Halloween Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GAQM CPEH-001 - Certified Professional Ethical Hacker (CPEH)

Page: 6 / 15
Total 736 questions

Which Intrusion Detection System is best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network segments?

A.

Network-based intrusion detection system (NIDS)

B.

Host-based intrusion detection system (HIDS)

C.

Firewalls

D.

Honeypots

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

A.

Transport layer port numbers and application layer headers

B.

Presentation layer headers and the session layer port numbers

C.

Network layer headers and the session layer port numbers

D.

Application layer port numbers and the transport layer headers

Which of the following is a low-tech way of gaining unauthorized access to systems?

A.

Social Engineering

B.

Sniffing

C.

Eavesdropping

D.

Scanning

What is the role of test automation in security testing?

A.

It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

B.

It is an option but it tends to be very expensive.

C.

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

D.

Test automation is not usable in security due to the complexity of the tests.

Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries.) More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

Basic example to understand how cryptography works is given below:

Which of the following choices is true about cryptography?

A.

Algorithm is not the secret, key is the secret.

B.

Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext.

C.

Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way.

D.

Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.

The "gray box testing" methodology enforces what kind of restriction?

A.

The internal operation of a system is only partly accessible to the tester.

B.

The internal operation of a system is completely known to the tester.

C.

Only the external operation of a system is accessible to the tester.

D.

Only the internal operation of a system is known to the tester.

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

A.

The document can be sent to the accountant using an exclusive USB for that document.

B.

The CFO can use a hash algorithm in the document once he approved the financial statements.

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.

D.

The CFO can use an excel file with a password.

Which method of password cracking takes the most time and effort?

A.

Brute force

B.

Rainbow tables

C.

Dictionary attack

D.

Shoulder surfing

An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses.

In which order should he perform these steps?

A.

The sequence does not matter. Both steps have to be performed against all hosts.

B.

First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.

C.

First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time.

D.

The port scan alone is adequate. This way he saves time.

What is not a PCI compliance recommendation?

A.

Limit access to card holder data to as few individuals as possible.

B.

Use encryption to protect all transmission of card holder data over any public network.

C.

Rotate employees handling credit card transactions on a yearly basis to different departments.

D.

Use a firewall between the public network and the payment card data.

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

A.

Firewalking

B.

Session hijacking

C.

Network sniffing

D.

Man-in-the-middle attack

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

A.

The amount of time it takes to convert biometric data into a template on a smart card.

B.

The amount of time and resources that are necessary to maintain a biometric system.

C.

The amount of time it takes to be either accepted or rejected form when an individual provides Identification and authentication information.

D.

How long it takes to setup individual user accounts.

By using a smart card and pin, you are using a two-factor authentication that satisfies

A.

Something you know and something you are

B.

Something you have and something you know

C.

Something you have and something you are

D.

Something you are and something you remember

An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

A.

Since the company's policy is all about Customer Service, he/she will provide information.

B.

Disregarding the call, the employee should hang up.

C.

The employee should not provide any information without previous management authorization.

D.

The employees can not provide any information; but, anyway, he/she will provide the name of the person in charge.

Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?

A.

She is encrypting the file.

B.

She is using John the Ripper to view the contents of the file.

C.

She is using ftp to transfer the file to another hacker named John.

D.

She is using John the Ripper to crack the passwords in the secret.txt file.