule.
Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder's attempts.
Samuel wants to completely block hackers brute force attempts on his network.
What are the alternatives to defending against possible brute-force password attacks on his site?
Answer: D
NEW QUESTION 20
When writing shellcodes, you must avoid because these will end the string.
Answer: B
NEW QUESTION 21
WinDump is a popular sniffer which results from the porting to Windows of TcpDump for Linux. What library does it use?
Answer: B
Explanation:
WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets
bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.
NEW QUESTION 22
John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately.
What would you suggest to John to help identify the OS that is being used on the remote web server?
Answer: D
Explanation:
Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.
NEW QUESTION 23
Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code and decides to save the page locally to modify some of the page variables. In the context of web application security, what do you think Jane has changed?
Answer: C
Explanation:
Changing hidden form values is possible when a web site is poorly built and is trusting the visitors computer to submit vital data, like the price of a product, to the database.
NEW QUESTION 24
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate,
then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?
Answer: B
NEW QUESTION 25
What is the main disadvantage of the scripting languages as opposed to compiled programming languages?
Answer: D
NEW QUESTION 26
Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?
Answer: A
NEW QUESTION 27
Which of the following tools are used for enumeration? (Choose three.)
Answer: BDE
Explanation:
USER2SID, SID2USER, and DumpSec are three of the tools used for system enumeration. Others are tools such as NAT and Enum. Knowing which tools are used in each step of the hacking methodology is an important goal of the CEH exam. You should spend a portion of your time preparing for the test practicing with the tools and learning to understand their output.
NEW QUESTION 28
After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen, and then opens a second connection from a forged IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP address is used for authentication, then the attacker can use the one-sided communication to break into the server. What attacks can you successfully launch against a server using the above technique?
Answer: B
NEW QUESTION 29
......
Recommend!! Get the Full CEH-001 dumps in VCE and PDF From Thedumpscentre.com, Welcome to Download: https://www.thedumpscentre.com/CEH-001-dumps/ (New 878 Q&As Version)