New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

CPEH-001 Certified Professional Ethical Hacker (CPEH) Questions and Answers

Questions 4

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Options:

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Buy Now
Questions 5

What is GINA?

Options:

A.

Gateway Interface Network Application

B.

GUI Installed Network Application CLASS

C.

Global Internet National Authority (G-USA)

D.

Graphical Identification and Authentication DLL

Buy Now
Questions 6

From the two screenshots below, which of the following is occurring?

Options:

A.

10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

B.

10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

C.

10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

D.

10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

Buy Now
Questions 7

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

C.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D.

Overwrites the original MBR and only executes the new virus code

Buy Now
Questions 8

Which of the following is assured by the use of a hash?

Options:

A.

Integrity

B.

Confidentiality

C.

Authentication

D.

Availability

Buy Now
Questions 9

Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.

What type of attack is outlined in the scenario?

Options:

A.

Watering Hole Attack

B.

Heartbleed Attack

C.

Shellshock Attack

D.

Spear Phising Attack

Buy Now
Questions 10

Fingerprinting an Operating System helps a cracker because:

Options:

A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Buy Now
Questions 11

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

Options:

A.

RC4

B.

RC5

C.

MD4

D.

MD5

Buy Now
Questions 12

Which of the following guidelines or standards is associated with the credit card industry?

Options:

A.

Control Objectives for Information and Related Technology (COBIT)

B.

Sarbanes-Oxley Act (SOX)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Payment Card Industry Data Security Standards (PCI DSS)

Buy Now
Questions 13

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

Options:

A.

Sender's public key

B.

Receiver's private key

C.

Receiver's public key

D.

Sender's private key

Buy Now
Questions 14

Which statement best describes a server type under an N-tier architecture?

Options:

A.

A group of servers at a specific layer

B.

A single server with a specific role

C.

A group of servers with a unique role

D.

A single server at a specific layer

Buy Now
Questions 15

Which cipher encrypts the plain text digit (bit or byte) one by one?

Options:

A.

Classical cipher

B.

Block cipher

C.

Modern cipher

D.

Stream cipher

Buy Now
Questions 16

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

Options:

A.

Legal, performance, audit

B.

Audit, standards based, regulatory

C.

Contractual, regulatory, industry

D.

Legislative, contractual, standards based

Buy Now
Questions 17

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

Options:

A.

Use port security on his switches.

B.

Use a tool like ARPwatch to monitor for strange ARP activity.

C.

Use a firewall between all LAN segments.

D.

If you have a small network, use static ARP entries.

E.

Use only static IP addresses on all PC's.

Buy Now
Questions 18

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

Options:

A.

Error-based SQL injection

B.

Blind SQL injection

C.

Union-based SQL injection

D.

NoSQL injection

Buy Now
Questions 19

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?

Options:

A.

Birthday attack

B.

Plaintext attack

C.

Meet in the middle attack

D.

Chosen ciphertext attack

Buy Now
Questions 20

During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded.

What type of firewall is inspecting outbound traffic?

Options:

A.

Application

B.

Circuit

C.

Stateful

D.

Packet Filtering

Buy Now
Questions 21

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Options:

A.

The host is likely a printer.

B.

The host is likely a Windows machine.

C.

The host is likely a Linux machine.

D.

The host is likely a router.

Buy Now
Questions 22

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com ", that the user is directed to a phishing site.

Which file does the attacker need to modify?

Options:

A.

Hosts

B.

Sudoers

C.

Boot.ini

D.

Networks

Buy Now
Questions 23

Which initial procedure should an ethical hacker perform after being brought into an organization?

Options:

A.

Begin security testing.

B.

Turn over deliverables.

C.

Sign a formal contract with non-disclosure.

D.

Assess what the organization is trying to protect.

Buy Now
Questions 24

How does the Address Resolution Protocol (ARP) work?

Options:

A.

It sends a request packet to all the network elements, asking for the MAC address from a specific IP.

B.

It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.

C.

It sends a reply packet for a specific IP, asking for the MAC address.

D.

It sends a request packet to all the network elements, asking for the domain name from a specific IP.

Buy Now
Questions 25

While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. What specific octet within the subnet does the technician see?

Options:

A.

10.10.10.10

B.

127.0.0.1

C.

192.168.1.1

D.

192.168.168.168

Buy Now
Questions 26

What is the approximate cost of replacement and recovery operation per year of a hard drive that has a value of $300 given that the technician who charges $10/hr would need 10 hours to restore OS and Software and needs further 4 hours to restore the database from the last backup to the new hard disk? Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

Options:

A.

$440

B.

$100

C.

$1320

D.

$146

Buy Now
Questions 27

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

Options:

A.

Do not reply to email messages or popup ads asking for personal or financial information

B.

Do not trust telephone numbers in e-mails or popup ads

C.

Review credit card and bank account statements regularly

D.

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

E.

Do not send credit card numbers, and personal or financial information via e-mail

Buy Now
Questions 28

A medium-sized healthcare IT business decides to implement a risk management strategy.

Which of the following is NOT one of the five basic responses to risk?

Options:

A.

Delegate

B.

Avoid

C.

Mitigate

D.

Accept

Buy Now
Questions 29

This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like.

What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

Options:

A.

footprinting

B.

network mapping

C.

gaining access

D.

escalating privileges

Buy Now
Questions 30

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

Options:

A.

Firewall-management policy

B.

Acceptable-use policy

C.

Remote-access policy

D.

Permissive policy

Buy Now
Questions 31

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it.

What should you do?

Options:

A.

Forward the message to your company’s security response team and permanently delete the message from your computer.

B.

Reply to the sender and ask them for more information about the message contents.

C.

Delete the email and pretend nothing happened

D.

Forward the message to your supervisor and ask for her opinion on how to handle the situation

Buy Now
Questions 32

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

Options:

A.

Online Attack

B.

Dictionary Attack

C.

Brute Force Attack

D.

Hybrid Attack

Buy Now
Questions 33

Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

Options:

A.

Height and Weight

B.

Voice

C.

Fingerprints

D.

Iris patterns

Buy Now
Questions 34

You are about to be hired by a well-known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the bank’s interest and your liabilities as a tester?

Options:

A.

Service Level Agreement

B.

Non-Disclosure Agreement

C.

Terms of Engagement

D.

Project Scope

Buy Now
Questions 35

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

Options:

A.

Gateway-based IDS

B.

Network-based IDS

C.

Host-based IDS

D.

Open source-based

Buy Now
Questions 36

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

Options:

A.

64 bit and CCMP

B.

128 bit and CRC

C.

128 bit and CCMP

D.

128 bit and TKIP

Buy Now
Questions 37

Which security control role does encryption meet?

Options:

A.

Preventative

B.

Detective

C.

Offensive

D.

Defensive

Buy Now
Questions 38

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

Options:

A.

IP Security (IPSEC)

B.

Multipurpose Internet Mail Extensions (MIME)

C.

Pretty Good Privacy (PGP)

D.

Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

Buy Now
Questions 39

At a Windows Server command prompt, which command could be used to list the running services?

Options:

A.

Sc query type= running

B.

Sc query \\servername

C.

Sc query

D.

Sc config

Buy Now
Questions 40

How can telnet be used to fingerprint a web server?

Options:

A.

telnet webserverAddress 80HEAD / HTTP/1.0

B.

telnet webserverAddress 80PUT / HTTP/1.0

C.

telnet webserverAddress 80HEAD / HTTP/2.0

D.

telnet webserverAddress 80PUT / HTTP/2.0

Buy Now
Questions 41

A circuit level gateway works at which of the following layers of the OSI Model?

Options:

A.

Layer 5 - Application

B.

Layer 4 – TCP

C.

Layer 3 – Internet protocol

D.

Layer 2 – Data link

Buy Now
Questions 42

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.

Which command would you use?

Options:

A.

c:\compmgmt.msc

B.

c:\services.msc

C.

c:\ncpa.cp

D.

c:\gpedit

Buy Now
Questions 43

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520.

What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Options:

A.

Private

B.

Public

C.

Shared

D.

Root

Buy Now
Questions 44

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

Options:

A.

Attacker generates TCP SYN packets with random destination addresses towards a victim host

B.

Attacker floods TCP SYN packets with random source addresses towards a victim host

C.

Attacker generates TCP ACK packets with random source addresses towards a victim host

D.

Attacker generates TCP RST packets with random source addresses towards a victim host

Buy Now
Questions 45

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

Options:

A.

PKI

B.

single sign on

C.

biometrics

D.

SOA

Buy Now
Questions 46

An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this?

Options:

A.

g++ hackersExploit.cpp -o calc.exe

B.

g++ hackersExploit.py -o calc.exe

C.

g++ -i hackersExploit.pl -o calc.exe

D.

g++ --compile –i hackersExploit.cpp -o calc.exe

Buy Now
Questions 47

What hacking attack is challenge/response authentication used to prevent?

Options:

A.

Replay attacks

B.

Scanning attacks

C.

Session hijacking attacks

D.

Password cracking attacks

Buy Now
Questions 48

Which of the following BEST describes how Address Resolution Protocol (ARP) works?

Options:

A.

It sends a reply packet for a specific IP, asking for the MAC address

B.

It sends a reply packet to all the network elements, asking for the MAC address from a specific IP

C.

It sends a request packet to all the network elements, asking for the domain name from a specific IP

D.

It sends a request packet to all the network elements, asking for the MAC address from a specific IP

Buy Now
Questions 49

There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the process. A term describes when two pieces of data result in the same value is?

Options:

A.

Collision

B.

Collusion

C.

Polymorphism

D.

Escrow

Buy Now
Questions 50

Your next door neighbor, that you do not get along with, is having issues with their network, so he yells to his spouse the network's SSID and password and you hear them both clearly. What do you do with this information?

Options:

A.

Nothing, but suggest to him to change the network's SSID and password.

B.

Sell his SSID and password to friends that come to your house, so it doesn't slow down your network.

C.

Log onto to his network, after all it's his fault that you can get in.

D.

Only use his network when you have large downloads so you don't tax your own network.

Buy Now
Questions 51

Which service in a PKI will vouch for the identity of an individual or company?

Options:

A.

KDC

B.

CA

C.

CR

D.

CBC

Buy Now
Questions 52

What is the best Nmap command to use when you want to list all devices in the same network quickly after you successfully identified a server whose IP address is 10.10.0.5?

Options:

A.

nmap -T4 -F 10.10.0.0/24

B.

nmap -T4 -q 10.10.0.0/24

C.

nmap -T4 -O 10.10.0.0/24

D.

nmap -T4 -r 10.10.1.0/24

Buy Now
Questions 53

The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?

Options:

A.

Accept

B.

Mitigate

C.

Delegate

D.

Avoid

Buy Now
Questions 54

A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library

are required to allow the NIC to work in promiscuous mode?

Options:

A.

Libpcap

B.

Awinpcap

C.

Winprom

D.

Winpcap

Buy Now
Questions 55

You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for.

Which of the below scanning technique will you use?

Options:

A.

ACK flag scanning

B.

TCP Scanning

C.

IP Fragment Scanning

D.

Inverse TCP flag scanning

Buy Now
Questions 56

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Options:

A.

Black-box

B.

Announced

C.

White-box

D.

Grey-box

Buy Now
Questions 57

Code injection is a form of attack in which a malicious user:

Options:

A.

Inserts text into a data field that gets interpreted as code

B.

Gets the server to execute arbitrary code using a buffer overflow

C.

Inserts additional code into the JavaScript running in the browser

D.

Gains access to the codebase on the server and inserts new code

Buy Now
Questions 58

Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

Options:

A.

[cache:]

B.

[site:]

C.

[inurl:]

D.

[link:]

Buy Now
Questions 59

Which tool can be used to silently copy files from USB devices?

Options:

A.

USB Grabber

B.

USB Dumper

C.

USB Sniffer

D.

USB Snoopy

Buy Now
Questions 60

Bluetooth uses which digital modulation technique to exchange information between paired devices?

Options:

A.

PSK (phase-shift keying)

B.

FSK (frequency-shift keying)

C.

ASK (amplitude-shift keying)

D.

QAM (quadrature amplitude modulation)

Buy Now
Questions 61

What is a successful method for protecting a router from potential smurf attacks?

Options:

A.

Placing the router in broadcast mode

B.

Enabling port forwarding on the router

C.

Installing the router outside of the network's firewall

D.

Disabling the router from accepting broadcast ping messages

Buy Now
Questions 62

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

Options:

A.

Asymmetric

B.

Confidential

C.

Symmetric

D.

Non-confidential

Buy Now
Questions 63

Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious Java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical Java script. What is the name of this technique to hide the code and extend analysis time?

Options:

A.

Encryption

B.

Code encoding

C.

Obfuscation

D.

Steganography

Buy Now
Questions 64

These hackers have limited or no training and know how to use only basic techniques or tools.

What kind of hackers are we talking about?

Options:

A.

Black-Hat Hackers A

B.

Script Kiddies

C.

White-Hat Hackers

D.

Gray-Hat Hacker

Buy Now
Questions 65

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

Options:

A.

Omnidirectional antenna

B.

Dipole antenna

C.

Yagi antenna

D.

Parabolic grid antenna

Buy Now
Questions 66

An attacker scans a host with the below command. Which three flags are set? (Choose three.)

#nmap –sX host.domain.com

Options:

A.

This is ACK scan. ACK flag is set

B.

This is Xmas scan. SYN and ACK flags are set

C.

This is Xmas scan. URG, PUSH and FIN are set

D.

This is SYN scan. SYN flag is set

Buy Now
Questions 67

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

Options:

A.

Injecting parameters into a connection string using semicolons as a separator

B.

Inserting malicious Javascript code into input parameters

C.

Setting a user's session identifier (SID) to an explicit known value

D.

Adding multiple parameters with the same name in HTTP requests

Buy Now
Questions 68

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

Options:

A.

The switches will drop into hub mode if the ARP cache is successfully flooded.

B.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D.

The switches will route all traffic to the broadcast address created collisions.

Buy Now
Questions 69

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL’s _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

Options:

A.

Relational, Hierarchical

B.

Strict, Abstract

C.

Hierarchical, Relational

D.

Simple, Complex

Buy Now
Questions 70

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

Options:

A.

Copy the system files from a known good system

B.

Perform a trap and trace

C.

Delete the files and try to determine the source

D.

Reload from a previous backup

E.

Reload from known good media

Buy Now
Questions 71

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

Options:

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Buy Now
Questions 72

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

Options:

A.

Eve is trying to connect as a user with Administrator privileges

B.

Eve is trying to enumerate all users with Administrative privileges

C.

Eve is trying to carry out a password crack for user Administrator

D.

Eve is trying to escalate privilege of the null user to that of Administrator

Buy Now
Questions 73

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Options:

A.

tcptrace

B.

tcptraceroute

C.

Nessus

D.

OpenVAS

Buy Now
Questions 74

In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of e-mails?

Options:

A.

A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name.

B.

Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers continuously.

C.

A blacklist of companies that have their mail server relays configured to be wide open.

D.

Tools that will reconfigure a mail server's relay component to send the e-mail back to the spammers occasionally.

Buy Now
Questions 75

The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

What is the closest approximate cost of this replacement and recovery operation per year?

Options:

A.

$146

B.

$1320

C.

$440

D.

$100

Buy Now
Questions 76

_________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attacks types.

Options:

A.

DNSSEC

B.

Zone transfer

C.

Resource transfer

D.

Resource records

Buy Now
Questions 77

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Options:

A.

Nikto

B.

Snort

C.

John the Ripper

D.

Dsniff

Buy Now
Questions 78

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

Options:

A.

Use cryptographic storage to store all PII

B.

Use encrypted communications protocols to transmit PII

C.

Use full disk encryption on all hard drives to protect PII

D.

Use a security token to log into all Web applications that use PII

Buy Now
Questions 79

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

Options:

A.

ARP Poisoning

B.

Smurf Attack

C.

DNS spoofing

D.

MAC Flooding

Buy Now
Questions 80

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

Options:

A.

Burp Suite

B.

OpenVAS

C.

tshark

D.

Kismet

Buy Now
Questions 81

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

Options:

A.

Wireshark

B.

Maltego

C.

Metasploit

D.

Nessus

Buy Now
Questions 82

You're doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out?

Options:

A.

Scan servers with Nmap

B.

Physically go to each server

C.

Scan servers with MBSA

D.

Telent to every port on each server

Buy Now
Questions 83

Which of the following is a low-tech way of gaining unauthorized access to systems?

Options:

A.

Social Engineering

B.

Sniffing

C.

Eavesdropping

D.

Scanning

Buy Now
Questions 84

Under the "Post-attack Phase and Activities", it is the responsibility of the tester to restore the systems to a pre-test state.

Which of the following activities should not be included in this phase? (see exhibit)

Exhibit:

Options:

A.

III

B.

IV

C.

III and IV

D.

All should be included.

Buy Now
Questions 85

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Options:

A.

Hping

B.

Traceroute

C.

TCP ping

D.

Broadcast ping

Buy Now
Questions 86

While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site:

Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: "Testing Testing Testing". Which vulnerability has been detected in the web application?

Options:

A.

Buffer overflow

B.

Cross-site request forgery

C.

Distributed denial of service

D.

Cross-site scripting

Buy Now
Questions 87

An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?

Options:

A.

Unplug the network connection on the company’s web server.

B.

Determine the origin of the attack and launch a counterattack.

C.

Record as much information as possible from the attack.

D.

Perform a system restart on the company’s web server.

Buy Now
Questions 88

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?

Options:

A.

Poly key exchange

B.

Cross certification

C.

Poly key reference

D.

Cross-site exchange

Buy Now
Questions 89

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

Options:

A.

Ping of death

B.

SYN flooding

C.

TCP hijacking

D.

Smurf attack

Buy Now
Questions 90

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

Options:

A.

symmetric algorithms

B.

asymmetric algorithms

C.

hashing algorithms

D.

integrity algorithms

Buy Now
Questions 91

Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

Options:

A.

SYN scan

B.

ACK scan

C.

RST scan

D.

Connect scan

E.

FIN scan

Buy Now
Questions 92

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Options:

A.

Birthday

B.

Brute force

C.

Man-in-the-middle

D.

Smurf

Buy Now
Questions 93

First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?

Options:

A.

Delete the email and pretend nothing happened.

B.

Forward the message to your supervisor and ask for her opinion on how to handle the situation.

C.

Forward the message to your company’s security response team and permanently delete the messagefrom your computer.

D.

Reply to the sender and ask them for more information about the message contents.

Buy Now
Questions 94

The following are types of Bluetooth attack EXCEPT_____?

Options:

A.

Bluejacking

B.

Bluesmaking

C.

Bluesnarfing

D.

Bluedriving

Buy Now
Questions 95

Which of the following Nmap commands would be used to perform a stack fingerprinting?

Options:

A.

Nmap -O -p80

B.

Nmap -hU -Q

C.

Nmap -sT -p

D.

Nmap -u -o -w2

E.

Nmap -sS -0p targe

Buy Now
Questions 96

While doing a technical assessment to determine network vulnerabilities, you used the TCP XMAS scan. What would be the response of all open ports?

Options:

A.

The port will send an ACK

B.

The port will send a SYN

C.

The port will ignore the packets

D.

The port will send an RST

Buy Now
Questions 97

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

Options:

A.

Only using OSPFv3 will mitigate this risk.

B.

Make sure that legitimate network routers are configured to run routing protocols with authentication.

C.

Redirection of the traffic cannot happen unless the admin allows it explicitly.

D.

Disable all routing protocols and only use static routes.

Buy Now
Questions 98

Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close.

What just happened?

Options:

A.

Phishing

B.

Whaling

C.

Tailgating

D.

Masquerading

Buy Now
Questions 99

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?

Options:

A.

In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name.

B.

Both pharming and phishing attacks are purely technical and are not considered forms of social engineering.

C.

Both pharming and phishing attacks are identical.

D.

In a phishing attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name.

Buy Now
Questions 100

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

Options:

A.

The document can be sent to the accountant using an exclusive USB for that document.

B.

The CFO can use a hash algorithm in the document once he approved the financial statements.

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.

D.

The CFO can use an excel file with a password.

Buy Now
Questions 101

Risks = Threats x Vulnerabilities is referred to as the:

Options:

A.

Risk equation

B.

Threat assessment

C.

BIA equation

D.

Disaster recovery formula

Buy Now
Questions 102

What tool should you use when you need to analyze extracted metadata from files you collected when you were in the initial stage of penetration test (information gathering)?

Options:

A.

Armitage

B.

Dimitry

C.

Metagoofil

D.

cdpsnarf

Buy Now
Questions 103

Which of the following processes evaluates the adherence of an organization to its stated security policy?

Options:

A.

Vulnerability assessment

B.

Penetration testing

C.

Risk assessment

D.

Security auditing

Buy Now
Questions 104

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.

Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.

In this context, what can you say?

Options:

A.

Bob can be right since DMZ does not make sense when combined with stateless firewalls

B.

Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one

C.

Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations

D.

Bob is partially right. DMZ does not make sense when a stateless firewall is available

Buy Now
Questions 105

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

Options:

A.

None of these scenarios compromise the privacy of Alice’s data

B.

Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrew’s attempt to access the stored data

C.

Hacker Harry breaks into the cloud server and steals the encrypted data

D.

Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

Buy Now
Questions 106

Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

Options:

A.

nmap -sn -sF 10.1.0.0/16 445

B.

nmap -p 445 -n -T4 –open 10.1.0.0/16

C.

nmap -s 445 -sU -T5 10.1.0.0/16

D.

nmap -p 445 –max -Pn 10.1.0.0/16

Buy Now
Questions 107

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

Options:

A.

Regularly test security systems and processes.

B.

Encrypt transmission of cardholder data across open, public networks.

C.

Assign a unique ID to each person with computer access.

D.

Use and regularly update anti-virus software on all systems commonly affected by malware.

Buy Now
Questions 108

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Options:

A.

Port security

B.

A Layer 2 Attack Prevention Protocol (LAPP)

C.

Dynamic ARP inspection (DAI)

D.

Spanning tree

Buy Now
Questions 109

An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.

Options:

A.

2

B.

256

C.

512

D.

Over 10, 000

Buy Now
Questions 110

Jack was attempting to fingerprint all machines in the network using the following Nmap syntax:

invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24

TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

Obviously, it is not going through. What is the issue here?

Options:

A.

OS Scan requires root privileges

B.

The nmap syntax is wrong.

C.

The outgoing TCP/IP fingerprinting is blocked by the host firewall

D.

This is a common behavior for a corrupted nmap application

Buy Now
Exam Code: CPEH-001
Exam Name: Certified Professional Ethical Hacker (CPEH)
Last Update: Dec 25, 2024
Questions: 736
CPEH-001 pdf

CPEH-001 PDF

$25.5  $84.99
CPEH-001 Engine

CPEH-001 Testing Engine

$30  $99.99
CPEH-001 PDF + Engine

CPEH-001 PDF + Testing Engine

$40.5  $134.99