CEH-001 GAQM Exam Questions and Free Practice Test

Question 103

- (Topic 5)
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate,
then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

A. Man trap

B. Tailgating

C. Shoulder surfing

D. Social engineering

Correct Answer:B

Question 104

- (Topic 8)
Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email liza@yahoo.com'. The application displays server error. What is wrong with the web application?

A. The email is not valid

B. User input is not sanitized

C. The web server may be down

D. The ISP connection is not reliable

Correct Answer:B
All input from web browsers, such as user data from HTML forms and cookies, must be stripped of special characters and HTML tags as described in the following CERT advisories:
http://www.cert.org/advisories/CA-1997-25.html http://www.cert.org/advisories/CA-2000-02.html

Question 105

- (Topic 3)
You are writing security policy that hardens and prevents Footprinting attempt by Hackers. Which of the following countermeasures will NOT be effective against this attack?

A. Configure routers to restrict the responses to Footprinting requests

B. Configure Web Servers to avoid information leakage and disable unwanted protocols

C. Lock the ports with suitable Firewall configuration

D. Use an IDS that can be configured to refuse suspicious traffic and pick up Footprinting patterns

E. Evaluate the information before publishing it on the Website/Intranet

F. Monitor every employee computer with Spy cameras, keyloggers and spy on them

G. Perform Footprinting techniques and remove any sensitive information found on DMZ sites

H. Prevent search engines from caching a Webpage and use anonymous registration services

I. Disable directory and use split-DNS

Correct Answer:F

Question 106

- (Topic 3)
Perimeter testing means determining exactly what your firewall blocks and what it allows. To conduct a good test, you can spoof source IP addresses and source ports. Which of the following command results in packets that will appear to originate from the system at 10.8.8.8? Such a packet is useful for determining whether the firewall is allowing random packets in or out of your network.

A. hping3 -T 10.8.8.8 -S netbios -c 2 -p 80

B. hping3 -Y 10.8.8.8 -S windows -c 2 -p 80

C. hping3 -O 10.8.8.8 -S server -c 2 -p 80

D. hping3 -a 10.8.8.8 -S springfield -c 2 -p 80

Correct Answer:D

Question 107

- (Topic 5)
An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?

A. Classified

B. Overt

C. Encrypted

D. Covert

Correct Answer:D

Question 108

- (Topic 8)
Which of the following is the best way an attacker can passively learn about technologies used in an organization?

A. By sending web bugs to key personnel

B. By webcrawling the organization web site

C. By searching regional newspapers and job databases for skill sets technology hires need to possess in the organization

D. By performing a port scan on the organization's web site

Correct Answer:C
Note: Sending web bugs, webcrawling their site and port scanning are considered "active" attacks, the question asks "passive"

START CEH-001 EXAM