GAQM CEH-001 問題集

質問 1：
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?
A. Passive information gathering
B. Active information gathering
C. Vulnerability assessment
D. Information reporting
正解：A

質問 2：
Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response?
A. These ports are open because they do not illicit a response.
B. He can tell that these ports are in stealth mode.
C. If a port does not respond to an XMAS scan using NMAP, that port is closed.
D. The scan was not performed correctly using NMAP since all ports, no matter what their state, will illicit some sort of response from an XMAS scan.
正解：A

質問 3：
NTP allows you to set the clocks on your systems very accurately, to within 100ms and sometimes-even 10ms. Knowing the exact time is extremely important for enterprise security. Various security protocols depend on an accurate source of time information in order to prevent "playback" attacks. These protocols tag their communications with the current time, to prevent attackers from replaying the same communications, e.g., a login/password interaction or even an entire communication, at a later date. One can circumvent this tagging, if the clock can be set back to the time the communication was recorded. An attacker attempts to try corrupting the clocks on devices on your network. You run Wireshark to detect the NTP traffic to see if there are any irregularities on the network. What port number you should enable in Wireshark display filter to view NTP packets?
A. UDP Port 123
B. UDP Port 125
C. TCP Port 124
D. TCP Port 126
正解：A

質問 4：
Which of the following is the best way an attacker can passively learn about technologies used in an organization?
A. By sending web bugs to key personnel
B. By performing a port scan on the organization's web site
C. By searching regional newspapers and job databases for skill sets technology hires need to possess in the organization
D. By webcrawling the organization web site
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 5：
Which of the following examples best represents a logical or technical control?
A. Smoke and fire alarms
B. Corporate security policy
C. Security tokens
D. Heating and air conditioning
正解：C

質問 6：
You are doing IP spoofing while you scan your target. You find that the target has port 23 open. Anyway you are unable to connect. Why?
A. The OS does not reply to telnet even if port 23 is open
B. You cannot spoof + TCP
C. You need an automated telnet tool
D. A firewall is blocking port 23
正解：D
解説: (Topexam メンバーにのみ表示されます)