CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CEH-001

Free CEH-001 Exam Braindumps (page: 16)

Page 15 of 220
PDF with 878 Questions

Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is invalid on the server. Why do you think this is possible?

  1. It works because encryption is performed at the application layer (single encryption key)
  2. The scenario is invalid as a secure cookie cannot be replayed
  3. It works because encryption is performed at the network layer (layer 1 encryption)
  4. Any cookie can be replayed irrespective of the session status

Answer(s): A



This attack technique is used when a Web application is vulnerable to an SQL Injection but the results of the Injection are not visible to the attacker.

  1. Unique SQL Injection
  2. Blind SQL Injection
  3. Generic SQL Injection
  4. Double SQL Injection

Answer(s): B



A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service.
Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus.

Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments.
Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail.
How do you ensure if the e-mail is authentic and sent from fedex.com?

  1. Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all
  2. Check the Sender ID against the National Spam Database (NSD)
  3. Fake mail will have spelling/grammatical errors
  4. Fake mail uses extensive images, animation and flash content

Answer(s): A



What file system vulnerability does the following command take advantage of?
type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

  1. HFS
  2. Backdoor access
  3. XFS
  4. ADS

Answer(s): D






Post your Comments and Discuss GAQM CEH-001 exam with other Community members:

CEH-001 Discussions & Posts