Curious about Actual GAQM GAQM CEH (CPEH-001) Exam Questions?

Here are sample GAQM Certified Professional Ethical Hacker (CPEH) (CPEH-001) Exam questions from real exam. You can get more GAQM GAQM CEH (CPEH-001) Exam premium practice questions at TestInsights.

Page: 1 /
Total 877 questions

Want more questions? Get Premium Access.

Question 1

Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?

AThey are using UDP that is always authorized at the firewall

BThey are using an older version of Internet Explorer that allow them to bypass the proxy server

CThey have been able to compromise the firewall, modify the rules, and give themselves proper access

DThey are using tunneling software that allows them to communicate with protocols in a way it was not intended

Correct : D

This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AThey are using UDP that is always authorized at the firewall

BThey are using an older version of Internet Explorer that allow them to bypass the proxy server

CThey have been able to compromise the firewall, modify the rules, and give themselves proper access

DThey are using tunneling software that allows them to communicate with protocols in a way it was not intended

0 / 1500

Question 2

Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference?

AEric network has been penetrated by a firewall breach

BThe attacker is using the ICMP protocol to have a covert channel

CEric has a Wingate package providing FTP redirection on his network

DSomebody is using SOCKS on the network to communicate through the firewall

Correct : D

Port Description:

SOCKS. SOCKS port, used to support outbound tcp services (FTP, HTTP, etc). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and \bounce\ out to another internal host. Done to either reach a protected internal host or mask true source of attack. Listen for connection attempts to this port -- good sign of port scans, SOCKS-probes, or bounce attacks. Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows attacker to access web sites, etc. that were restricted only to.mil domain hosts.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AEric network has been penetrated by a firewall breach

BThe attacker is using the ICMP protocol to have a covert channel

CEric has a Wingate package providing FTP redirection on his network

DSomebody is using SOCKS on the network to communicate through the firewall

0 / 1500

Question 3

Exhibit:

Given the following extract from the snort log on a honeypot, what service is being exploited? :

AFTP

BSSH

CTelnet

DSMTP

Correct : A

The connection is done to 172.16.1.104:21.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AFTP

BSSH

CTelnet

DSMTP

0 / 1500

Question 4

There are two types of honeypots- high and low interaction. Which of these describes a low interaction honeypot? Select the best answers.

AEmulators of vulnerable programs

BMore likely to be penetrated

CEasier to deploy and maintain

DTend to be used for production

EMore detectable

FTend to be used for research
Explanations:
A low interaction honeypot would have emulators of vulnerable programs, not the real programs.
A high interaction honeypot is more likely to be penetrated as it is running the real program and is more vulnerable than an emulator.
Low interaction honeypots are easier to deploy and maintain. Usually you would just use a program that is already available for download and install it. Hackers don't usually crash or destroy these types of programs and it would require little maintenance.
A low interaction honeypot tends to be used for production.
Low interaction honeypots are more detectable because you are using emulators of the real programs. Many hackers will see this and realize that they are in a honeypot.
A low interaction honeypot tends to be used for production. A high interaction honeypot tends to be used for research.

Correct : A, C, D, E

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AEmulators of vulnerable programs

BMore likely to be penetrated

CEasier to deploy and maintain

DTend to be used for production

EMore detectable

0 / 1500

Question 5

The following exploit code is extracted from what kind of attack?

ARemote password cracking attack

BSQL Injection

CDistributed Denial of Service

DCross Site Scripting

EBuffer Overflow

Correct : E

This is a buffer overflow with it's payload in hex format.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ARemote password cracking attack

BSQL Injection

CDistributed Denial of Service

DCross Site Scripting

EBuffer Overflow

0 / 1500

Page: 1 / 176
Total 877 questions

Unlock Full
CPEH-001 Exam Features

In Just $49 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
CPEH-001 Exam

CPEH-001 Exam Question 1
CPEH-001 Exam Question 2
CPEH-001 Exam Question 3
CPEH-001 Exam Question 4
CPEH-001 Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login