GAQM CPEH-001 Exam Practice Test Instant Access

Question 1

StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use _____ defense against buffer overflow attacks.

ACanary

BHex editing

CFormat checking

DNon-executing stack

Answer : A

Canaries or canary words are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, it will clobber the canary, making the overflow evident. This is a reference to the historic practice of using canaries in coal mines, since they would be affected by toxic gases earlier than the miners, thus providing a biological warning system.

Question 2

ETHER: Destination address : 0000BA5EBA11 ETHER: Source address :

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application?

ACreate a SYN flood

BCreate a network tunnel

CCreate multiple false positives

DCreate a ping flood

Answer : B

Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted.

Question 3

To scan a host downstream from a security gateway, Firewalking:

ASends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets

BUses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway

CSends an ICMP ''administratively prohibited'' packet to determine if the gateway will drop the packet without comment.

DAssesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway

Answer : B

Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker's host to a destination host through a packet-filtering device. This technique can be used to map 'open' or 'pass through' ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway.

Question 4

Which of the following is not an effective countermeasure against replay attacks?

ADigital signatures

BTime Stamps

CSystem identification

DSequence numbers

Answer : C

A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Effective countermeasures should be anything that makes it hard to delay or replay the packet (time stamps and sequence numbers) or anything that prove the package is received as it was sent from the original sender (digital signature)

Question 5

You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:

ASending a mail message to a valid address on the target network, and examining the header information generated by the IMAP servers

BExamining the SMTP header information generated by using the --mx command parameter of DIG

CExamining the SMTP header information generated in response to an e-mail message sent to an invalid address

DSending a mail message to an invalid address on the target network, and examining the header information generated by the POP servers

Answer : C

Question 6

What type of attack changes its signature and/or payload to avoid detection by antivirus programs?

APolymorphic

BRootkit

CBoot sector

DFile infecting

Answer : A

In computer terminology, polymorphic code is code that mutates while keeping the original algorithm intact. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence.

Question 7

If you come across a sheepdip machaine at your client site, what would you infer?

AA sheepdip computer is used only for virus checking.

BA sheepdip computer is another name for honeypop.

CA sheepdip coordinates several honeypots.

DA sheepdip computer defers a denial of service attack.

Answer : A

Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.

GAQM CPEH-001 Certified Professional Ethical Hacker (CPEH) Exam Practice Test