Halloween Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GAQM CPEH-001 - Certified Professional Ethical Hacker (CPEH)

GAQM CPEH-001 Premium Access     Download Demo    
Page: 12 / 15
Total 736 questions

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

A.

Do not reply to email messages or popup ads asking for personal or financial information

B.

Do not trust telephone numbers in e-mails or popup ads

C.

Review credit card and bank account statements regularly

D.

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

E.

Do not send credit card numbers, and personal or financial information via e-mail

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

A.

0x60

B.

0x80

C.

0x70

D.

0x90

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

A.

Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

B.

Package the Sales.xls using Trojan wrappers and telnet them back your home computer

C.

You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

D.

Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

What is a NULL scan?

A.

A scan in which all flags are turned off

B.

A scan in which certain flags are off

C.

A scan in which all flags are on

D.

A scan in which the packet size is set to zero

E.

A scan with an illegal packet size

What is the proper response for a NULL scan if the port is closed?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

In the context of Windows Security, what is a 'null' user?

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

A.

110

B.

135

C.

139

D.

161

E.

445

F.

1024

Study the following log extract and identify the attack.

A.

Hexcode Attack

B.

Cross Site Scripting

C.

Multiple Domain Traversal Attack

D.

Unicode Directory Traversal Attack

Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

A.

Converts passwords to uppercase.

B.

Hashes are sent in clear text over the network.

C.

Makes use of only 32-bit encryption.

D.

Effective length is 7 characters.

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Which command can be used to show the current TCP/IP connections?

A.

Netsh

B.

Netstat

C.

Net use connection

D.

Net use

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

A.

Online Attack

B.

Dictionary Attack

C.

Brute Force Attack

D.

Hybrid Attack

What hacking attack is challenge/response authentication used to prevent?

A.

Replay attacks

B.

Scanning attacks

C.

Session hijacking attacks

D.

Password cracking attacks

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

A.

symmetric algorithms

B.

asymmetric algorithms

C.

hashing algorithms

D.

integrity algorithms

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

A.

Error-based SQL injection

B.

Blind SQL injection

C.

Union-based SQL injection

D.

NoSQL injection