Certified Professional Ethical Hacker (CPEH) CPEH-001 Dumps

1. Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted.

What is the name of the command used by SMTP to transmit email over TLS?

2. Developers at your company are creating a web application which will be available for use by anyone on the Internet, the developers have taken the approach of implementing a Three-Tier Architecture for the web application.

The developers are now asking you which network should the Presentation Tier (front- end web server) be placed in?

3. Your business has decided to add credit card numbers to the data it backs up to tape.

Which of the following represents the best practice your business should observe?

4. What is the main security service a cryptographic hash provides?

5. A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

6. What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

7. When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

8. Why containers are less secure that virtual machines?

9. These hackers have limited or no training and know how to use only basic techniques or tools.

What kind of hackers are we talking about?

10. Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail.

What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

11. In the field of cryptanalysis, what is meant by a “rubber-hose" attack?

12. What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

13. Which of the following steps for risk assessment methodology refers to vulnerability identification?

14. Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours.

What protocol used on Linux servers to synchronize the time has stopped working?

15. What is the minimum number of network connections in a multi homed firewall?

16. Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?

The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

17. During the process of encryption and decryption, what keys are shared?

18. You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

19. How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender’s identity?

20. The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it.

What would be a good step to have in the procedures for a situation like this?

21. The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance.

Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

22. Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address.

What is the first thing that Nedved needs to do before contacting the incident response team?

23. Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails or other social media accounts, and etc.

After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons.

Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

24. A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department.

Using Wire shark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

25. DHCP snooping is a great solution to prevent rogue DHCP servers on your network.

Which security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

26. Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious Java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical Java script.

What is the name of this technique to hide the code and extend analysis time?

27. What does the -oX flag do in an Nmap scan?

28. Company XYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of Company XYZ. The employee of Company XYZ is aware of your test.

Your email message looks like this:

From: [email protected]

To: [email protected]

Subject: Test message

Date: 4/3/2017 14:37

The employee of Company XYZ receives your email message.

This proves that Company XYZ's email gateway doesn't prevent what?

29. Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it's true positive or false positive.

Looking at the logs he copy and paste basic details like below:

source IP: 192.168.21.100

source port: 80

destination IP: 192.168.10.23

destination port: 63221

What is the most proper answer?

30. Darius is analysing IDS logs. During the investigation, he noticed that there was nothing suspicious found and an alert was triggered on normal web application traffic.

He can mark this alert as:

31. Trinity needs to scan all hosts on a /16 network for TCP port 445 only.

What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

32. You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.

After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

33. A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes.

Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

34. Which of the below hashing functions are not recommended for use?

35. An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush.

What type of breach has the individual just performed?

36. Which of the following is the best countermeasure to encrypting ransomwares?

37. If an attacker uses the command SELECT*FROM user WHERE name = ‘x’ AND userid IS NULL; --‘; which type of SQL injection attack is the attacker performing?

38. Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

39. Which of the following act requires employer’s standard national numbers to identify them on standard transactions?

40. In Wireshark, the packet bytes panes show the data of the current packet in which format?

41. Which of the following is considered as one of the most reliable forms of TCP scanning?

42. Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

43. What is the purpose of a demilitarized zone on a network?

44. You need to deploy a ned needs to be available on the Internet.

What is the recommended architecture in terms of server placement?

45. The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access to the ftp, and the permitted hosts cannot access the Internet.

According to the next configuration, what is happening in the network?

46. When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network.

Which of the following cannot be performed by the passive network sniffing?

47. Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.

Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

48. What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?

49. From the following table, identify the wrong answer in terms of Range (ft).

50. What would you enter, if you wanted to perform a stealth scan using Nmap?

51. Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door.

In this case, we can say:

52. Which protocol is used for setting up secure channels between two devices, typically in VPNs?

53. Which of the following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with a maximum length of (264-1) bits and resembles the MD5 algorithm?

54. Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?

55. Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

56. You are attempting to run an Nmap port scan on a web server.

Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

57. Code injection is a form of attack in which a malicious user:

58. The collection of potentially actionable, overt, and publicly available information is known as

59. Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

60. Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules.

Which of the following types of firewalls can protect against SQL injection attacks?

61. In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

62. Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?

63. Which is the first step followed by Vulnerability Scanners for scanning a network?

64. Alice encrypts her data using her public key PK and stores the encrypted data in the cloud.

Which of the following attack scenarios will compromise the privacy of her data?

65. A hacker named Jack is trying to compromise a bank’s computer system. He needs to know the operating system of that computer to launch further attacks.

What process would help him?

66. Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.

He identified this when the IDS alerted for malware activities in the network.

What should Bob do to avoid this problem?

67. Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient’s consent, similar to email spamming?

68. Which of the following program infects the system boot sector and the executable files at the same time?

69. You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for.

Which of the below scanning technique will you use?

70. You perform a scan of your company’s network and discover that TCP port 123 is open.

What services by default run on TCP port 123?

71. Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 C 54373 10.249.253.15 C 22 tcp_ip

72. DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.

What command is used to determine if the entry is present in DNS cache?

73. Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

74. Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning.

What should Bob recommend to deal with such a threat?

75. In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

76. Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

77. Which of the following provides a security professional with most information about the system’s security posture?

78. Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.

Which type of virus detection method did Chandler use in this context?

79. An attacker scans a host with the below command.

Which three flags are set? (Choose three.)

#nmap CsX host.domain.com

80. Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

81. An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.

When users accessed any page, the applet ran and exploited many machines.

Which one of the following tools the hacker probably used to inject HTML code?

82. You find that it is a CnC communication.

Which of the following solution will you suggest?

83. Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy.

What is the main theme of the sub-policies for Information Technologies?

84. Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

85. Why should the security analyst disable/remove unnecessary ISAPI filters?

86. If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?

87. Which of the following statements is TRUE?

88. What is the least important information when you analyze a public IP address in a security alert?

89. You are the Network Admin, and you get a compliant that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

90. On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service.

What is the name of the process by which you can determine those critical business?

91. Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer’s activity on the site. These tools are located on the servers of the marketing company.

What is the main security risk associated with this scenario?

92. Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends “many” IP packets, based on the average number of packets sent by all origins and using some thresholds.

In concept, the solution developed by Bob is actually:

93. When tuning security alerts, what is the best approach?

94. You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation.

Which of the following is appropriate to analyze?

95. Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

96. Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?