Question No. 1

A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system.

The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today's end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software. What is Rogue security software?

AA flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites

BA Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software.

CRogue security software is based on social engineering technique in which the attackers lures victim to visit spear phishing websites

DThis software disables firewalls and establishes reverse connecting tunnel between the victim's machine and that of the attacker

Show Answer

Correct Answer: B

Question No. 2

You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state. What should be the next logical step that should be performed?

AConnect to open ports to discover applications.

BPerform a ping sweep to identify any additional systems that might be up.

CPerform a SYN scan on port 21 to identify any additional systems that might be up.

DRescan every computer to verify the results.

Show Answer

Correct Answer: C

As ICMP is blocked you'll have trouble determining which computers are up and running by using a ping sweep. As all the 23 computers that you had discovered earlier had port 21 closed, probably any additional, previously unknown, systems will also have port 21 closed. By running a SYN scan on port 21 over the target network you might get replies from additional systems.

Question No. 3

Choose one of the following pseudo codes to describe this statement:

"If we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any more data."

AIf (I > 200) then exit (1)

BIf (I < 200) then exit (1)

CIf (I <= 200) then exit (1)

DIf (I >= 200) then exit (1)

Show Answer

Correct Answer: D

Question No. 4

How would you describe an attack where an attacker attempts to deliver the payload over multiple packets over long periods of time with the purpose of defeating simple pattern matching in IDS systems without session reconstruction? A characteristic of this attack would be a continuous stream of small packets.

ASession Hijacking

BSession Stealing

CSession Splicing

DSession Fragmentation

Show Answer

Correct Answer: C

Question No. 5

_________ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at.

AMandatory Access Control

BAuthorized Access Control

CRole-based Access Control

DDiscretionary Access Control

Show Answer

Correct Answer: A

In computer security, mandatory access control (MAC) is a kind of access control, defined by the TCSEC as 'a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity.'

Free GAQM CEH-001 Exam Actual Questions

The questions for CEH-001 were last updated On Nov 21, 2024