GAQM CPEH-001 Exam Practice Test Instant Access

Question 1

There are two types of honeypots- high and low interaction. Which of these describes a low interaction honeypot? Select the best answers.

AEmulators of vulnerable programs

BMore likely to be penetrated

CEasier to deploy and maintain

DTend to be used for production

EMore detectable

FTend to be used for research
Explanations:
A low interaction honeypot would have emulators of vulnerable programs, not the real programs.
A high interaction honeypot is more likely to be penetrated as it is running the real program and is more vulnerable than an emulator.
Low interaction honeypots are easier to deploy and maintain. Usually you would just use a program that is already available for download and install it. Hackers don't usually crash or destroy these types of programs and it would require little maintenance.
A low interaction honeypot tends to be used for production.
Low interaction honeypots are more detectable because you are using emulators of the real programs. Many hackers will see this and realize that they are in a honeypot.
A low interaction honeypot tends to be used for production. A high interaction honeypot tends to be used for research.

Answer : A, C, D, E

Question 2

An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be seen by your IDS, as it may take action to stop him. What tool might he use to bypass the IDS?

Select the best answer.

AFirewalk

BManhunt

CFragrouter

DFragids
Explanations:
Firewalking is a way to disguise a portscan. Thus, firewalking is not a tool, but a method of conducting a port scan in which it can be hidden from some firewalls. Synamtec Man-Hunt is an IDS, not a tool to evade an IDS.
Fragrouter is a tool that can take IP traffic and fragment it into multiple pieces. There is a legitimate reason that fragmentation is done, but it is also a technique that can help an attacker to evade detection while Fragids is a made-up tool and does not exist.

Answer : C

Question 3

What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System?

AEncryption of agent communications will conceal the presence of the agents

BThe monitor will know if counterfeit messages are being generated because they will not be encrypted

CAlerts are sent to the monitor when a potential intrusion is detected

DAn intruder could intercept and delete data or alerts and the intrusion can go undetected

Answer : B

Question 4

Study the following exploit code taken from a Linux machine and answer the questions below:

echo ''ingreslock stream tcp nowait root /bin/sh sh --I" > /tmp/x;

/usr/sbin/inetd --s /tmp/x;

sleep 10;

/bin/ rm --f /tmp/x AAAA...AAA

In the above exploit code, the command ''/bin/sh sh --I" is given.

What is the purpose, and why is 'sh' shown twice?

AThe command /bin/sh sh --i appearing in the exploit code is actually part of an inetd configuration file.

BThe length of such a buffer overflow exploit makes it prohibitive for user to enter manually.
The second 'sh' automates this function.

CIt checks for the presence of a codeword (setting the environment variable) among the environment variables.

DIt is a giveaway by the attacker that he is a script kiddy.

Answer : A

Question 5

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server. They notice that there is an excessive number of fgets() and gets() on the source code. These C++ functions do not check bounds.What kind of attack is this program susceptible to?

ABuffer of Overflow

BDenial of Service

CShatter Attack

DPassword Attack

Answer : A

Please Wait...

GAQM CPEH-001 Certified Professional Ethical Hacker (CPEH) Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5

Please Wait...

Popular Vendors

GAQM CPEH-001 Certified Professional Ethical Hacker (CPEH) Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5