Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Certified Ethical Hacker (CEH)

Last Update 19 hours ago Total Questions : 878

The Certified Ethical Hacker (CEH) content is now fully updated, with all current exam questions added 19 hours ago. Deciding to include CEH-001 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our CEH-001 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these CEH-001 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Certified Ethical Hacker (CEH) practice test comfortably within the allotted time.

Question # 221

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

A.

Hping

B.

Traceroute

C.

TCP ping

D.

Broadcast ping

Question # 222

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

A.

Regulatory compliance

B.

Peer review

C.

Change management

D.

Penetration testing

Question # 223

A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator classify this situation?

A.

True negatives

B.

False negatives

C.

True positives

D.

False positives

Question # 224

An attacker has been successfully modifying the purchase price of items purchased on the company ' s web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?

A.

By using SQL injection

B.

By changing hidden form values

C.

By using cross site scripting

D.

By utilizing a buffer overflow attack

Question # 225

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

A.

Multiple keys for non-repudiation of bulk data

B.

Different keys on both ends of the transport medium

C.

Bulk encryption for data transmission over fiber

D.

The same key on each end of the transmission medium

Question # 226

One advantage of an application-level firewall is the ability to

A.

filter packets at the network level.

B.

filter specific commands, such as http:post.

C.

retain state information for each packet.

D.

monitor tcp handshaking.

Question # 227

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

A.

Harvesting

B.

Windowing

C.

Hardening

D.

Stealthing

Question # 228

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?

A.

The request to the web server is not visible to the administrator of the vulnerable application.

B.

The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

C.

The successful attack does not show an error message to the administrator of the affected application.

D.

The vulnerable application does not display errors with information about the injection results to the attacker.

Question # 229

How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?

A.

Defeating the scanner from detecting any code change at the kernel

B.

Replacing patch system calls with its own version that hides the rootkit (attacker ' s) actions

C.

Performing common services for the application process and replacing real applications with fake ones

D.

Attaching itself to the master boot record in a hard drive and changing the machine ' s boot sequence/options

Question # 230

How can rainbow tables be defeated?

A.

Password salting

B.

Use of non-dictionary words

C.

All uppercase character passwords

D.

Lockout accounts under brute force password cracking attempts

Question # 231

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Question # 232

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for?

Select the best answers.

A.

SNMPUtil

B.

SNScan

C.

SNMPScan

D.

Solarwinds IP Network Browser

E.

NMap

Question # 233

Samantha was hired to perform an internal security test of XYZ. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing.

Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two)

A.

Ethernet Zapping

B.

MAC Flooding

C.

Sniffing in promiscuous mode

D.

ARP Spoofing

Question # 234

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

A.

137 and 139

B.

137 and 443

C.

139 and 443

D.

139 and 445

Question # 235

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

A.

Hardware, Software, and Sniffing.

B.

Hardware and Software Keyloggers.

C.

Passwords are always best obtained using Hardware key loggers.

D.

Software only, they are the most effective.

Question # 236

A zone file consists of which of the following Resource Records (RRs)?

A.

DNS, NS, AXFR, and MX records

B.

DNS, NS, PTR, and MX records

C.

SOA, NS, AXFR, and MX records

D.

SOA, NS, A, and MX records

Question # 237

Which definition among those given below best describes a covert channel?

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure.

Question # 238

Which of the following display filters will you enable in Ethereal to view the three-way handshake for a connection from host 192.168.0.1?

A.

ip == 192.168.0.1 and tcp.syn

B.

ip.addr = 192.168.0.1 and syn = 1

C.

ip.addr==192.168.0.1 and tcp.flags.syn

D.

ip.equals 192.168.0.1 and syn.equals on

Question # 239

_____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.

A.

Canonicalization

B.

Character Mapping

C.

Character Encoding

D.

UCS transformation formats

Question # 240

Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He enters the following at the command prompt.

$ nc -l -p 1026 -u -v

In response, he sees the following message.

cell(?(c)????STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.

Windows has found 47 Critical Errors.

To fix the errors please do the following:

1. Download Registry Repair from: www.reg-patch.com

2. Install Registry Repair

3. Run Registry Repair

4. Reboot your computer

FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!

What would you infer from this alert?

A.

The machine is redirecting traffic to www.reg-patch.com using adware

B.

It is a genuine fault of windows registry and the registry needs to be backed up

C.

An attacker has compromised the machine and backdoored ports 1026 and 1027

D.

It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities

Go to page:
CEH-001 PDF + Testing Engine
220-1201 pdf + testing engine
$154.49
$46.35 
220-1201 pdf + testing engine
  • Last Update: May 2, 2026
  • 878 Questions and Answers
  • Single Choice: 804 Q&A's
  • Multiple Choice: 74 Q&A's
 Add to Cart    View Detail

Related GAQM Certification Exams

GAQM ISO-CLA-22
GAQM ISO-QMS-13485
GAQM ISO-41001-CLA
GAQM ISO27019LA
GAQM ISO-21500-CLPM
GAQM ISO-19770-CLA
GAQM ISO17025-010
GAQM ISO-27017-CLA
GAQM ISO-17020-CLA
GAQM ISO-LCSM-001
GAQM ISO-45001-CLA
GAQM ISO22CLA

New Release

AI-901 Exam Questions
App-Development-with-Swift-Certified-User Exam Questions
CAIPM Exam Questions
CPCM Exam Questions
RCA Exam Questions
I27001F Exam Questions
FlashArray-Storage-Professional Exam Questions
API-SIEE Exam Questions
Workday-Pro-Time-Tracking Exam Questions
ZTCA Exam Questions
Accounting-for-Decision-Makers Exam Questions
TPAD01 Exam Questions
CPHIMS Exam Questions
Archer-Expert Exam Questions
C-KPIP Exam Questions