GAQM CPEH-001 Exam Questions - Real Practice Questions for Guaranteed Success

Question 1

Basically, there are two approaches to network intrusion detection: signature detection, and anomaly detection. The signature detection approach utilizes well-known signatures for network traffic to identify potentially malicious traffic. The anomaly detection approach utilizes a previous history of network traffic to search for patterns that are abnormal, which would indicate an intrusion. How can an attacker disguise his buffer overflow attack signature such that there is a greater probability of his attack going undetected by the IDS?

AHe can use a shellcode that will perform a reverse telnet back to his machine

BHe can use a dynamic return address to overwrite the correct value in the target machine computer memory

CHe can chain NOOP instructions into a NOOP 'sled' that advances the processor's instruction pointer to a random place of choice

DHe can use polymorphic shell code-with a tool such as ADMmutate - to change the signature of his exploit as seen by a network IDS

Correct : D

ADMmutate is using a polymorphic technique designed to circumvent certain forms of signature based intrusion detection. All network based remote buffer overflow exploits have similarities in how they function. ADMmutate has the ability to emulate the protocol of the service the attacker is attempting to exploit. The data payload (sometimes referred to as an egg) contains the instructions the attacker wants to execute on the target machine. These eggs are generally interchangeable and can be utilized in many different buffer overflow exploits. ADMmutate uses several techniques to randomize the contents of the egg in any given buffer overflow exploit. This randomization effectively changes the content or 'signature' of the exploit without changing the functionality of the exploit.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AHe can use a shellcode that will perform a reverse telnet back to his machine

BHe can use a dynamic return address to overwrite the correct value in the target machine computer memory

CHe can chain NOOP instructions into a NOOP 'sled' that advances the processor's instruction pointer to a random place of choice

DHe can use polymorphic shell code-with a tool such as ADMmutate - to change the signature of his exploit as seen by a network IDS

0 / 1500

Question 2

John has a proxy server on his network which caches and filters web access. He shuts down all unnecessary ports and services. Additionally, he has installed a firewall (Cisco PIX) that will not allow users to connect to any outbound ports. Jack, a network user has successfully connected to a remote server on port 80 using netcat. He could in turn drop a shell from the remote machine. Assuming an attacker wants to penetrate John's network, which of the following options is he likely to choose?

AUse ClosedVPN

BUse Monkey shell

CUse reverse shell using FTP protocol

DUse HTTPTunnel or Stunnel on port 80 and 443

Correct : D

As long as you allow http or https traffic attacks can be tunneled over those protocols with Stunnel or HTTPTunnel.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AUse ClosedVPN

BUse Monkey shell

CUse reverse shell using FTP protocol

DUse HTTPTunnel or Stunnel on port 80 and 443

0 / 1500

Question 3

A program that defends against a port scanner will attempt to:

ASends back bogus data to the port scanner

BLog a violation and recommend use of security-auditing tools

CLimit access by the scanning system to publicly available ports only

DUpdate a firewall rule in real time to prevent the port scan from being completed

Correct : D

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ASends back bogus data to the port scanner

BLog a violation and recommend use of security-auditing tools

CLimit access by the scanning system to publicly available ports only

DUpdate a firewall rule in real time to prevent the port scan from being completed

0 / 1500

Question 4

Exhibit:

Given the following extract from the snort log on a honeypot, what do you infer from the attack?

AA new port was opened

BA new user id was created

CThe exploit was successful

DThe exploit was not successful

Correct : D

The attacker submits a PASS to the honeypot and receives a login incorrect before disconnecting.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AA new port was opened

BA new user id was created

CThe exploit was successful

DThe exploit was not successful

0 / 1500

Question 5

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) then it was intended to hold.What is the most common cause of buffer overflow in software today?

ABad permissions on files.

BHigh bandwidth and large number of users.

CUsage of non standard programming languages.

DBad quality assurance on software produced.

Correct : D

Technically, a buffer overflow is a problem with the program's internal implementation.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ABad permissions on files.

BHigh bandwidth and large number of users.

CUsage of non standard programming languages.

DBad quality assurance on software produced.

0 / 1500

Master GAQM CPEH-001 Exam with Reliable Practice Questions

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users: