Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CPEH-001

GAQM CPEH-001 Exam
Certified Professional Ethical Hacker (CPEH) Exam (Page 17 )

Updated On: 1-Feb-2026
Page 17 of 177
PDF with 878 Questions

What does the following command in netcat do?
nc -l -u -p55555 < /etc/passwd

  1. logs the incoming connections to /etc/passwd file
  2. loads the /etc/passwd file to the UDP port 55555
  3. grabs the /etc/passwd file when connected to UDP port 55555
  4. deletes the /etc/passwd file when connected to the UDP port 55555

Answer(s): C

Explanation:

-l forces netcat to listen for incoming connections.
-u tells netcat to use UDP instead of TCP
-p 5555 tells netcat to use port 5555
< /etc/passwd tells netcat to grab the /etc/passwd file when connected to.



What hacking attack is challenge/response authentication used to prevent?

  1. Replay attacks
  2. Scanning attacks
  3. Session hijacking attacks
  4. Password cracking attacks

Answer(s): A

Explanation:

A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it. With a challenge/response authentication you ensure that captured packets can't be retransmitted without a new authentication.



What file system vulnerability does the following command take advantage of? type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

  1. HFS
  2. ADS
  3. NTFS
  4. Backdoor access

Answer(s): B

Explanation:

ADS (or Alternate Data Streams) is a "feature" in the NTFS file system that makes it possible to hide information in alternate data streams in existing files. The file can have multiple data streams and the data streams are accessed by filename:stream.



You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption.
What encryption algorithm will you be decrypting?

  1. MD4
  2. DES
  3. SHA
  4. SSL

Answer(s): B

Explanation:

The LM hash is computed as follows.
1. The user's password as an OEM string is converted to uppercase.
2. This password is either null-padded or truncated to 14 bytes.
3. The "fixed-length" password is split into two 7-byte halves.
4. These values are used to create two DES keys, one from each 7-byte half.
5. Each of these keys is used to DES-encrypt the constant ASCII string "KGS!@#$%", resulting in two 8-byte ciphertext values.
6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.



A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.
What do you think is the most likely reason behind this?

  1. There is a NIDS present on that segment.
  2. Kerberos is preventing it.
  3. Windows logons cannot be sniffed.
  4. L0phtcrack only sniffs logons to web servers.

Answer(s): B

Explanation:

In a Windows 2000 network using Kerberos you normally use pre-authentication and the user password never leaves the local machine so it is never exposed to the network so it should not be able to be sniffed.



Viewing page 17 of 177
Viewing questions 81 - 85 out of 878 questions



Post your Comments and Discuss GAQM CPEH-001 exam prep with other Community members:

Join the CPEH-001 Discussion