GAQM CPEH-001 Certified Professional Ethical Hacker (CPEH) Online Training
GAQM CPEH-001 Online Training
The questions for CPEH-001 were last updated at Feb 21,2025.
- Exam Code: CPEH-001
- Exam Name: Certified Professional Ethical Hacker (CPEH)
- Certification Provider: GAQM
- Latest update: Feb 21,2025
Which of the following statements is TRUE?
- A . Sniffers operate on Layer 2 of the OSI model
- B . Sniffers operate on Layer 3 of the OSI model
- C . Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
- D . Sniffers operate on the Layer 1 of the OSI model.
What is the least important information when you analyze a public IP address in a security alert?
- A . ARP
- B . Whois
- C . DNS
- D . Geolocation
You are the Network Admin, and you get a compliant that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.
What may be the problem?
- A . Traffic is Blocked on UDP Port 53
- B . Traffic is Blocked on UDP Port 80
- C . Traffic is Blocked on UDP Port 54
- D . Traffic is Blocked on UDP Port 80
On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service.
What is the name of the process by which you can determine those critical business?
- A . Risk Mitigation
- B . Emergency Plan Response (EPR)
- C . Disaster Recovery Planning (DRP)
- D . Business Impact Analysis (BIA)
Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer’s activity on the site. These tools are located on the servers of the marketing company.
What is the main security risk associated with this scenario?
- A . External script contents could be maliciously modified without the security team knowledge
- B . External scripts have direct access to the company servers and can steal the data from there
- C . There is no risk at all as the marketing services are trustworthy
- D . External scripts increase the outbound company data traffic which leads greater financial losses
Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends “many” IP packets, based on the average number of packets sent by all origins and using some thresholds.
In concept, the solution developed by Bob is actually:
- A . Just a network monitoring tool
- B . A signature-based IDS
- C . A hybrid IDS
- D . A behavior-based IDS
When tuning security alerts, what is the best approach?
- A . Tune to avoid False positives and False Negatives
- B . Rise False positives Rise False Negatives
- C . Decrease the false positives
- D . Decrease False negatives
You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation.
Which of the following is appropriate to analyze?
- A . Event logs on the PC
- B . Internet Firewall/Proxy log
- C . IDS log
- D . Event logs on domain controller
Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?
- A . 123
- B . 161
- C . 69
- D . 113
Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?
- A . Chosen-Cipher text Attack
- B . Ciphertext-only Attack
- C . Timing Attack
- D . Rubber Hose Attack
Latest CPEH-001 Dumps Valid Version with 736 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
