CEH-001 GAQM Exam Questions and Free Practice Test

Question 37

- (Topic 7)
Exhibit:
CEH-001 dumps exhibit
Study the following log extract and identify the attack.

A. Hexcode Attack

B. Cross Site Scripting

C. Multiple Domain Traversal Attack

D. Unicode Directory Traversal Attack

Correct Answer:D
The “Get /msadc/……/……/……/winnt/system32/cmd.exe?” shows that a Unicode Directory Traversal Attack has been performed.

Question 38

- (Topic 7)
Exhibit:
ettercap –NCLzs --quiet
What does the command in the exhibit do in “Ettercap”?

A. This command will provide you the entire list of hosts in the LAN

B. This command will check if someone is poisoning you and will report its IP.

C. This command will detach from console and log all the collected passwords from the network to a file.

D. This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.

Correct Answer:C
-N = NON interactive mode (without ncurses)
-C = collect all users and passwords
-L = if used with -C (collector) it creates a file with all the password sniffed in the session in the form "YYYYMMDD-collected-pass.log"
-z = start in silent mode (no arp storm on start up)
-s = IP BASED sniffing
--quiet = "demonize" ettercap. Useful if you want to log all data in background.

Question 39

- (Topic 1)
Neil is a network administrator working in Istanbul. Neil wants to setup a protocol analyzer on his network that will receive a copy of every packet that passes through the main office switch. What type of port will Neil need to setup in order to accomplish this?

A. Neil will have to configure a Bridged port that will copy all packets to the protocol analyzer.

B. Neil will need to setup SPAN port that will copy all network traffic to the protocol analyzer.

C. He will have to setup an Ether channel port to get a copy of all network traffic to the analyzer.

D. He should setup a MODS port which will copy all network traffic.

Correct Answer:B

Question 40

- (Topic 6)
What are two things that are possible when scanning UDP ports? (Choose two.

A. A reset will be returned

B. An ICMP message will be returned

C. The four-way handshake will not be completed

D. An RFC 1294 message will be returned

E. Nothing

Correct Answer:BE
Closed UDP ports can return an ICMP type 3 code 3 message. No response can mean the port is open or the packet was silently dropped.

Question 41

- (Topic 6)
Because UDP is a connectionless protocol: (Select 2)

A. UDP recvfrom() and write() scanning will yield reliable results

B. It can only be used for Connect scans

C. It can only be used for SYN scans

D. There is no guarantee that the UDP packets will arrive at their destination

E. ICMP port unreachable messages may not be returned successfully

Correct Answer:DE
Neither UDP packets, nor the ICMP errors are guaranteed to arrive, so UDP scanners must also implement retransmission of packets that appear to be lost (or you will get a bunch of false positives).

Question 42

- (Topic 7)
The follows is an email header. What address is that of the true originator of the message?
CEH-001 dumps exhibit

A. 19.25.19.10

B. 51.32.123.21

C. 168.150.84.123

D. 215.52.220.122

E. 8.10.2/8.10.2

Correct Answer:C
Spoofing can be easily achieved by manipulating the "from" name field, however, it is much more difficult to hide the true source address. The "received from" IP address 168.150.84.123 is the true source of the

START CEH-001 EXAM