Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CPEH-001

GAQM CPEH-001 Exam
Certified Professional Ethical Hacker (CPEH) Exam (Page 8 )

Updated On: 1-Feb-2026
Page 8 of 177
PDF with 878 Questions

Because UDP is a connectionless protocol: (Select 2)

  1. UDP recvfrom() and write() scanning will yield reliable results
  2. It can only be used for Connect scans
  3. It can only be used for SYN scans
  4. There is no guarantee that the UDP packets will arrive at their destination
  5. ICMP port unreachable messages may not be returned successfully

Answer(s): D,E

Explanation:

Neither UDP packets, nor the ICMP errors are guaranteed to arrive, so UDP scanners must also implement retransmission of packets that appear to be lost (or you will get a bunch of false positives).



What ICMP message types are used by the ping command?

  1. Timestamp request (13) and timestamp reply (14)
  2. Echo request (8) and Echo reply (0)
  3. Echo request (0) and Echo reply (1)
  4. Ping request (1) and Ping reply (2)

Answer(s): B

Explanation:

ICMP Type 0 = Echo Reply, ICMP Type 8 = Echo



Which of the following systems would not respond correctly to an nmap XMAS scan?

  1. Windows 2000 Server running IIS 5
  2. Any Solaris version running SAMBA Server
  3. Any version of IRIX
  4. RedHat Linux 8.0 running Apache Web Server

Answer(s): A

Explanation:

When running a XMAS Scan, if a RST packet is received, the port is considered closed, while no response means it is open|filtered. The big downside is that not all systems follow RFC 793 to the letter. A number of systems send RST responses to the probes regardless of whether the port is open or not. This causes all of the ports to be labeled closed. Major operating systems that do this are Microsoft Windows, many Cisco devices, BSDI, and IBM OS/400.



Use the traceroute results shown above to answer the following Question:



The perimeter security at targetcorp.com does not permit ICMP TTL-expired packets out.

  1. True
  2. False

Answer(s): A

Explanation:

As seen in the exhibit there is 2 registrations with timeout, this tells us that the firewall filters packets where the TTL has reached 0, when you continue with higher starting values for TTL you will get an answer from the target of the traceroute.



While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:



Remote operating system guess: Too many signatures match to reliably guess the OS. Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds

What should be your next step to identify the OS?

  1. Perform a firewalk with that system as the target IP
  2. Perform a tcp traceroute to the system using port 53
  3. Run an nmap scan with the -v-v option to give a better output
  4. Connect to the active services and review the banner information

Answer(s): D

Explanation:

Most people don't care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.



Viewing page 8 of 177
Viewing questions 36 - 40 out of 878 questions



Post your Comments and Discuss GAQM CPEH-001 exam prep with other Community members:

Join the CPEH-001 Discussion