Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Certified Professional Ethical Hacker (CPEH)

Last Update 14 hours ago Total Questions : 736

The Certified Professional Ethical Hacker (CPEH) content is now fully updated, with all current exam questions added 14 hours ago. Deciding to include CPEH-001 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our CPEH-001 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these CPEH-001 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Certified Professional Ethical Hacker (CPEH) practice test comfortably within the allotted time.

Question # 166

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

A.

Threaten to publish the penetration test results if not paid.

B.

Follow proper legal procedures against the company to request payment.

C.

Tell other customers of the financial problems with payments from this company.

D.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Question # 167

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

A.

Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

B.

To get messaging programs to function with this algorithm requires complex configurations.

C.

It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.

D.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Question # 168

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

A.

Regulatory compliance

B.

Peer review

C.

Change management

D.

Penetration testing

Question # 169

An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?

A.

Unplug the network connection on the company’s web server.

B.

Determine the origin of the attack and launch a counterattack.

C.

Record as much information as possible from the attack.

D.

Perform a system restart on the company’s web server.

Question # 170

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network’s IDS?

A.

Timing options to slow the speed that the port scan is conducted

B.

Fingerprinting to identify which operating systems are running on the network

C.

ICMP ping sweep to determine which hosts on the network are not available

D.

Traceroute to control the path of the packets sent during the scan

Question # 171

Which of the following is an example of IP spoofing?

A.

SQL injections

B.

Man-in-the-middle

C.

Cross-site scripting

D.

ARP poisoning

Question # 172

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

A.

Sarbanes-Oxley Act (SOX)

B.

Gramm-Leach-Bliley Act (GLBA)

C.

Fair and Accurate Credit Transactions Act (FACTA)

D.

Federal Information Security Management Act (FISMA)

Question # 173

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?

A.

Key registry

B.

Recovery agent

C.

Directory

D.

Key escrow

Question # 174

Which of the following descriptions is true about a static NAT?

A.

A static NAT uses a many-to-many mapping.

B.

A static NAT uses a one-to-many mapping.

C.

A static NAT uses a many-to-one mapping.

D.

A static NAT uses a one-to-one mapping.

Question # 175

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

A.

They provide a repeatable framework.

B.

Anyone can run the command line scripts.

C.

They are available at low cost.

D.

They are subject to government regulation.

Question # 176

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

A.

Penetration testing

B.

Social engineering

C.

Vulnerability scanning

D.

Access control list reviews

Question # 177

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

A.

Harvesting

B.

Windowing

C.

Hardening

D.

Stealthing

Question # 178

How can a policy help improve an employee ' s security awareness?

A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee ' s vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Question # 179

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place.

What Web browser-based security vulnerability was exploited to compromise the user?

A.

Cross-Site Request Forgery

B.

Cross-Site Scripting

C.

Clickjacking

D.

Web form input validation

Question # 180

In the OSI model, where does PPTP encryption take place?

A.

Transport layer

B.

Application layer

C.

Data link layer

D.

Network layer

Go to page:
CPEH-001 PDF + Testing Engine
220-1201 pdf + testing engine
$154.49
$46.35 
220-1201 pdf + testing engine
  • Last Update: May 12, 2026
  • 736 Questions and Answers
  • Single Choice: 721 Q&A's
  • Multiple Choice: 15 Q&A's
 Add to Cart    View Detail

Related GAQM Certification Exams

GAQM ISO-CLA-22
GAQM ISO-QMS-13485
GAQM ISO-41001-CLA
GAQM ISO27019LA
GAQM ISO-21500-CLPM
GAQM ISO-19770-CLA
GAQM ISO17025-010
GAQM ISO-27017-CLA
GAQM ISO-17020-CLA
GAQM ISO-LCSM-001
GAQM ISO-45001-CLA
GAQM ISO22CLA

New Release

NCP-OUSD Exam Questions
IdentityIQ-Associate Exam Questions
M92 Exam Questions
ISO-IEC-27002-Foundation Exam Questions
NCP-AAI Exam Questions
VNX301 Exam Questions
AI-901 Exam Questions
Als-Con-201 Exam Questions
App-Development-with-Swift-Certified-User Exam Questions
CAIPM Exam Questions
CPCM Exam Questions
RCA Exam Questions
I27001F Exam Questions
FlashArray-Storage-Professional Exam Questions
API-SIEE Exam Questions