시험덤프
매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
  / CEH-001 덤프  / CEH-001 문제 연습

EC-Council CEH-001 시험

Certified Ethical Hacker (CEH) 온라인 연습

최종 업데이트 시간: 2024년11월08일

당신은 온라인 연습 문제를 통해 EC-Council CEH-001 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.

시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 CEH-001 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 878개의 시험 문제와 답을 포함하십시오.

 / 6

Question No : 1


How do you defend against ARP Spoofing? Select three.

정답:
Explanation:
ARPwall is used in protecting against ARP spoofing. Incorrect answer:
IDS option may works fine in case of monitoring the traffic from outside the network but not from internal hosts.

Question No : 2


Which of the following tool would be considered as Signature Integrity Verifier (SIV)?

정답:

Question No : 3


Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter.
What is the best way to undermine the social engineering activity of tailgating?

정답:

Question No : 4


Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database.
What technique does Jimmy use to compromise a database?

정답:

Question No : 5


Google uses a unique cookie for each browser used by an individual user on a computer. This cookie contains information that allows Google to identify records about that user on its database. This cookie is submitted every time a user launches a Google search, visits a site using AdSense etc.
The information stored in Google's database, identified by the cookie, includes
✑ Everything you search for using Google
✑ Every web page you visit that has Google Adsense ads
How would you prevent Google from storing your search keywords?

정답:

Question No : 6


Stephanie works as a records clerk in a large office building in downtown Chicago. On Monday, she went to a mandatory security awareness class (Security5) put on by her company's IT department. During the class, the IT department informed all employees that everyone's Internet activity was thenceforth going to be monitored.
Stephanie is worried that her Internet activity might give her supervisor reason to write her up, or worse get her fired. Stephanie's daily work duties only consume about four hours of her time, so she usually spends the rest of the day surfing the web. Stephanie really enjoys surfing the Internet but definitely does not want to get fired for it.
What should Stephanie use so that she does not get in trouble for surfing the Internet?

정답:

Question No : 7


Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs:



From the above list identify the user account with System Administrator privileges?

정답:

Question No : 8


Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict, and frustrated with their job, office politics, and lack of respect or promotion. Disgruntled employees may pass company secrets and intellectual property to competitors for monitory benefits.
Here are some of the symptoms of a disgruntled employee:
a) Frequently leaves work early, arrive late or call in sick
b) Spends time surfing the Internet or on the phone
c) Responds in a confrontational, angry, or overly aggressive way to simple requests or comments
d) Always negative; finds fault with everything
These disgruntled employees are the biggest threat to enterprise security.
How do you deal with these threats? (Select 2 answers)

정답:

Question No : 9


You want to hide a secret.txt document inside c:\windows\system32\tcpip.dll kernel library using ADS streams.
How will you accomplish this?

정답:

Question No : 10


Dan is conducting penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID.
Why do you think Dan might not be able to get an interactive session?

정답:

Question No : 11


Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet. He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Bret is determined to weed out vulnerabilities.
What are some of the common vulnerabilities in web applications that he should be concerned about?

정답:

Question No : 12


Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This malware uses social engineering to lure users into infected websites with a technique called Search Engine Optimization.
Once the Fake AV is downloaded into the user's computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats.
The Fake AntiVirus will continue to send these annoying and intrusive alerts until a payment is made.



What is the risk of installing Fake AntiVirus?

정답:

Question No : 13


More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers?it basically hides the true nature of the shellcode in different disguises.
How does a polymorphic shellcode work?

정답:

Question No : 14


Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is invalid on the server.
Why do you think this is possible?

정답:

Question No : 15


This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive task for IDS to reassemble all fragments itself, and on a busy system the packet will slip through the IDS onto the network.
What is this technique called?

정답:

 / 6
EC-Council