GAQM CPEH-001 Exam Practice Test Instant Access

Question 1

Vulnerability mapping occurs after which phase of a penetration test?

AHost scanning

BPassive information gathering

CAnalysis of host scanning

DNetwork level discovery

Answer : C

The order should be Passive information gathering, Network level discovery, Host scanning and Analysis of host scanning.

Question 2

You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address. What can be inferred from this output?

AAn application proxy firewall

BA stateful inspection firewall

CA host based IDS

DA Honeypot

Answer : B

Question 3

What is the tool Firewalk used for?

ATo test the IDS for proper operation

BTo test a firewall for proper operation

CTo determine what rules are in place for a firewall

DTo test the webserver configuration

EFirewalk is a firewall auto configuration tool

Answer : C

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device 'firewall' will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway host does not allow the traffic, it will likely drop the packets and no response will be returned.

Question 4

What is a primary advantage a hacker gains by using encryption or programs such as Loki?

AIt allows an easy way to gain administrator rights

BIt is effective against Windows computers

CIt slows down the effective response of an IDS

DIDS systems are unable to decrypt it

ETraffic will not be modified in transit

Answer : D

Because the traffic is encrypted, an IDS cannot understand it or evaluate the payload.

Question 5

Which of the following are potential attacks on cryptography? (Select 3)

AOne-Time-Pad Attack

BChosen-Ciphertext Attack

CMan-in-the-Middle Attack

DKnown-Ciphertext Attack

EReplay Attack

Answer : B, C, E

A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst chooses a ciphertext and causes it to be decrypted with an unknown key. Specific forms of this attack are sometimes termed 'lunchtime' or 'midnight' attacks, referring to a scenario in which an attacker gains access to an unattended decryption machine. In cryptography, a man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).

Question 6

You perform the above traceroute and notice that hops 19 and 20 both show the same IP address.

This probably indicates what?

AA host based IDS

BA Honeypot

CA stateful inspection firewall

DAn application proxying firewall

Answer : C

Question 7

ETHER: Destination address : 0000BA5EBA11 ETHER: Source address :

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application?

ACreate a SYN flood

BCreate a network tunnel

CCreate multiple false positives

DCreate a ping flood

Answer : B

Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted.

GAQM CPEH-001 Certified Professional Ethical Hacker (CPEH) Exam Practice Test