Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CPEH-001

GAQM CPEH-001 Exam Questions
Certified Professional Ethical Hacker (CPEH) Exam (Page 7 )

Updated On: 12-Apr-2026
Page 7 of 177
PDF with 878 Questions



An attacker finds a web page for a target organization that supplies contact information for the company. Using available details to make the message seem authentic, the attacker drafts e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential information, such as a network administrator. The email asks the employee to log into a bogus page that requests the employee's user name and password or click on a link that will download spyware or other malicious programming. Google's Gmail was hacked using this technique and attackers stole source code and sensitive data from Google servers. This is highly sophisticated attack using zero-day exploit vectors, social engineering and malware websites that focused on targeted individuals working for the company.
What is this deadly attack called?

  1. Spear phishing attack
  2. Trojan server attack
  3. Javelin attack
  4. Social networking attack

Answer(s): A



Vulnerability scanners are automated tools that are used to identify vulnerabilities and misconfigurations of hosts. They also provide information regarding mitigating discovered vulnerabilities.



Which of the following statements is incorrect?

  1. Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned.
  2. Vulnerability scanners can help identify out-of-date software versions, missing patches, or system upgrades
  3. They can validate compliance with or deviations from the organization's security policy
  4. Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention

Answer(s): D



How does traceroute map the route a packet travels from point A to point B?

  1. Uses a TCP timestamp packet that will elicit a time exceeded in transit message
  2. Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message
  3. Uses a protocol that will be rejected by gateways on its way to the destination
  4. Manipulates the flags within packets to force gateways into generating error messages

Answer(s): B

Explanation:

Traceroute works by increasing the "time-to-live" value of each successive batch of packets sent. The first three packets have a time-to-live (TTL) value of one (implying that they make a single hop). The next three packets have a TTL value of 2, and so on.
When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host.
When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination.



How do you defend against DHCP Starvation attack?

  1. Enable ARP-Block on the switch
  2. Enable DHCP snooping on the switch
  3. Configure DHCP-BLOCK to 1 on the switch
  4. Install DHCP filters on the switch to block this attack

Answer(s): B



What type of session hijacking attack is shown in the exhibit?

  1. Cross-site scripting Attack
  2. SQL Injection Attack
  3. Token sniffing Attack
  4. Session Fixation Attack

Answer(s): D



Viewing page 7 of 177
Viewing questions 31 - 35 out of 878 questions



Post your Comments and Discuss GAQM CPEH-001 exam dumps with other Community members:

CPEH-001 Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!