CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CEH-001

Free CEH-001 Exam Braindumps (page: 61)

Page 60 of 220
PDF with 878 Questions

John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the log files to investigate the attack. Take a look at the following Linux log file snippet. The hacker compromised and "owned" a Linux machine.
What is the hacker trying to accomplish here?

  1. The hacker is attempting to compromise more machines on the network
  2. The hacker is planting a rootkit
  3. The hacker is running a buffer overflow exploit to lock down the system
  4. The hacker is trying to cover his tracks

Answer(s): D



Blake is in charge of securing all 20 of his company's servers. He has enabled hardware and software firewalls, hardened the operating systems, and disabled all unnecessary services on all the servers. Unfortunately, there is proprietary AS400 emulation software that must run on one of the servers that requires the telnet service to function properly. Blake is especially concerned about this since telnet can be a very large security risk in an organization. Blake is concerned about how this particular server might look to an outside attacker so he decides to perform some footprinting, scanning, and penetration tests on the server. Blake telnets into the server using Port 80 and types in the following command:

HEAD / HTTP/1.0

After pressing enter twice, Blake gets the following results: What has Blake just accomplished?

  1. Downloaded a file to his local computer
  2. Submitted a remote command to crash the server
  3. Poisoned the local DNS cache of the server
  4. Grabbed the Operating System banner

Answer(s): D



You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks?

  1. System services
  2. EXEC master access
  3. xp_cmdshell
  4. RDC

Answer(s): C



Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in: http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22 Kevin changes the URL to:
http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22 Kevin is trying to access her email account to see if he can find out any information. What is Kevin attempting here to gain access to Katy's mailbox?

  1. This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access
  2. By changing the mailbox's name in the URL, Kevin is attempting directory transversal
  3. Kevin is trying to utilize query string manipulation to gain access to her email account
  4. He is attempting a path-string attack to gain access to her mailbox

Answer(s): C






Post your Comments and Discuss GAQM CEH-001 exam with other Community members:

CEH-001 Discussions & Posts