CPEH-001 Exam Questions

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

Advanced encryption standard is an algorithm used for which of the following?

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encr...

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of whi...

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery ope...

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settin...

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, an...

An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next?

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Which of the following items is unique to the N-tier architecture method of designing software applications?

Which of the following descriptions is true about a static NAT?

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the I...

While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site: <script>alert(" Testing Testing...

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

In the OSI model, where does PPTP encryption take place?

Which of the following is an example of IP spoofing?

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using...

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Co...

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the...

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Which of the following is a characteristic of Public Key Infrastructure (PKI)?

Which security strategy requires using several, varying methods to protect IT systems against attacks?

SOAP services use which technology to format information?

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

How do employers protect assets with security policies pertaining to employee surveillance activities?

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy o...

How can a policy help improve an employee's security awareness?

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design,...

Which of the following guidelines or standards is associated with the credit card industry?

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Which type of security document is written with specific step-by-step details?

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker...

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from f...

Which initial procedure should an ethical hacker perform after being brought into an organization?

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child p...

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash....