1. Home
  2. GAQM
  3. Information Systems Security
  4. CPEH-001
  5. Certified Professional Ethical Hacker (CPEH) Questions and Answers

Pass the GAQM Information Systems Security CPEH-001 Questions and answers with CertsForce

 GAQM Exams      Go to Exam Detail      Get Premium Access
Viewing page 8 out of 15 pages
Viewing questions 106-120 out of questions
Questions # 106:

Which of these options is the most secure procedure for storing backup tapes?

Options:
A.

In a climate controlled facility offsite

B.

On a different floor in the same building

C.

Inside the data center for faster retrieval in a fireproof safe

D.

In a cool dry environment

Expert Solution
Questions # 107:

The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?

Options:
A.

RST

B.

ACK

C.

SYN-ACK

D.

SYN

Expert Solution
Questions # 108:

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Options:
A.

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

B.

Attempts by attackers to access the user and password information stored in the company's SQL database.

C.

Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

D.

Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

Expert Solution
Questions # 109:

Which of the following Nmap commands will produce the following output?

Output:

Question # 109

Options:
A.

nmap -sN -Ps -T4 192.168.1.1

B.

nmap -sT -sX -Pn -p 1-65535 192.168.1.1

C.

nmap -sS -Pn 192.168.1.1

D.

nmap -sS -sU -Pn -p 1-65535 192.168.1.1

Expert Solution
Questions # 110:

The "black box testing" methodology enforces which kind of restriction?

Options:
A.

Only the external operation of a system is accessible to the tester.

B.

Only the internal operation of a system is known to the tester.

C.

The internal operation of a system is only partly accessible to the tester.

D.

The internal operation of a system is completely known to the tester.

Expert Solution
Questions # 111:

Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

Options:
A.

Validate and escape all information sent to a server

B.

Use security policies and procedures to define and implement proper security settings

C.

Verify access right before allowing access to protected information and UI controls

D.

Use digital certificates to authenticate a server prior to sending data

Expert Solution
Questions # 112:

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Options:
A.

msfpayload

B.

msfcli

C.

msfencode

D.

msfd

Expert Solution
Questions # 113:

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?

Question # 113

Output:

Segmentation fault

Options:
A.

C#

B.

Python

C.

Java

D.

C++

Expert Solution
Questions # 114:

What is the difference between the AES and RSA algorithms?

Options:
A.

Both are asymmetric algorithms, but RSA uses 1024-bit keys.

B.

RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.

C.

Both are symmetric algorithms, but AES uses 256-bit keys.

D.

AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data.

Expert Solution
Questions # 115:

The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

What is the closest approximate cost of this replacement and recovery operation per year?

Options:
A.

$146

B.

$1320

C.

$440

D.

$100

Expert Solution
Questions # 116:

The "gray box testing" methodology enforces what kind of restriction?

Options:
A.

The internal operation of a system is only partly accessible to the tester.

B.

The internal operation of a system is completely known to the tester.

C.

Only the external operation of a system is accessible to the tester.

D.

Only the internal operation of a system is known to the tester.

Expert Solution
Questions # 117:

In order to have an anonymous Internet surf, which of the following is best choice?

Options:
A.

Use SSL sites when entering personal information

B.

Use Tor network with multi-node

C.

Use shared WiFi

D.

Use public VPN

Expert Solution
Questions # 118:

Look at the following output. What did the hacker accomplish?

Question # 118

Options:
A.

The hacker used whois to gather publicly available records for the domain.

B.

The hacker used the "fierce" tool to brute force the list of available domains.

C.

The hacker listed DNS records on his own domain.

D.

The hacker successfully transferred the zone and enumerated the hosts.

Expert Solution
Questions # 119:

Which of the following types of firewalls ensures that the packets are part of the established session?

Options:
A.

Stateful inspection firewall

B.

Circuit-level firewall

C.

Application-level firewall

D.

Switch-level firewall

Expert Solution
Questions # 120:

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

Options:
A.

The document can be sent to the accountant using an exclusive USB for that document.

B.

The CFO can use a hash algorithm in the document once he approved the financial statements.

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.

D.

The CFO can use an excel file with a password.

Expert Solution
Viewing page 8 out of 15 pages
Viewing questions 106-120 out of questions