Halloween Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GAQM CPEH-001 - Certified Professional Ethical Hacker (CPEH)

GAQM CPEH-001 Premium Access     Download Demo    
Page: 8 / 15
Total 736 questions

What does the option * indicate?

A.

s

B.

t

C.

n

D.

a

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

A.

Reverse Social Engineering

B.

Tailgating

C.

Piggybacking

D.

Announced

What is the purpose of a demilitarized zone on a network?

A.

To scan all traffic coming through the DMZ to the internal network

B.

To only provide direct access to the nodes within the DMZ and protect the network behind it

C.

To provide a place to put the honeypot

D.

To contain the network devices you wish to protect

What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?

What kind of Web application vulnerability likely exists in their software?

A.

Host-Based Intrusion Detection System

B.

Security through obscurity

C.

Defense in depth

D.

Network-Based Intrusion Detection System

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wire shark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

A.

tcp.port != 21

B.

tcp.port = 23

C.

tcp.port ==21

D.

tcp.port ==21 || tcp.port ==22

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door.

In this case, we can say:

A.

Although the approach has two phases, it actually implements just one authentication factor

B.

The solution implements the two authentication factors: physical object and physical characteristic

C.

The solution will have a high level of false positives

D.

Biological motion cannot be used to identify people

Which of the following is the best countermeasure to encrypting ransomwares?

A.

Use multiple antivirus softwares

B.

Keep some generation of off-line backup

C.

Analyze the ransomware to get decryption key of encrypted data

D.

Pay a ransom

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

A.

All three servers need to be placed internally

B.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

C.

A web server and the database server facing the Internet, an application server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

A hacker named Jack is trying to compromise a bank’s computer system. He needs to know the operating system of that computer to launch further attacks.

What process would help him?

A.

Banner Grabbing

B.

IDLE/IPID Scanning

C.

SSDP Scanning

D.

UDP Scanning

In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

A.

Keyed Hashing

B.

Key Stretching

C.

Salting

D.

Double Hashing

Cross-site request forgery involves:

A.

A request sent by a malicious user from a browser to a server

B.

Modification of a request by a proxy between client and server

C.

A browser making a request to a server without the user’s knowledge

D.

A server making a request to another server without the user’s knowledge

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

A.

Nmap

B.

Cain & Abel

C.

Nessus

D.

Snort

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient’s consent, similar to email spamming?

A.

Bluesmacking

B.

Bluesniffing

C.

Bluesnarfing

D.

Bluejacking

An attacker scans a host with the below command. Which three flags are set? (Choose three.)

#nmap –sX host.domain.com

A.

This is ACK scan. ACK flag is set

B.

This is Xmas scan. SYN and ACK flags are set

C.

This is Xmas scan. URG, PUSH and FIN are set

D.

This is SYN scan. SYN flag is set

What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?

A.

Cross-site request forgery

B.

Cross-site scripting

C.

Session hijacking

D.

Server side request forgery