GAQM CEH-001 Practice 2019

100% Guarantee of CEH-001 exam prep materials and courses for GAQM certification for {examinee}, Real Success Guaranteed with Updated CEH-001 pdf dumps vce Materials. 100% PASS Certified Ethical Hacker (CEH) exam Today!


John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately.
What would you suggest to John to help identify the OS that is being used on the remote web server?

  • A. Connect to the web server with a browser and look at the web page.
  • B. Connect to the web server with an FTP client.
  • C. Telnet to port 8080 on the web server and look at the default page code.
  • D. Telnet to an open port and grab the banner.

Answer: D

Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.


Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?

  • A. Finger
  • B. FTP
  • C. Samba
  • D. SMB

Answer: D

The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.


John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the log files to investigate the attack. Take a look at the following Linux log file snippet. The hacker compromised and "owned" a Linux machine. What is the hacker trying to accomplish here?
CEH-001 dumps exhibit

  • A. The hacker is attempting to compromise more machines on the network
  • B. The hacker is planting a rootkit
  • C. The hacker is running a buffer overflow exploit to lock down the system
  • D. The hacker is trying to cover his tracks

Answer: D


_____ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer

  • A. Alternate Data Streams
  • B. Merge Streams
  • C. Steganography
  • D. NetBIOS vulnerability

Answer: A


Joe Hacker is going wardriving. He is going to use PrismStumbler and wants it to go to a GPS mapping software application. What is the recommended and well-known GPS mapping package that would interface with PrismStumbler?
Select the best answer.

  • A. GPSDrive
  • B. GPSMap
  • C. WinPcap
  • D. Microsoft Mappoint

Answer: A

GPSDrive is a Linux GPS mapping package. It recommended to be used to send PrismStumbler data to so that it can be mapped. GPSMap is a generic term and not a real software package. WinPcap is a packet capture library for Windows. It is used to capture packets and deliver them to other programs for analysis. As it is for Windows, it isn't going to do what Joe Hacker is wanting to do. Microsoft Mappoint is a Windows application. PrismStumbler is a Linux application. Thus, these two are not going to work well together.


Here is the ASCII Sheet.
CEH-001 dumps exhibit
You want to guess the DBO username juggyboy (8 characters) using Blind SQL Injection
What is the correct syntax?
CEH-001 dumps exhibit

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

Answer: A


Bob has been hired to do a web application security test. Bob notices that the site is dynamic and must make use of a back end database. Bob wants to see if SQL Injection would be possible. What is the first character that Bob should use to attempt breaking valid SQL request?

  • A. Semi Column
  • B. Double Quote
  • C. Single Quote
  • D. Exclamation Mark

Answer: C


What are the limitations of Vulnerability scanners? (Select 2 answers)

  • A. There are often better at detecting well-known vulnerabilities than more esoteric ones
  • B. The scanning speed of their scanners are extremely high
  • C. It is impossible for any, one scanning product to incorporate all known vulnerabilities in a timely manner
  • D. The more vulnerabilities detected, the more tests required
  • E. They are highly expensive and require per host scan license

Answer: AC


Which initial procedure should an ethical hacker perform after being brought into an organization?

  • A. Begin security testing.
  • B. Turn over deliverables.
  • C. Sign a formal contract with non-disclosure.
  • D. Assess what the organization is trying to protect.

Answer: C


Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display, or modify ACL’s (access control lists) to files or folders and also one that can be used within batch files.
Which of the following tools can be used for that purpose? (Choose the best answer)

  • A. PERM.exe
  • B. CACLS.exe
  • C. CLACS.exe
  • D. NTPERM.exe

Answer: B

Cacls.exe is a Windows NT/2000/XP command-line tool you can use to assign, display, or modify ACLs (access control lists) to files or folders. Cacls is an interactive tool, and since it's a command-line utility, you can also use it in batch files.


Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?

  • A. Key registry
  • B. Recovery agent
  • C. Directory
  • D. Key escrow

Answer: D


How does an operating system protect the passwords used for account logins?

  • A. The operating system performs a one-way hash of the passwords.
  • B. The operating system stores the passwords in a secret file that users cannot find.
  • C. The operating system encrypts the passwords, and decrypts them when needed.
  • D. The operating system stores all passwords in a protected segment of non-volatile memory.

Answer: A


In Trojan terminology, what is required to create the executable file chess.exe as shown below?
CEH-001 dumps exhibit

  • A. Mixer
  • B. Converter
  • C. Wrapper
  • D. Zipper

Answer: C


This tool is widely used for ARP Poisoning attack. Name the tool.
CEH-001 dumps exhibit

  • A. Cain and Able
  • B. Beat Infector
  • C. Poison Ivy
  • D. Webarp Infector

Answer: A


An NMAP scan of a server shows port 69 is open. What risk could this pose?

  • A. Unauthenticated access
  • B. Weak SSL version
  • C. Cleartext login
  • D. Web portal data leak

Answer: A


What type of encryption does WPA2 use?

  • A. DES 64 bit
  • B. AES-CCMP 128 bit
  • C. MD5 48 bit
  • D. SHA 160 bit

Answer: B


A company has made the decision to host their own email and basic web services. The administrator needs to set up the external firewall to limit what protocols should be allowed to get to the public part of the company's network. Which ports should the administrator open? (Choose three.)

  • A. Port 22
  • B. Port 23
  • C. Port 25
  • D. Port 53
  • E. Port 80
  • F. Port 139
  • G. Port 445

Answer: CDE


In an attempt to secure his 802.11b wireless network, Ulf decides to use a strategic antenna positioning. He places the antenna for the access points near the center of the building. For those access points near the outer edge of the building he uses semi- directional antennas that face towards the building’s center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Ulf figures that with this and his placement of antennas, his wireless network will be safe from attack.
Which of the following statements is true?

  • A. With the 300 feet limit of a wireless signal, Ulf’s network is safe.
  • B. Wireless signals can be detected from miles away, Ulf’s network is not safe.
  • C. Ulf’s network will be safe but only of he doesn’t switch to 802.11a.
  • D. Ulf’s network will not be safe until he also enables WEP.

Answer: D


You want to know whether a packet filter is in front of Pings to don't get answered. A basic nmap scan of seems to hang without returning any information. What should you do next?

  • A. Run NULL TCP hping2 against
  • B. Run nmap XMAS scan against
  • C. The firewall is blocking all the scans to
  • D. Use NetScan Tools Pro to conduct the scan

Answer: A


Identify SQL injection attack from the HTTP requests shown below:

  • A. http://www.myserver.c0m/search.asp? lname=smith%27%3bupdate%20usertable%20set%20passwd%3d%27hAx0r%27%3b--%00
  • B. http://www.myserver.c0m/script.php?mydata=%3cscript%20src=%22
  • C. http%3a%2f%2fwww.yourserver.c0m%2fbadscript.js%22%3e%3c%2fscript%3e
  • D. accountnumber=67891&creditamount=999999999

Answer: A


The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination.
The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.
CEH-001 dumps exhibit
How would you overcome the Firewall restriction on ICMP ECHO packets?

  • A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connection
  • B. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
  • C. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connection
  • D. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
  • E. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connection
  • F. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
  • G. Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command
  • H. \> JOHNTHETRACER -F -evade

Answer: A


____ is one of the programs used to wardial.

  • A. DialIT
  • B. Netstumbler
  • C. TooPac
  • D. Kismet
  • E. ToneLoc

Answer: E

ToneLoc is one of the programs used to wardial. While this is considered an "old school" technique, it is still effective at finding backdoors and out of band network entry points.


What happens during a SYN flood attack?

  • A. TCP connection requests floods a target machine is flooded with randomized source address & ports for the TCP ports.
  • B. A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host’s address as both source and destination, and is using the same port on the target host as both source and destination.
  • C. A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field.
  • D. A TCP packet is received with both the SYN and the FIN bits set in the flags field.

Answer: A


The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line in the source code that might lead to buffer overflow?
CEH-001 dumps exhibit

  • A. 9A.9
  • B. 17B.17
  • C. 20C.20
  • D. 32D.32
  • E. 35E.35

Answer: B


To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

  • A. Recipient's private key
  • B. Recipient's public key
  • C. Master encryption key
  • D. Sender's public key

Answer: B


What techniques would you use to evade IDS during a Port Scan? (Select 4 answers)

  • A. Use fragmented IP packets
  • B. Spoof your IP address when launching attacks and sniff responses from the server
  • C. Overload the IDS with Junk traffic to mask your scan
  • D. Use source routing (if possible)
  • E. Connect to proxy servers or compromised Trojaned machines to launch attacks

Answer: ABDE


100% Valid and Newest Version CEH-001 Questions & Answers shared by Certstest, Get Full Dumps HERE: (New 878 Q&As)