Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CEH-001

GAQM CEH-001 Exam Questions
Certified Ethical Hacker (CEH) (Page 34 )

Updated On: 24-Feb-2026
Page 34 of 177
PDF with 878 Questions

A digital signature is simply a message that is encrypted with the public key instead of the private key.

  1. true
  2. false

Answer(s): B



Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response?

  1. These ports are open because they do not illicit a response.
  2. He can tell that these ports are in stealth mode.
  3. If a port does not respond to an XMAS scan using NMAP, that port is closed.
  4. The scan was not performed correctly using NMAP since all ports, no matter what their state, will illicit some sort of response from an XMAS scan.

Answer(s): A



In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR.
These flags have decimal numbers assigned to them:

FIN = 1
SYN = 2
RST = 4
PSH = 8
ACK = 16
URG = 32
ECE = 64
CWR =128

Example: To calculate SYN/ACK flag decimal value, add 2 (which is the decimal value of
the SYN flag) to 16 (which is the decimal value of the ACK flag), so the result would be 18.
Based on the above calculation, what is the decimal value for XMAS scan?

  1. 23
  2. 24
  3. 41
  4. 64

Answer(s): C



A simple compiler technique used by programmers is to add a terminator 'canary word' containing four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are terminated. If the canary word has been altered when the function returns, and the program responds by emitting an intruder alert into syslog, and then halts what does it indicate?

  1. A buffer overflow attack has been attempted
  2. A buffer overflow attack has already occurred
  3. A firewall has been breached and this is logged
  4. An intrusion detection system has been triggered
  5. The system has crashed

Answer(s): A



This is an example of whois record.



Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers)

  1. Search engines like Google, Bing will expose information listed on the WHOIS record
  2. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record
  3. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record
  4. IRS Agents will use this information to track individuals using the WHOIS record information

Answer(s): B,C






Post your Comments and Discuss GAQM CEH-001 exam dumps with other Community members:

Join the CEH-001 Discussion