Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CPEH-001

GAQM CPEH-001 Exam
Certified Professional Ethical Hacker (CPEH) Exam (Page 4 )

Updated On: 1-Feb-2026
Page 4 of 177
PDF with 878 Questions

Why would an attacker want to perform a scan on port 137?

  1. To discover proxy servers on a network
  2. To disrupt the NetBIOS SMB service on the target host
  3. To check for file and print sharing on Windows systems
  4. To discover information about a target host using NBTSTAT

Answer(s): D

Explanation:

Microsoft encapsulates netbios information within TCP/Ip using ports 135-139.It is trivial for an attacker to issue the following command:
nbtstat -A (your Ip address)
From their windows machine and collect information about your windows machine (if you are not blocking traffic to port 137 at your borders).



Which Type of scan sends a packets with no flags set? Select the Answer

  1. Open Scan
  2. Null Scan
  3. Xmas Scan
  4. Half-Open Scan

Answer(s): B

Explanation:

The types of port connections supported are:
· TCP Full Connect. This mode makes a full connection to the target's TCP ports and can save any data or banners returned from the target. This mode is the most accurate for determining TCP services, but it is also easily recognized by Intrusion Detection Systems (IDS). · UDP ICMP Port Unreachable Connect. This mode sends a short UDP packet to the target's UDP ports and looks for an ICMP Port Unreachable message in return. The absence of that message indicates either the port is used, or the target does not return the ICMP message which can lead to false positives. It can save any data or banners returned from the target. This mode is also easily recognized by IDS.
· TCP Full/UDP ICMP Combined. This mode combines the previous two modes into one operation. · TCP SYN Half Open. (Windows XP/2000 only) This mode sends out a SYN packet to the target port and listens for the appropriate response. Open ports respond with a SYN|ACK and closed ports respond with ACK|RST or RST. This mode is less likely to be noted by IDS, but since the connection is never fully completed, it cannot gather data or banner information. However, the attacker has full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the SYN packet. · TCP Other. (Windows XP/2000 only) This mode sends out a TCP packet with any combination of the SYN, FIN, ACK, RST, PSH, URG flags set to the target port and listens for the response. Again, the attacker can have full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the custom TCP packet. The Analyze feature helps with analyzing the response based on the flag settings chosen. Each operating system responds differently to these special combinations. The tool includes presets for XMAS, NULL, FIN and ACK flag settings.



Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test.
While conducting a port scan she notices open ports in the range of 135 to 139.
What protocol is most likely to be listening on those ports?

  1. Finger
  2. FTP
  3. Samba
  4. SMB

Answer(s): D

Explanation:

The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.



SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts.
Which of the following features makes this possible? (Choose two)

  1. It used TCP as the underlying protocol.
  2. It uses community string that is transmitted in clear text.
  3. It is susceptible to sniffing.
  4. It is used by all network devices on the market.

Answer(s): B,D

Explanation:

Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are roughly 'READ' and 'WRITE' (or PUBLIC and PRIVATE). If an attacker is able to guess a PUBLIC community string, they would be able to read SNMP data (depending on which MIBs are installed) from the remote device. This information might include system time, IP addresses, interfaces, processes running, etc. Version 1 of SNMP has been criticized for its poor security. Authentication of clients is performed only by a "community string", in effect a type of password, which is transmitted in cleartext.



Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.
In this context, what would be the most affective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer)

  1. Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.
  2. Hire more computer security monitoring personnel to monitor computer systems and networks.
  3. Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.
  4. Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Answer(s): A

Explanation:

Bridging the gap would consist of educating the white hats and the black hats equally so that their knowledge is relatively the same. Using books, articles, the internet, and professional training seminars is a way of completing this goal.



Viewing page 4 of 177
Viewing questions 16 - 20 out of 878 questions



Post your Comments and Discuss GAQM CPEH-001 exam prep with other Community members:

Join the CPEH-001 Discussion