CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CEH-001

Free CEH-001 Exam Braindumps (page: 62)

Page 61 of 220
PDF with 878 Questions

A majority of attacks come from insiders, people who have direct access to a company's computer system as part of their job function or a business relationship. Who is considered an insider?

  1. A competitor to the company because they can directly benefit from the publicity generated by making such an attack
  2. Disgruntled employee, customers, suppliers, vendors, business partners, contractors, temps, and consultants
  3. The CEO of the company because he has access to all of the computer systems
  4. A government agency since they know the company's computer system strengths and weaknesses

Answer(s): B



Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:
SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%'
What will the SQL statement accomplish?

  1. If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin
  2. This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com
  3. This Select SQL statement will log James in if there are any users with NULL passwords
  4. James will be able to see if there are any default user accounts in the SQL database

Answer(s): B

Explanation:

This query will search for admin user with blank password with mail address @testers.com



An attacker is attempting to telnet into a corporation's system in the DMZ. The attacker doesn't want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. What could be the reason?

  1. The firewall is blocking port 23 to that system
  2. He needs to use an automated tool to telnet in
  3. He cannot spoof his IP and successfully use TCP
  4. He is attacking an operating system that does not reply to telnet even when open

Answer(s): C



If an attacker's computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response?

  1. 31400
  2. 31402
  3. The zombie will not send a response
  4. 31401

Answer(s): B

Explanation:

31402 is the correct answer.






Post your Comments and Discuss GAQM CEH-001 exam with other Community members:

CEH-001 Discussions & Posts