Free CEH-001 Exam Braindumps (page: 59)

Page 58 of 220

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

  1. There is no way to completely block tracerouting into this area
  2. Block UDP at the firewall
  3. Block TCP at the firewall
  4. Block ICMP at the firewall

Answer(s): A



Neil is an IT security consultant working on contract for Davidson Avionics. Neil has been hired to audit the network of Davidson Avionics. He has been given permission to perform any tests necessary. Neil has created a fake company ID badge and uniform. Neil waits by one of the company's entrance doors and follows an employee into the office after they use their valid access card to gain entrance. What type of social engineering attack has Neil employed here?

  1. Neil has used a tailgating social engineering attack to gain access to the offices
  2. He has used a piggybacking technique to gain unauthorized access
  3. This type of social engineering attack is called man trapping
  4. Neil is using the technique of reverse social engineering to gain access to the offices of Davidson Avionics

Answer(s): A



After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen, and then opens a second connection from a forged IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP address is used for authentication, then the attacker can use the one-sided communication to break into the server. What attacks can you successfully launch against a server using the above technique?

  1. Denial of Service attacks
  2. Session Hijacking attacks
  3. Web page defacement attacks
  4. IP spoofing attacks

Answer(s): B



Which of the following represent weak password? (Select 2 answers)

  1. Passwords that contain letters, special characters, and numbers Example. ap1$%##f@52
  2. Passwords that contain only numbers Example. 23698217
  3. Passwords that contain only special characters Example. &*#@!(%)
  4. Passwords that contain letters and numbers Example. meerdfget123
  5. Passwords that contain only letters Example. QWERTYKLRTY
  6. Passwords that contain only special characters and numbers Example. 123@$45
  7. Passwords that contain only letters and special characters Example. bob@&ba
  8. Passwords that contain Uppercase/Lowercase from a dictionary list Example. OrAnGe

Answer(s): E,H






Post your Comments and Discuss GAQM CEH-001 exam with other Community members:

CEH-001 Discussions & Posts