最新的GAQM certification認證 CEH-001考試題庫

問題1

Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display, or modify ACL's (access control lists) to files or folders and also one that can be used within batch files.
Which of the following tools can be used for that purpose? (Choose the best answer)

A. NTPERM.exe

B. CACLS.exe

C. CLACS.exe

D. PERM.exe

正確答案: B

說明：（僅 VCESoft 成員可見）

問題2

Which of the following represent weak password? (Select 2 answers)

A. Passwords that contain only letters Exampl QWERTYKLRTY

B. Passwords that contain letters and numbers ExamplE. meerdfget123

C. Passwords that contain letters, special characters, and numbers ExamplE. ap1$%##f@52

D. Passwords that contain only numbers ExamplE. 23698217

E. Passwords that contain only letters and special characters ExamplE. bob@&ba

F. Passwords that contain Uppercase/Lowercase from a dictionary list ExamplE. OrAnGe

G. Passwords that contain only special characters ExamplE. &*#@!(%)

H. Passwords that contain only special characters and numbers ExamplE. 123@$45

正確答案: A,F

問題3

Which Steganography technique uses Whitespace to hide secret messages?

A. beetle

B. snow

C. magnet

D. cat

正確答案: B

問題4

Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals that they are not responses from the internal hosts' requests but simply responses coming from the Internet.
What could be the most likely cause?

A. Someone has spoofed Clive's IP address while doing a smurf attack.

B. Someone has spoofed Clive's IP address while doing a land attack.

C. Someone has spoofed Clive's IP address while doing a DoS attack.

D. Someone has spoofed Clive's IP address while doing a fraggle attack.

正確答案: A

說明：（僅 VCESoft 成員可見）

問題5

You are the security administrator of Jaco Banking Systems located in Boston. You are setting up e-banking website (http://www.ejacobank.com) authentication system. Instead of issuing banking customer with a single password, you give them a printed list of 100 unique passwords. Each time the customer needs to log into the e-banking system website, the customer enters the next password on the list. If someone sees them type the password using shoulder surfing, MiTM or keyloggers, then no damage is done because the password will not be accepted a second time. Once the list of 100 passwords is almost finished, the system automatically sends out a new password list by encrypted e-mail to the customer.
You are confident that this security implementation will protect the customer from password abuse.
Two months later, a group of hackers called "HackJihad" found a way to access the onetime password list issued to customers of Jaco Banking Systems. The hackers set up a fake website (http://www.e-jacobank.com) and used phishing attacks to direct ignorant customers to it. The fake website asked users for their e-banking username and password, and the next unused entry from their one-time password sheet. The hackers collected 200 customer's username/passwords this way. They transferred money from the customer's bank account to various offshore accounts.
Your decision of password policy implementation has cost the bank with USD 925, 000 to hackers. You immediately shut down the e-banking website while figuring out the next best security solution
What effective security solution will you recommend in this case?

A. Configure your firewall to block logon attempts of more than three wrong tries

B. Enable a complex password policy of 20 characters and ask the user to change the password immediately after they logon and do not store password histories

C. Implement RSA SecureID based authentication system

D. Implement Biometrics based password authentication system. Record the customers face image to the authentication database

正確答案: C

問題6

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input fielD.
IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox("Vulnerable");>"
When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".
Which web applications vulnerability did the analyst discover?

A. SQL injection

B. Command injection

C. Cross-site request forgery

D. Cross-site scripting

正確答案: D

問題7

Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet. He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Bret is determined to weed out vulnerabilities.
What are some of the common vulnerabilities in web applications that he should be concerned about?

A. No SSL configured, anonymous user account set as default, missing latest security patch, no firewall filters set and an inattentive system administrator are just a few common vulnerabilities

B. Non-validated parameters, broken access control, broken account and session management, cross-site scripting and buffer overflows are just a few common vulnerabilities

C. Visible clear text passwords, anonymous user account set as default, missing latest security patch, no firewall filters set and no SSL configured are just a few common vulnerabilities

D. No IDS configured, anonymous user account set as default, missing latest security patch, no firewall filters set and visible clear text passwords are just a few common vulnerabilities

正確答案: B

問題8

What ICMP message types are used by the ping command?

A. Ping request (1) and Ping reply (2)

B. Timestamp request (13) and timestamp reply (14)

C. Echo request (8) and Echo reply (0)

D. Echo request (0) and Echo reply (1)

正確答案: C

說明：（僅 VCESoft 成員可見）

問題9

Which type of security document is written with specific step-by-step details?

A. Policy

B. Paradigm

C. Process

D. Procedure

正確答案: D

問題10

Which cipher encrypts the plain text digit (bit or byte) one by one?

A. Stream cipher

B. Block cipher

C. Classical cipher

D. Modern cipher

正確答案: A

問題11

Pandora is used to attack __________ network operating systems.

A. Windows

B. Netware

C. UNIX

D. Linux

E. MAC OS

正確答案: B

說明：（僅 VCESoft 成員可見）

問題12

What is Cygwin?

A. Cygwin is a free Unix subsystem that runs on top of Windows

B. Cygwin is a X Windows GUI subsytem that runs on top of Linux GNOME environment

C. Cygwin is a free C++ compiler that runs on Windows

D. Cygwin is a free Windows subsystem that runs on top of Linux

正確答案: A

說明：（僅 VCESoft 成員可見）

問題13

Bob has been hired to perform a penetration test on XYZ.com. He begins by looking at IP address ranges owned by the company and details of domain name registration. He then goes to News Groups and financial web sites to see if they are leaking any sensitive information of have any technical details online.
Within the context of penetration testing methodology, what phase is Bob involved with?

A. Attack phase

B. Passive information gathering

C. Vulnerability Mapping

D. Active information gathering

正確答案: B

說明：（僅 VCESoft 成員可見）

最新的GAQM Certified Ethical Hacker (CEH) - CEH-001免費考試真題

最新更新

站內鏈接

聯系我們