Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
GAQM
Information Systems Security
CPEH-001
Certified Professional Ethical Hacker (CPEH) Questions and Answers

Pass the GAQM Information Systems Security CPEH-001 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam CPEH-001 Premium Access

View all detail and faqs for the CPEH-001 exam

Go to Exam

697 Students Passed

84% Average Score

91% Same Questions

Viewing page 8 out of 15 pages

Viewing questions 106-120 out of questions

Questions # 106:

Which of the following program infects the system boot sector and the executable files at the same time?

Options:

Stealth virus

Polymorphic virus

Macro virus

Multipartite Virus

Answer

Questions # 107:

In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

Options:

Keyed Hashing

Key Stretching

Salting

Double Hashing

Answer

Questions # 108:

You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation?

Options:

Double quotation

Backslash

Semicolon

Single quotation

Answer

Questions # 109:

What is the purpose of a demilitarized zone on a network?

Options:

To scan all traffic coming through the DMZ to the internal network

To only provide direct access to the nodes within the DMZ and protect the network behind it

To provide a place to put the honeypot

To contain the network devices you wish to protect

Answer

Questions # 110:

What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?

Options:

Cross-site request forgery

Cross-site scripting

Session hijacking

Server side request forgery

Answer

Questions # 111:

During the process of encryption and decryption, what keys are shared?

Options:

Private keys

User passwords

Public keys

Public and private keys

Answer

Questions # 112:

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

Options:

Identifying operating systems, services, protocols and devices

Modifying and replaying captured network traffic

Collecting unencrypted information about usernames and passwords

Capturing a network traffic for further analysis

Answer

Questions # 113:

Your business has decided to add credit card numbers to the data it backs up to tape. Which of the

following represents the best practice your business should observe?

Options:

Hire a security consultant to provide direction.

Do not back up cither the credit card numbers or then hashes.

Back up the hashes of the credit card numbers not the actual credit card numbers.

Encrypt backup tapes that are sent off-site.

Answer

Questions # 114:

An attacker scans a host with the below command. Which three flags are set? (Choose three.)

#nmap –sX host.domain.com

Options:

This is ACK scan. ACK flag is set

This is Xmas scan. SYN and ACK flags are set

This is Xmas scan. URG, PUSH and FIN are set

This is SYN scan. SYN flag is set

Answer

Questions # 115:

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 – 54373 10.249.253.15 – 22 tcp_ip

Options:

SSH communications are encrypted it’s impossible to know who is the client or the server

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the server

Answer

Questions # 116:

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

Options:

Authentication

Confidentiality

Integrity

Non-Repudiation

Answer

Questions # 117:

Which of the below hashing functions are not recommended for use?

Options:

SHA-1.ECC

MD5, SHA-1

SHA-2. SHA-3

MD5. SHA-5

Answer

Questions # 118:

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Options:

Black-box

Announced

White-box

Grey-box

Answer

Questions # 119:

Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer’s activity on the site. These tools are located on the servers of the marketing company.

What is the main security risk associated with this scenario?

Options:

External script contents could be maliciously modified without the security team knowledge

External scripts have direct access to the company servers and can steal the data from there

There is no risk at all as the marketing services are trustworthy

External scripts increase the outbound company data traffic which leads greater financial losses

Answer

Questions # 120:

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?