CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CEH-001

Free CEH-001 Exam Braindumps (page: 64)

Page 63 of 220
PDF with 878 Questions

Which of the following Exclusive OR transforms bits is NOT correct?

  1. 0 xor 0 = 0
  2. 1 xor 0 = 1
  3. 1 xor 1 = 1
  4. 0 xor 1 = 1

Answer(s): C



The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination.
The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.


How would you overcome the Firewall restriction on ICMP ECHO packets?

  1. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
  2. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
  3. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
  4. Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command
  5. \> JOHNTHETRACER www.eccouncil.org -F -evade

Answer(s): A



Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?
alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msG. "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids, 485;) alert

  1. The payload of 485 is what this Snort signature will look for.
  2. Snort will look for 0d0a5b52504c5d3030320d0a in the payload.
  3. Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.
  4. From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.

Answer(s): B



You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?

  1. Convert the Trojan.exe file extension to Trojan.txt disguising as text file
  2. Break the Trojan into multiple smaller files and zip the individual pieces
  3. Change the content of the Trojan using hex editor and modify the checksum
  4. Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1

Answer(s): A






Post your Comments and Discuss GAQM CEH-001 exam with other Community members:

CEH-001 Discussions & Posts