Free Certified Professional Ethical Hacker (CPEH) Exam CPEH-001 Exam Practice Test

What are the three types of compliance that theOpen Source Security Testing Methodology Manual (OSSTMM) recognizes?

• Legal, performance, audit
• Audit, standards based, regulatory
• Contractual, regulatory, industry
• Legislative, contractual, standards based

You are footprinting an organization and gathering competitive intelligence. You visit the company's website for contact information and telephone numbers but do not find them listed there. You know they had the entire staff directory listed on their website 12 months ago but now it is not there. Is there any way you can retrieve information from a website that is outdated?

• Visit Google's search engine and view the cached copy
• Crawl the entire website and store them into your computer
• Visit Archive.org web site to retrieve the Internet archive of the company's website
• Visit the company's partners and customers website for this information

Shayla is an IT security consultant, specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company's network security. No employees for the company, other than the IT director, know about Shayla's work she will be doing. Shayla's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee's access badge and uses it to gain unauthorized access to the Treks Avionics offices. What type of insider threat would Shayla be considered?

• She would be considered an Insider Affiliate
• Because she does not have any legal access herself, Shayla would be considered an Outside Affiliate
• Shayla is an Insider Associate since she has befriended an actual employee
• Since Shayla obtained access with a legitimate company badge; she would be considered a Pure Insider

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

• The packets were sent by a worm spoofing the IP addresses of 47 infected sites
• ICMP ID and Seq numbers were most likely set by a tool and not by the operating system
• All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number
• 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0

What is the broadcast address for the subnet 190.86.168.0/22?

• 190.86.168.255
• 190.86.255.255
• 190.86.171.255
• 190.86.169.255

Cyber Criminals have long employed the tactic of masking their true identity. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine, by 'spoofing' the IP address of that machine. How would you detect IP spoofing?

• Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet
• Probe a SYN Scan on the claimed host and look for a response SYN/FIN packet, if the connection completes then it is a spoofed packet
• Turn on 'Enable Spoofed IP Detection' in Wireshark, you will see a flag tick if the packet is spoofed
• Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet

MX record priority increases as the number increases. (True/False.

• True
• False

Fred is scanning his network to ensure it is as secure as possible. Fred sends a TCP probe packet to a host with a FIN flag and he receives a RST/ACK response. What does this mean?

• This response means the port he is scanning is open.
• The RST/ACK response means the port Fred is scanning is disabled.
• This means the port he is scanning is half open.
• This means that the port he is scanning on the host is closed.

Which of the following describes the characteristics of a Boot Sector Virus?

• Moves the MBR to another location on theRAM and copies itself to the original location of the MBR
• Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
• Modifies directory table entries so that directory entries point to the virus code instead of the actual program
• Overwrites the original MBR and only executes the new virus code

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

• The zombie you are using is not truly idle.
• A stateful inspection firewall is resetting your queries.
• Hping2 cannot be used for idle scanning.
• These ports are actually open on the target system.