Halloween Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GAQM CPEH-001 - Certified Professional Ethical Hacker (CPEH)

GAQM CPEH-001 Premium Access     Download Demo    
Page: 11 / 15
Total 736 questions

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?

A.

Key registry

B.

Recovery agent

C.

Directory

D.

Key escrow

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

A.

Hping

B.

Traceroute

C.

TCP ping

D.

Broadcast ping

While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site:

Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: "Testing Testing Testing". Which vulnerability has been detected in the web application?

A.

Buffer overflow

B.

Cross-site request forgery

C.

Distributed denial of service

D.

Cross-site scripting

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

A.

They provide a repeatable framework.

B.

Anyone can run the command line scripts.

C.

They are available at low cost.

D.

They are subject to government regulation.

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

A.

Truecrypt

B.

Sub7

C.

Nessus

D.

Clamwin

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

A.

It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.

B.

If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.

C.

Hashing is faster compared to more traditional encryption algorithms.

D.

Passwords stored using hashes are non-reversible, making finding the password much more difficult.

Which initial procedure should an ethical hacker perform after being brought into an organization?

A.

Begin security testing.

B.

Turn over deliverables.

C.

Sign a formal contract with non-disclosure.

D.

Assess what the organization is trying to protect.

SOAP services use which technology to format information?

A.

SATA

B.

PCI

C.

XML

D.

ISDN

Which type of security document is written with specific step-by-step details?

A.

Process

B.

Procedure

C.

Policy

D.

Paradigm

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

A.

guidelines and practices for security controls.

B.

financial soundness and business viability metrics.

C.

standard best practice for configuration management.

D.

contract agreement writing standards.

MX record priority increases as the number increases. (True/False.)

A.

True

B.

False

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.

What would Yancey be considered?

A.

Yancey would be considered a Suicide Hacker

B.

Since he does not care about going to jail, he would be considered a Black Hat

C.

Because Yancey works for the company currently; he would be a White Hat

D.

Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

This kind of password cracking method uses word lists in combination with numbers and special characters:

A.

Hybrid

B.

Linear

C.

Symmetric

D.

Brute Force

During an Xmas scan what indicates a port is closed?

A.

No return response

B.

RST

C.

ACK

D.

SYN

This TCP flag instructs the sending system to transmit all buffered data immediately.

A.

SYN

B.

RST

C.

PSH

D.

URG

E.

FIN