CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CEH-001

Free CEH-001 Exam Braindumps (page: 19)

Page 18 of 220
PDF with 878 Questions

XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities.

  1. Option A
  2. Option B
  3. Option C
  4. Option D

Answer(s): D



Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict, and frustrated with their job, office politics, and lack of respect or promotion. Disgruntled employees may pass company secrets and intellectual property to competitors for monitory benefits.
Here are some of the symptoms of a disgruntled employee:

a). Frequently leaves work early, arrive late or call in sick
b). Spends time surfing the Internet or on the phone
c). Responds in a confrontational, angry, or overly aggressive way to simple requests or comments
d). Always negative; finds fault with everything

These disgruntled employees are the biggest threat to enterprise security. How do you deal with these threats? (Select 2 answers)

  1. Limit access to the applications they can run on their desktop computers and enforce strict work hour rules
  2. By implementing Virtualization technology from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security to various employees
  3. Organizations must ensure that their corporate data is centrally managed and delivered to users just and when needed
  4. Limit Internet access, e-mail communications, access to social networking sites and job hunting portals

Answer(s): B,C



Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This malware uses social engineering to lure users into infected websites with a technique called Search Engine Optimization.
Once the Fake AV is downloaded into the user's computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats.
The Fake AntiVirus will continue to send these annoying and intrusive alerts until a payment is made.


What is the risk of installing Fake AntiVirus?

  1. Victim's Operating System versions, services running and applications installed will be published on Blogs and Forums
  2. Victim's personally identifiable information such as billing address and credit card details, may be extracted and exploited by the attacker
  3. Once infected, the computer will be unable to boot and the Trojan will attempt to format the hard disk
  4. Denial of Service attack will be launched against the infected computer crashing other machines on the connected network

Answer(s): B



How would you describe an attack where an attacker attempts to deliver the payload over multiple packets over long periods of time with the purpose of defeating simple pattern matching in IDS systems without session reconstruction? A characteristic of this attack would be a continuous stream of small packets.

  1. Session Hijacking
  2. Session Stealing
  3. Session Splicing
  4. Session Fragmentation

Answer(s): C






Post your Comments and Discuss GAQM CEH-001 exam with other Community members:

CEH-001 Discussions & Posts