Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
GAQM
Information Systems Security
CPEH-001
Certified Professional Ethical Hacker (CPEH) Questions and Answers

Pass the GAQM Information Systems Security CPEH-001 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam CPEH-001 Premium Access

View all detail and faqs for the CPEH-001 exam

Go to Exam

697 Students Passed

84% Average Score

91% Same Questions

Viewing page 9 out of 15 pages

Viewing questions 121-135 out of questions

Questions # 121:

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Options:

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Symmetric encryption allows the server to securely transmit the session keys out-of-band.

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

Answer

Questions # 122:

Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?

Options:

Command Injection Attacks

File Injection Attack

Cross-Site Request Forgery (CSRF)

Hidden Field Manipulation Attack

Answer

Questions # 123:

What would you enter, if you wanted to perform a stealth scan using Nmap?

Options:

nmap -sU

nmap -sS

nmap -sM

nmap -sT

Answer

Questions # 124:

In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

Options:

Chosen-plaintext attack

Ciphertext-only attack

Adaptive chosen-plaintext attack

Known-plaintext attack

Answer

Questions # 125:

From the following table, identify the wrong answer in terms of Range (ft).

Question # 125

Options:

802.11b

802.11g

802.16(WiMax)

802.11a

Answer

Questions # 126:

What is the minimum number of network connections in a multi homed firewall?

Options:

Answer

Questions # 127:

Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

Options:

[cache:]

[site:]

[inurl:]

[link:]

Answer

Questions # 128:

Which of the following is the best countermeasure to encrypting ransomwares?

Options:

Use multiple antivirus softwares

Keep some generation of off-line backup

Analyze the ransomware to get decryption key of encrypted data

Pay a ransom

Answer

Questions # 129:

During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded.

What type of firewall is inspecting outbound traffic?

Options:

Application

Circuit

Stateful

Packet Filtering

Answer

Explanation

An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer. Conventional firewalls merely control the flow of data to and from the central processing unit (CPU), examining each packet and determining whether or not to forward it toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data by specific applications.

References: http://searchsoftwarequality.techtarget.com/definition/application-firewall

Questions # 130:

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.

Which command would you use?

Options:

c:\compmgmt.msc

c:\services.msc

c:\ncpa.cp

c:\gpedit

Answer

Explanation

To start the Computer Management Console from command line just type compmgmt.msc /computer:computername in your run box or at the command line and it should automatically open the Computer Management console.

References: http://www.waynezim.com/tag/compmgmtmsc/

Questions # 131:

You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it.

What tool will help you with the task?

Options:

Metagoofil

Armitage

Dimitry

cdpsnarf

Answer

Explanation

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.

Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner? and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.

References: http://www.edge-security.com/metagoofil.php

Questions # 132:

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com ", that the user is directed to a phishing site.

Which file does the attacker need to modify?

Options:

Hosts

Sudoers

Boot.ini

Networks

Answer

Explanation

The hosts file is a computer file used by an operating system to map hostnames to IP addresses. The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more host names.

References: https://en.wikipedia.org/wiki/Hosts_(file)

Questions # 133:

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account.

What should you do?

Options:

Report immediately to the administrator

Do not report it and continue the penetration test.

Transfer money from the administrator's account to another account.

Do not transfer the money but steal the bitcoins.

Answer

Questions # 134:

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

Options:

PKI

single sign on

biometrics

SOA

Answer

Explanation

A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates [1] and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email.

References: https://en.wikipedia.org/wiki/Public_key_infrastructure

Questions # 135:

Which of the following is a component of a risk assessment?