What Practical CEH-001 exam question Is?

CEH-001 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!


Product Description:
Exam Number/Code: CEH-001
Exam name: Certified Ethical Hacker (CEH)
n questions with full explanations
Certification: GAQM Certification
Last updated on Global synchronizing

Free Certification Real IT CEH-001 Exam pdf Collection

High quality of CEH-001 practice exam materials and vce for GAQM certification for client, Real Success Guaranteed with Updated CEH-001 pdf dumps vce Materials. 100% PASS Certified Ethical Hacker (CEH) exam Today!

Q441.  - (Topic 8)

Look at the following SQL query.

SELECT * FROM product WHERE PCategory='computers' or 1=1--' What will it return? Select the best answer.

A. All computers and all 1's

B. All computers

C. All computers and everything else

D. Everything except computers

Answer: C


The 1=1 tells the SQL database to return everything, a simplified statement would be SELECT * FROM product WHERE 1=1 (which will always be true for all columns). Thus, this query will return all computers and everything else. The or 1=1 is a common test to see if a web application is vulnerable to a SQL attack.

Q442.  - (Topic 6)

You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of which protocols are being used. You need to discover as many different protocols as possible.

Which kind of scan would you use to achieve this? (Choose the best answer)

A. Nessus scan with TCP based pings.

B. Nmap scan with the –sP (Ping scan) switch.

C. Netcat scan with the –u –e switches.

D. Nmap with the –sO (Raw IP packets) switch.

Answer: D

Explanation: Running Nmap with the –sO switch will do a IP Protocol Scan. The IP protocol scan is a bit different than the other nmap scans. The IP protocol scan is searching for additional IP protocols in use by the remote station, such as ICMP, TCP, and UDP. If a router is scanned, additional IP protocols such as EGP or IGP may be identified.

Q443.  - (Topic 3)

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

A. Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

B. Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

C. Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

D. Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Answer: A

Q444.  - (Topic 3)

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?

A. Birthday attack

B. Plaintext attack

C. Meet in the middle attack

D. Chosen ciphertext attack

Answer: D

Q445.  - (Topic 8)

Sandra is conducting a penetration test for XYZ.com. She knows that XYZ.com is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g. Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions herself around the building several times, Sandra is not able to detect a single AP.

What do you think is the reason behind this?

A. Netstumbler does not work against 802.11g.

B. You can only pick up 802.11g signals with 802.11a wireless cards.

C. The access points probably have WEP enabled so they cannot be detected.

D. The access points probably have disabled broadcasting of the SSID so they cannot be detected.

E. 802.11g uses OFDM while 802.11b uses DSSS so despite the same frequency and 802.11b card cannot see an 802.11g signal.

F. Sandra must be doing something wrong, as there is no reason for her to not see the signals.

Answer: E

Q446.  - (Topic 8)

Basically, there are two approaches to network intrusion detection: signature detection, and anomaly detection. The signature detection approach utilizes well-known signatures for network traffic to identify potentially malicious traffic. The anomaly detection approach utilizes a previous history of network traffic to search for patterns that are abnormal, which would indicate an intrusion. How can an attacker disguise his buffer overflow attack signature such that there is a greater probability of his attack going undetected by the IDS?

A. He can use a shellcode that will perform a reverse telnet back to his machine

B. He can use a dynamic return address to overwrite the correct value in the target machine computer memory

C. He can chain NOOP instructions into a NOOP "sled" that advances the processor's instruction pointer to a random place of choice

D. He can use polymorphic shell code-with a tool such as ADMmutate - to change the signature of his exploit as seen by a network IDS

Answer: D

Explanation: ADMmutate is using a polymorphic technique designed to circumvent certain forms of signature based intrusion detection. All network based remote buffer overflow exploits have similarities in how they function. ADMmutate has the ability to emulate the protocol of the service the attacker is attempting to exploit. The data payload (sometimes referred to as an egg) contains the instructions the attacker wants to execute on the target machine. These eggs are generally interchangeable and can be utilized in many different buffer overflow exploits. ADMmutate uses several techniques to randomize the contents of the egg in any given buffer overflow exploit. This randomization effectively changes the content or 'signature' of the exploit without changing the functionality of the exploit.

Q447.  - (Topic 6)

Which of the following tools can be used to perform a zone transfer?

A. NSLookup

B. Finger

C. Dig

D. Sam Spade

E. Host

F. Netcat

G. Neotrace

Answer: A,C,D,E

Explanation: There are a number of tools that can be used to perform a zone transfer. Some of these include: NSLookup, Host, Dig, and Sam Spade.

Q448.  - (Topic 2)

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line in the source code that might lead to buffer overflow?

A. 9A.9 

B. 17B.17 

C. 20C.20 

D. 32D.32 

E. 35E.35

Answer: B

Topic 3, Volume C

201.  - (Topic 3)

What type of port scan is shown below?

A. Idle Scan

B. Windows Scan

C. XMAS Scan

D. SYN Stealth Scan

Answer: C

Q449.  - (Topic 5)

What results will the following command yielD. 'NMAP -sS -O -p 123-153'?

A. A stealth scan, opening port 123 and 153

B. A stealth scan, checking open ports 123 to 153

C. A stealth scan, checking all open ports excluding ports 123 to 153

D. A stealth scan, determine operating system, and scanning ports 123 to 153

Answer: D

Q450.  - (Topic 7)

When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?

A. macof

B. webspy

C. filesnarf

D. nfscopy

Answer: C

Explanation: Filesnarf - sniff files from NFS traffic OPTIONS

-i interface

Specify the interface to listen on.

-v "Versus" mode. Invert thesenseofmatching, to select non-matching files.


Specify regular expression for filename matching.


Specifyatcpdump(8)filter expression to select traffic to sniff.


Dsniff, nfsd