CPEH-001 Exam Questions

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppo...

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

Which of these is capable of searching for and locating rogue access points?

A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention c...

Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of th...

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password...

What type of vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may b...

Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?

What is not a PCI compliance recommendation?

The "white box testing" methodology enforces what kind of restriction?

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users...

This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with som...

The following is part of a log file taken from the machine on the network with the IP address of 192.168.0.110: What type of activity has been logged?

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade...

Bob, your senior colleague, has sent you a mail regarding aa deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bob denies that he ha...

What is attempting an injection attack on a web server based on responses to True/False questions called?

The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select...

Which of the following will perform an Xmas scan using NMAP?

Code injection is a form of attack in which a malicious user:

The collection of potentially actionable, overt, and publicly available information is known as

Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

This asymmetry cipher is based on factoring the product of two large prime numbers. What cipher is described above?

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the...

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. W...

In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous...

Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user's browser to send malicious requests they did not intend?

Which is the first step followed by Vulnerability Scanners for scanning a network?

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet- facing services, which OS did it not directly affect?

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

A hacker named Jack is trying to compromise a bank's computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?

What two conditions must a digital signature meet?

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, th...

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming?

Which method of password cracking takes the most time and effort?

Which of the following program infects the system boot sector and the executable files at the same time?

You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult...

An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration...

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

Which of the following provides a security professional with most information about the system's security posture?

What is the most common method to exploit the "Bash Bug" or "ShellShock" vulnerability?

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other mach...

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious code...

An attacker scans a host with the below command. Which three flags are set? #nmap -sX host.domain.com

Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome...

Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?