GAQM CPEH-001 問題集

質問 1：
When Nmap performs a ping sweep, which of the following sets of requests does it send to the target device?
A. ICMP ECHO_REPLY & TFP RST
B. ICMP ECHO_REQUEST & TCP ACK
C. ICMP ECHO_REQUEST & TCP SYN
D. ICMP ECHO_REPLY & TCP FIN
正解：B
解説: (Topexam メンバーにのみ表示されます)

質問 2：
Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?
A. ARP Proxy
B. Interceptor
C. Poisoning Attack
D. Man-in-the-middle
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 3：
Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This malware uses social engineering to lure users into infected websites with a technique called Search Engine Optimization. Once the Fake AV is downloaded into the user's computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats. The Fake AntiVirus will continue to send these annoying and intrusive alerts until a payment is made.

What is the risk of installing Fake AntiVirus?
A. Victim's personally identifiable information such as billing address and credit card details, may be extracted and exploited by the attacker
B. Once infected, the computer will be unable to boot and the Trojan will attempt to format the hard disk
C. Victim's Operating System versions, services running and applications installed will be published on Blogs and Forums
D. Denial of Service attack will be launched against the infected computer crashing other machines on the connected network
正解：A

質問 4：
In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details.

Ignorant users usually fall prey to this scam. Which of the following statement is incorrect related to this attack?
A. Do not reply to email messages or popup ads asking for personal or financial information
B. Review credit card and bank account statements regularly
C. Do not send credit card numbers, and personal or financial information via e-mail
D. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks
E. Do not trust telephone numbers in e-mails or popup ads
正解：D

質問 5：
Which of the following represent weak password? (Select 2 answers)
A. Passwords that contain only numbers ExamplE. 23698217
B. Passwords that contain only special characters and numbers ExamplE. 123@$45
C. Passwords that contain only letters ExamplE. QWERTYKLRTY
D. Passwords that contain Uppercase/Lowercase from a dictionary list ExamplE. OrAnGe
E. Passwords that contain letters and numbers ExamplE. meerdfget123
F. Passwords that contain letters, special characters, and numbers ExamplE. ap1$%##f@52
G. Passwords that contain only special characters ExamplE. &*#@!(%)
H. Passwords that contain only letters and special characters ExamplE. bob@&ba
正解：C,D

質問 6：
What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
A. Audit, standards based, regulatory
B. Legislative, contractual, standards based
C. Contractual, regulatory, industry
D. Legal, performance, audit
正解：B

質問 7：
Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the "echo" command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill's problem?
A. The HTML file has permissions of read only
B. The system is a honeypot
C. You cannot use a buffer overflow to deface a web page
D. There is a problem with the shell and he needs to run the attack again
正解：A

質問 8：
Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?
A. Injecting arbitrary data
B. Banner grabbing
C. Port scanning
D. Analyzing service response
正解：D

質問 9：
Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose three.)
A. Port Security
B. Network Admission Control (NAC)
C. 802.1q Port Based Authentication
D. IPSec Encryption
E. 802.1x Port Based Authentication
F. Intrusion Detection System (IDS)
正解：A,B,E