Halloween Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GAQM CPEH-001 - Certified Professional Ethical Hacker (CPEH)

GAQM CPEH-001 Premium Access     Download Demo    
Page: 7 / 15
Total 736 questions

If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?

A.

Civil

B.

International

C.

Criminal

D.

Common

Scenario: 1. Victim opens the attacker’s web site.

2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make S100 In a day?',

3. Victim clicks to the interesting and attractive content url.

4- Attacker creates a transparent iframe' in front of the url which victim attempt to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/sne clicks to the content or url that exists in the transparent iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

A.

HTTP Parameter Pollution

B.

HTML Injection

C.

Session Fixation

D.

ClickJacking Attack

PGP, SSL, and IKE are all examples of which type of cryptography?

A.

Public Key

B.

Secret Key

C.

Hash Algorithm

D.

Digest

An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.

Which AAA protocol is most likely able to handle this requirement?

A.

RADIUS

B.

DIAMETER

C.

Kerberos

D.

TACACS+

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124.

An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is:

nmap 192.168.1.64/28.

Why he cannot see the servers?

A.

The network must be down and the nmap command and IP address are ok.

B.

He needs to add the command ''''ip address'''' just before the IP address.

C.

He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range.

D.

He needs to change the address to 192.168.1.0 with the same mask.

What is the difference between the AES and RSA algorithms?

A.

Both are asymmetric algorithms, but RSA uses 1024-bit keys.

B.

RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.

C.

Both are symmetric algorithms, but AES uses 256-bit keys.

D.

AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data.

If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?

A.

-sP

B.

-P

C.

-r

D.

-F

The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

A.

Have the network team document the reason why the rule was implemented without prior manager approval.

B.

Monitor all traffic using the firewall rule until a manager can approve it.

C.

Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.

D.

Immediately roll back the firewall rule until a manager can approve it

In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

A.

Chosen-plaintext attack

B.

Ciphertext-only attack

C.

Adaptive chosen-plaintext attack

D.

Known-plaintext attack

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

A.

Function Testing

B.

Dynamic Testing

C.

Static Testing

D.

Fuzzing Testing

In the field of cryptanalysis, what is meant by a “rubber-hose" attack?

A.

Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.

B.

Extraction of cryptographic secrets through coercion or torture.

C.

Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.

D.

A backdoor placed into a cryptographic algorithm by its creator.

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

A.

Regularly test security systems and processes.

B.

Encrypt transmission of cardholder data across open, public networks.

C.

Assign a unique ID to each person with computer access.

D.

Use and regularly update anti-virus software on all systems commonly affected by malware.

From the following table, identify the wrong answer in terms of Range (ft).

A.

802.11b

B.

802.11g

C.

802.16(WiMax)

D.

802.11a

Which protocol is used for setting up secure channels between two devices, typically in VPNs?

A.

PPP

B.

IPSEC

C.

PEM

D.

SET

Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?

A.

Command Injection Attacks

B.

File Injection Attack

C.

Cross-Site Request Forgery (CSRF)

D.

Hidden Field Manipulation Attack