GAQM CEH-001 - Certified Ethical Hacker (CEH)
A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?
What information should an IT system analysis provide to the risk assessor?
Which of the following is a preventive control?
Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?
Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?
An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?
WPA2 uses AES for wireless data encryption at which of the following encryption levels?
Which statement best describes a server type under an N-tier architecture?
Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?
Which of the following describes the characteristics of a Boot Sector Virus?
What are the three types of authentication?
During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?
Which of the following descriptions is true about a static NAT?
A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am.
Which of the following programming languages would most likely be used?
When analyzing the IDS logs, the system administrator notices connections from outside of the LAN have been sending packets where the Source IP address and Destination IP address are the same. There have been no alerts sent via email or logged in the IDS. Which type of an alert is this?
Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?
Which of the following does proper basic configuration of snort as a network intrusion detection system require?
To what does “message repudiation†refer to what concept in the realm of email security?