GAQM CPEH-001 Exam Practice Test Instant Access

Question 1

You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address. What can be inferred from this output?

AAn application proxy firewall

BA stateful inspection firewall

CA host based IDS

DA Honeypot

Answer : B

Question 2

What is the tool Firewalk used for?

ATo test the IDS for proper operation

BTo test a firewall for proper operation

CTo determine what rules are in place for a firewall

DTo test the webserver configuration

EFirewalk is a firewall auto configuration tool

Answer : C

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device 'firewall' will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway host does not allow the traffic, it will likely drop the packets and no response will be returned.

Question 3

What is a primary advantage a hacker gains by using encryption or programs such as Loki?

AIt allows an easy way to gain administrator rights

BIt is effective against Windows computers

CIt slows down the effective response of an IDS

DIDS systems are unable to decrypt it

ETraffic will not be modified in transit

Answer : D

Because the traffic is encrypted, an IDS cannot understand it or evaluate the payload.

Question 4

Which of the following are potential attacks on cryptography? (Select 3)

AOne-Time-Pad Attack

BChosen-Ciphertext Attack

CMan-in-the-Middle Attack

DKnown-Ciphertext Attack

EReplay Attack

Answer : B, C, E

A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst chooses a ciphertext and causes it to be decrypted with an unknown key. Specific forms of this attack are sometimes termed 'lunchtime' or 'midnight' attacks, referring to a scenario in which an attacker gains access to an unattended decryption machine. In cryptography, a man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).

Question 5

You perform the above traceroute and notice that hops 19 and 20 both show the same IP address.

This probably indicates what?

AA host based IDS

BA Honeypot

CA stateful inspection firewall

DAn application proxying firewall

Answer : C

Question 6

If you come across a sheepdip machine at your client's site, what should you do?

AA sheepdip computer is used only for virus-checking.

BA sheepdip computer is another name for a honeypot

CA sheepdip coordinates several honeypots.

DA sheepdip computers defers a denial of service attack.

Answer : A

Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.

Question 7

What is a sheepdip?

AIt is another name for Honeynet

BIt is a machine used to coordinate honeynets

CIt is the process of checking physical media for virus before they are used in a computer

DNone of the above

Answer : C

GAQM CPEH-001 Certified Professional Ethical Hacker (CPEH) Exam Practice Test