CPEH-001 Exam Questions

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal? c:\> cmd /c type c:\winnt\repair\sam > c:\har.txt Volume in drive C...

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? Select the best answers.

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

What tool can crack Windows SMB passwords simply by listening to network traffic? Select the best answer.

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enum...

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack i...

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm througho...

Study the snort rule given below: From the options below, choose the exploit against which this rule applies.

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other syste...

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decryp...

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtC...

What is the algorithm used by LM for Windows2000 SAM?

E-mail scams and mail fraud are regulated by which of the following?

Which of the following LM hashes represent a password of less than 8 characters? (Select 2)

Which of the following is the primary objective of a rootkit?

This kind of password cracking method uses word lists in combination with numbers and special characters:

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

When discussing passwords, what is considered a brute force attack?

Which of the following are well know password-cracking programs?(Choose all that apply.

Password cracking programs reverse the hashing process to recover passwords.(True/False.)

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand th...

An attacker runs netcat tool to transfer a secret file between two hosts. Machine A: netcat -l -p 1234 < secretfile Machine B: netcat 192.168.3.4 > 1234 He is worried about informa...

ViruXine.W32 virus hides their presence by changing the underlying executable code. This Virus code mutates while keeping the original algorithm intact, the code changes itself eac...

"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what wi...

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c What is the hexadecimal value of NOP instruction?

In Trojan terminology, what is a covert channel?

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destina...

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for ov...

You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software....

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happ...

Take a look at the following attack on a Web Server using obstructed URL: How would you protect from these attacks?

Which type of sniffing technique is generally referred as MiTM attack?

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch. In MAC flooding attack, a switch is fed with many Ethernet frames,...

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion det...

How does a denial-of-service attack work?

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that co...

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack?

Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobil...

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempti...

To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one...

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send h...

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information beside...