Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
GAQM
Information Systems Security
CPEH-001
Certified Professional Ethical Hacker (CPEH) Questions and Answers

Pass the GAQM Information Systems Security CPEH-001 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam CPEH-001 Premium Access

View all detail and faqs for the CPEH-001 exam

Go to Exam

697 Students Passed

84% Average Score

91% Same Questions

Viewing page 13 out of 15 pages

Viewing questions 181-195 out of questions

Questions # 181:

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

Options:

Timing attack

Replay attack

Memory trade-off attack

Chosen plain-text attack

Answer

Questions # 182:

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?

Options:

Birthday attack

Plaintext attack

Meet in the middle attack

Chosen ciphertext attack

Answer

Questions # 183:

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Options:

Certificate authority

Validation authority

Registration authority

Verification authority

Answer

Questions # 184:

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

Options:

Threaten to publish the penetration test results if not paid.

Follow proper legal procedures against the company to request payment.

Tell other customers of the financial problems with payments from this company.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Answer

Questions # 185:

Which security strategy requires using several, varying methods to protect IT systems against attacks?

Options:

Defense in depth

Three-way handshake

Covert channels

Exponential backoff algorithm

Answer

Questions # 186:

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

Options:

They provide a repeatable framework.

Anyone can run the command line scripts.

They are available at low cost.

They are subject to government regulation.

Answer

Questions # 187:

Which initial procedure should an ethical hacker perform after being brought into an organization?

Options:

Begin security testing.

Turn over deliverables.

Sign a formal contract with non-disclosure.

Assess what the organization is trying to protect.

Answer

Questions # 188:

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

Options:

The key entered is a symmetric key used to encrypt the wireless data.

The key entered is a hash that is used to prove the integrity of the wireless data.

The key entered is based on the Diffie-Hellman method.

The key is an RSA key used to encrypt the wireless data.

Answer

Questions # 189:

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

Options:

Legal, performance, audit

Audit, standards based, regulatory

Contractual, regulatory, industry

Legislative, contractual, standards based

Answer

Questions # 190:

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

Options:

The root CA is the recovery agent used to encrypt data when a user's certificate is lost.

The root CA stores the user's hash value for safekeeping.

The CA is the trusted root that issues certificates.

The root CA is used to encrypt email messages to prevent unintended disclosure of data.

Answer

Questions # 191:

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

Options:

Start by foot printing the network and mapping out a plan of attack.

Ask the employer for authorization to perform the work outside the company.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

Answer

Questions # 192:

Which of the following is an example of IP spoofing?

Options:

SQL injections

Man-in-the-middle

Cross-site scripting

ARP poisoning

Answer

Questions # 193:

Which of the following is a form of penetration testing that relies heavily on human interaction and often involves tricking people into breaking normal security procedures?