CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CPEH-001

Free CPEH-001 Exam Braindumps (page: 6)

Page 5 of 220
PDF with 878 Questions

More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically hides the true nature of the shellcode in different disguises. How does a polymorphic shellcode work?

  1. They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode
  2. They convert the shellcode into Unicode, using loader to convert back to machine code then executing them
  3. They reverse the working instructions into opposite order by masking the IDS signatures
  4. They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode

Answer(s): A



SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. The signature of attack for SYN Flood contains:

  1. The source and destination address having the same value
  2. A large number of SYN packets appearing on a network without the corresponding reply packets
  3. The source and destination port numbers having the same value
  4. A large number of SYN packets appearing on a network with the corresponding reply packets

Answer(s): B



Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network?

  1. Port Scanning
  2. Single Scanning
  3. External Scanning
  4. Vulnerability Scanning

Answer(s): D



The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:



The user is prompted to enter the name of a city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:
SELECT * FROM OrdersTable WHERE ShipCity = 'Chicago'

How will you delete the OrdersTable from the database using SQL Injection?

  1. Chicago'; drop table OrdersTable --
  2. Delete table'blah'; OrdersTable --
  3. EXEC; SELECT * OrdersTable > DROP --
  4. cmdshell'; 'del c:\sql\mydb\OrdersTable' //

Answer(s): A






Post your Comments and Discuss GAQM CPEH-001 exam with other Community members:

CPEH-001 Discussions & Posts