Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Certified Professional Ethical Hacker (CPEH)

Last Update 3 hours ago Total Questions : 736

The Certified Professional Ethical Hacker (CPEH) content is now fully updated, with all current exam questions added 3 hours ago. Deciding to include CPEH-001 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our CPEH-001 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these CPEH-001 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Certified Professional Ethical Hacker (CPEH) practice test comfortably within the allotted time.

Question # 151

This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.

Which of the following organizations is being described?

A.

Payment Card Industry (PCI)

B.

Center for Disease Control (CDC)

C.

Institute of Electrical and Electronics Engineers (IEEE)

D.

International Security Industry Organization (ISIO)

Question # 152

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual ' s property or company ' s asset.

Question # 153

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

A.

At least once a year and after any significant upgrade or modification

B.

At least once every three years or after any significant upgrade or modification

C.

At least twice a year or after any significant upgrade or modification

D.

At least once every two years and after any significant upgrade or modification

Question # 154

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

A.

The key entered is a symmetric key used to encrypt the wireless data.

B.

The key entered is a hash that is used to prove the integrity of the wireless data.

C.

The key entered is based on the Diffie-Hellman method.

D.

The key is an RSA key used to encrypt the wireless data.

Question # 155

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

A.

WebBugs

B.

WebGoat

C.

VULN_HTML

D.

WebScarab

Question # 156

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

A.

SHA-1

B.

MD5

C.

HAVAL

D.

MD4

Question # 157

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

A.

SDLC process

B.

Honey pot

C.

SQL injection

D.

Trap door

Question # 158

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

A.

RC4

B.

RC5

C.

MD4

D.

MD5

Question # 159

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

A.

guidelines and practices for security controls.

B.

financial soundness and business viability metrics.

C.

standard best practice for configuration management.

D.

contract agreement writing standards.

Question # 160

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker ' s next step be before starting work on this job?

A.

Start by foot printing the network and mapping out a plan of attack.

B.

Ask the employer for authorization to perform the work outside the company.

C.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

D.

Use social engineering techniques on the friend ' s employees to help identify areas that may be susceptible to attack.

Question # 161

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

A.

An extensible security framework named COBIT

B.

A list of flaws and how to fix them

C.

Web application patches

D.

A security certification for hardened web applications

Question # 162

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

A.

Timing attack

B.

Replay attack

C.

Memory trade-off attack

D.

Chosen plain-text attack

Question # 163

Advanced encryption standard is an algorithm used for which of the following?

A.

Data integrity

B.

Key discovery

C.

Bulk data encryption

D.

Key recovery

Question # 164

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

A.

Ignore the problem completely and let someone else deal with it.

B.

Create a document that will crash the computer when opened and send it to friends.

C.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

D.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Question # 165

While testing the company ' s web applications, a tester attempts to insert the following test script into the search area on the company ' s web site:

< script > alert( " Testing Testing Testing " ) < /script >

Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: " Testing Testing Testing " . Which vulnerability has been detected in the web application?

A.

Buffer overflow

B.

Cross-site request forgery

C.

Distributed denial of service

D.

Cross-site scripting

Go to page:
CPEH-001 PDF + Testing Engine
220-1201 pdf + testing engine
$149.97
$44.99 
220-1201 pdf + testing engine
  • Last Update: May 24, 2026
  • 736 Questions and Answers
  • Single Choice: 721 Q&A's
  • Multiple Choice: 15 Q&A's
 View Packages

Related GAQM Certification Exams

GAQM ISO-CLA-22
GAQM ISO-QMS-13485
GAQM ISO-41001-CLA
GAQM ISO27019LA
GAQM ISO-21500-CLPM
GAQM ISO-19770-CLA
GAQM ISO17025-010
GAQM ISO-27017-CLA
GAQM ISO-17020-CLA
GAQM ISO-LCSM-001
GAQM ISO-45001-CLA
GAQM ISO22CLA

New Release

Category-Manager Exam Questions
Drupal-Site-Builder Exam Questions
NCP-OUSD Exam Questions
IdentityIQ-Associate Exam Questions
M92 Exam Questions
ISO-IEC-27002-Foundation Exam Questions
NCP-AAI Exam Questions
VNX301 Exam Questions
AI-901 Exam Questions
Als-Con-201 Exam Questions
App-Development-with-Swift-Certified-User Exam Questions
CAIPM Exam Questions
CPCM Exam Questions
RCA Exam Questions
I27001F Exam Questions