Halloween Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GAQM CPEH-001 - Certified Professional Ethical Hacker (CPEH)

GAQM CPEH-001 Premium Access     Download Demo    
Page: 4 / 15
Total 736 questions

Suppose you’ve gained access to your client’s hybrid network. On which port should you listen to in order to know which Microsoft Windows workstations has its file sharing enabled?

A.

1433

B.

161

C.

445

D.

3389

A recent security audit revealed that there were indeed several occasions that the company’s network was breached. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

A.

True Positive

B.

False Negative

C.

False Positive

D.

False Positive

While doing a technical assessment to determine network vulnerabilities, you used the TCP XMAS scan. What would be the response of all open ports?

A.

The port will send an ACK

B.

The port will send a SYN

C.

The port will ignore the packets

D.

The port will send an RST

Bob received this text message on his mobile phone: ““Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com””. Which statement below is true?

A.

This is probably a legitimate message as it comes from a respectable organization.

B.

Bob should write to scottsmelby@yahoo.com to verify the identity of Scott.

C.

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

D.

This is a scam because Bob does not know Scott.

XOR is a common cryptographic tool. 10110001 XOR 00111010 is?

A.

10111100

B.

11011000

C.

10011101

D.

10001011

While performing ping scans into a target network you get a frantic call from the organization's security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization's IDS monitor.

How can you modify your scan to prevent triggering this event in the IDS?

A.

Scan more slowly.

B.

Do not scan the broadcast IP.

C.

Spoof the source IP address.

D.

Only scan the Windows systems.

Study the log below and identify the scan type.

A.

nmap -sR 192.168.1.10

B.

nmap -sS 192.168.1.10

C.

nmap -sV 192.168.1.10

D.

nmap -sO -T 192.168.1.10

Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?

A.

Preparation phase

B.

Containment phase

C.

Recovery phase

D.

Identification phase

A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw?

A.

Insufficient security management

B.

Insufficient database hardening

C.

Insufficient input validation

D.

Insufficient exception handling

In order to prevent particular ports and applications from getting packets into an organization, what does a firewall check?

A.

Network layer headers and the session layer port numbers

B.

Presentation layer headers and the session layer port numbers

C.

Application layer port numbers and the transport layer headers

D.

Transport layer port numbers and application layer headers

A server has been infected by a certain type of Trojan. The hacker intended to utilize it to send and host junk mails. What type of Trojan did the hacker use?

A.

Turtle Trojans

B.

Ransomware Trojans

C.

Botnet Trojan

D.

Banking Trojans

What is the term coined for logging, recording and resolving events in a company?

A.

Internal Procedure

B.

Security Policy

C.

Incident Management Process

D.

Metrics

When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?

A.

AH Tunnel mode

B.

AH promiscuous

C.

ESP transport mode

D.

ESP confidential

A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you. During the interview, they asked you to show sample reports from previous penetration tests. What should you do?

A.

Share reports, after NDA is signed

B.

Share full reports, not redacted

C.

Decline but, provide references

D.

Share full reports with redactions

What is the code written for?

A.

Buffer Overflow

B.

Encryption

C.

Bruteforce

D.

Denial-of-service (Dos)