GAQM CPEH-001 Certified Professional Ethical Hacker (CPEH) Online Training
GAQM CPEH-001 Online Training
The questions for CPEH-001 were last updated at Nov 19,2024.
- Exam Code: CPEH-001
- Exam Name: Certified Professional Ethical Hacker (CPEH)
- Certification Provider: GAQM
- Latest update: Nov 19,2024
The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance.
Which of the following requirements would best fit under the objective, "Implement strong access control measures"?
- A . Regularly test security systems and processes.
- B . Encrypt transmission of cardholder data across open, public networks.
- C . Assign a unique ID to each person with computer access.
- D . Use and regularly update anti-virus software on all systems commonly affected by malware.
Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company’s email server based on analysis of a suspicious connection from the email server to an unknown IP Address.
What is the first thing that Nedved needs to do before contacting the incident response team?
- A . Leave it as it Is and contact the incident response te3m right away
- B . Block the connection to the suspicious IP Address from the firewall
- C . Disconnect the email server from the network
- D . Migrate the connection to the backup email server
Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails or other social media accounts, and etc.
After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons.
Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?
- A . Warning to those who write password on a post it note and put it on his/her desk
- B . Developing a strict information security policy
- C . Information security awareness training
- D . Conducting a one to one discussion with the other employees about the importance of information security
A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department.
Using Wire shark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?
- A . tcp.port != 21
- B . tcp.port = 23
- C . tcp.port ==21
- D . tcp.port ==21 || tcp.port ==22
DHCP snooping is a great solution to prevent rogue DHCP servers on your network.
Which security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks?
- A . Port security
- B . A Layer 2 Attack Prevention Protocol (LAPP)
- C . Dynamic ARP inspection (DAI)
- D . Spanning tree
Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious Java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical Java script.
What is the name of this technique to hide the code and extend analysis time?
- A . Encryption
- B . Code encoding
- C . Obfuscation
- D . Steganography
What does the -oX flag do in an Nmap scan?
- A . Perform an express scan
- B . Output the results in truncated format to the screen
- C . Perform an Xmas scan
- D . Output the results in XML format to a file
Company XYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of Company XYZ. The employee of Company XYZ is aware of your test.
Your email message looks like this:
From: [email protected]
To: [email protected]
Subject: Test message
Date: 4/3/2017 14:37
The employee of Company XYZ receives your email message.
This proves that Company XYZ’s email gateway doesn’t prevent what?
- A . Email Phishing
- B . Email Masquerading
- C . Email Spoofing
- D . Email Harvesting
Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it’s true positive or false positive.
Looking at the logs he copy and paste basic details like below:
source IP: 192.168.21.100
source port: 80
destination IP: 192.168.10.23
destination port: 63221
What is the most proper answer?
- A . This is most probably true negative.
- B . This is most probably true positive which triggered on secure communication between client and server.
- C . This is most probably false-positive, because an alert triggered on reversed traffic.
- D . This is most probably false-positive because IDS is monitoring one direction traffic.
Darius is analysing IDS logs. During the investigation, he noticed that there was nothing suspicious found and an alert was triggered on normal web application traffic.
He can mark this alert as:
- A . False-Negative
- B . False-Positive
- C . True-Positive
- D . False-Signature
Latest CPEH-001 Dumps Valid Version with 736 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
