Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

GAQM CEH-001 - Certified Ethical Hacker (CEH)

GAQM CEH-001 Premium Access     Download Demo    
Page: 7 / 14
Total 878 questions

What port scanning method is the most reliable but also the most detectable?

A.

Null Scanning

B.

Connect Scanning

C.

ICMP Scanning

D.

Idlescan Scanning

E.

Half Scanning

F.

Verbose Scanning

Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

A.

SYN scan

B.

ACK scan

C.

RST scan

D.

Connect scan

E.

FIN scan

What does the term “Ethical Hacking” mean?

A.

Someone who is hacking for ethical reasons.

B.

Someone who is using his/her skills for ethical reasons.

C.

Someone who is using his/her skills for defensive purposes.

D.

Someone who is using his/her skills for offensive purposes.

What are the default passwords used by SNMP? (Choose two.)

A.

Password

B.

SA

C.

Private

D.

Administrator

E.

Public

F.

Blank

Which of the following would be the best reason for sending a single SMTP message to an address that does not exist within the target company?

A.

To create a denial of service attack.

B.

To verify information about the mail administrator and his address.

C.

To gather information about internal hosts used in email treatment.

D.

To gather information about procedures that are in place to deal with such messages.

You have initiated an active operating system fingerprinting attempt with nmap against a target system:

What operating system is the target host running based on the open ports shown above?

A.

Windows XP

B.

Windows 98 SE

C.

Windows NT4 Server

D.

Windows 2000 Server

Name two software tools used for OS guessing? (Choose two.

A.

Nmap

B.

Snadboy

C.

Queso

D.

UserInfo

E.

NetBus

__________ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer

A.

Alternate Data Streams

B.

Merge Streams

C.

Steganography

D.

NetBIOS vulnerability

Your lab partner is trying to find out more information about a competitors web site. The site has a .com extension. She has decided to use some online whois tools and look in one of the regional Internet registrys. Which one would you suggest she looks in first?

A.

LACNIC

B.

ARIN

C.

APNIC

D.

RIPE

E.

AfriNIC

Network Administrator Patricia is doing an audit of the network. Below are some of her findings concerning DNS. Which of these would be a cause for alarm?

Select the best answer.

A.

There are two external DNS Servers for Internet domains. Both are AD integrated.

B.

All external DNS is done by an ISP.

C.

Internal AD Integrated DNS servers are using private DNS names that are

D.

unregistered.

E.

Private IP addresses are used on the internal network and are registered with the internal AD integrated DNS server.

A very useful resource for passively gathering information about a target company is:

A.

Host scanning

B.

Whois search

C.

Traceroute

D.

Ping sweep

Your XYZ trainee Sandra asks you which are the four existing Regional Internet Registry (RIR's)?

A.

APNIC, PICNIC, ARIN, LACNIC

B.

RIPE NCC, LACNIC, ARIN, APNIC

C.

RIPE NCC, NANIC, ARIN, APNIC

D.

RIPE NCC, ARIN, APNIC, LATNIC

When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?

A.

macof

B.

webspy

C.

filesnarf

D.

nfscopy

Fingerprinting an Operating System helps a cracker because:

A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

John wishes to install a new application onto his Windows 2000 server.

He wants to ensure that any application he uses has not been Trojaned.

What can he do to help ensure this?

A.

Compare the file's MD5 signature with the one published on the distribution media

B.

Obtain the application via SSL

C.

Compare the file's virus signature with the one published on the distribution media

D.

Obtain the application from a CD-ROM disc

Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?

A.

RSA, LSA, POP

B.

SSID, WEP, Kerberos

C.

SMB, SMTP, Smart card

D.

Kerberos, Smart card, Stanford SRP

Which definition among those given below best describes a covert channel?

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure.

What is the proper response for a NULL scan if the port is open?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Ethereal works best on ____________.

A.

Switched networks

B.

Linux platforms

C.

Networks using hubs

D.

Windows platforms

E.

LAN's

You have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming.

Which command would you execute to extract the Trojan to a standalone file?

A.

c:\> type readme.txt:virus.exe > virus.exe

B.

c:\> more readme.txt | virus.exe > virus.exe

C.

c:\> cat readme.txt:virus.exe > virus.exe

D.

c:\> list redme.txt$virus.exe > virus.exe