Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CPEH-001

GAQM CPEH-001 Exam
Certified Professional Ethical Hacker (CPEH) Exam (Page 16 )

Updated On: 1-Feb-2026
Page 16 of 177
PDF with 878 Questions

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters.

With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

  1. Online Attack
  2. Dictionary Attack
  3. Brute Force Attack
  4. Hybrid Attack

Answer(s): D

Explanation:

A dictionary attack will not work as strong passwords are enforced, also the minimum length of 8 characters in the password makes a brute force attack time consuming. A hybrid attack where you take a word from a dictionary and exchange a number of letters with numbers and special characters will probably be the fastest way to crack the passwords.



An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -l -p 1234 < secretfile
Machine B: netcat 192.168.3.4 > 1234
He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?

  1. Machine A: netcat -l -p -s password 1234 < testfile
    Machine B: netcat <machine A IP> 1234
  2. Machine A: netcat -l -e magickey -p 1234 < testfile
    Machine B: netcat <machine A IP> 1234
  3. Machine A: netcat -l -p 1234 < testfile -pw password
    Machine B: netcat <machine A IP> 1234 -pw password
  4. Use cryptcat instead of netcat

Answer(s): D

Explanation:

Netcat cannot encrypt the file transfer itself but would need to use a third party application to encrypt/decrypt like openssl. Cryptcat is the standard netcat enhanced with twofish encryption.



What is GINA?

  1. Gateway Interface Network Application
  2. GUI Installed Network Application CLASS
  3. Global Internet National Authority (G-USA)
  4. Graphical Identification and Authentication DLL

Answer(s): D

Explanation:

In computing, GINA refers to the graphical identification and authentication library, a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services.



Fingerprinting an Operating System helps a cracker because:

  1. It defines exactly what software you have installed
  2. It opens a security-delayed window based on the port being scanned
  3. It doesn't depend on the patches that have been applied to fix existing security holes
  4. It informs the cracker of which vulnerabilities he may be able to exploit on your system

Answer(s): D

Explanation:

When a cracker knows what OS and Services you use he also knows which exploits might work on your system. If he would have to try all possible exploits for all possible Operating Systems and Services it would take too long time and the possibility of being detected increases.



In the context of Windows Security, what is a 'null' user?

  1. A user that has no skills
  2. An account that has been suspended by the admin
  3. A pseudo account that has no username and password
  4. A pseudo account that was created for security administration purpose

Answer(s): C

Explanation:

NULL sessions take advantage of "features" in the SMB (Server Message Block) protocol that exist primarily for trust relationships. You can establish a NULL session with a Windows host by logging on with a NULL user name and password. Using these NULL connections allows you to gather the following information from the host:
* List of users and groups
* List of machines
* List of shares
* Users and host SID' (Security Identifiers)
NULL sessions exist in windows networking to allow:
* Trusted domains to enumerate resources
* Computers outside the domain to authenticate and enumerate users
* The SYSTEM account to authenticate and enumerate resources NetBIOS NULL sessions are enabled by default in Windows NT and 2000. Windows XP and 2003 will allow anonymous enumeration of shares, but not SAM accounts.



Viewing page 16 of 177
Viewing questions 76 - 80 out of 878 questions



Post your Comments and Discuss GAQM CPEH-001 exam prep with other Community members:

Join the CPEH-001 Discussion