GAQM CPEH-001 問題集

質問 1：
Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack. What should Peter do to prevent a smurf attack?
Select the best answer.
A. Make sure all anti-virus protection is updated on all systems
B. He should disable unicast on all routers
C. Disable multicast on the router
D. Make sure his router won't take a directed broadcast
Explanations:
Unicasts are one-to-one IP transmissions, by disabling this he would disable most network transmissions but still not prevent the smurf attack. Turning of multicast or fragmentation on the router has nothing to do with Peter's concerns as a smurf attack uses broadcast, not multicast and has nothing to do with fragmentation. Anti-virus protection will not help prevent a smurf attack. A smurf attack is a broadcast from a spoofed source. If directed broadcasts are enabled on the destination all the computers at the destination will respond to the spoofed source, which is really the victim. Disabling directed broadcasts on a router can prevent the attack.
E. Turn off fragmentation on his router
正解：D

質問 2：
Exhibit

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.). Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal? What is odd about this attack? Choose the best answer.
A. This is back orifice activity as the scan comes form port 31337.
B. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
C. These packets were crafted by a tool, they were not created by a standard IP stack.
D. The attacker wants to avoid creating a sub-carries connection that is not normally valid.
正解：A
解説: (Topexam メンバーにのみ表示されます)

質問 3：
Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response?
A. These ports are open because they do not illicit a response.
B. He can tell that these ports are in stealth mode.
C. If a port does not respond to an XMAS scan using NMAP, that port is closed.
D. The scan was not performed correctly using NMAP since all ports, no matter what their state, will illicit some sort of response from an XMAS scan.
正解：A

質問 4：
WPA2 uses AES for wireless data encryption at which of the following encryption levels?
A. 128 bit and TKIP
B. 128 bit and CCMP
C. 64 bit and CCMP
D. 128 bit and CRC
正解：B

質問 5：
Which of the following business challenges could be solved by using a vulnerability scanner?
A. There is an emergency need to remove administrator access from multiple machines for an employee that quit.
B. A web server was compromised and management needs to know if any further systems were compromised.
C. Auditors want to discover if all systems are following a standard naming convention.
D. There is a monthly requirement to test corporate compliance with host application usage and security policies.
正解：D

質問 6：
Bryan notices the error on the web page and asks Liza to enter liza' or '1'='1 in the email field. They are greeted with a message "Your login information has been mailed to [email protected]". What do you think has occurred?
A. The server error has caused the application to malfunction
B. The web application picked up a record at random
C. The web application emailed the administrator about the error
D. The web application returned the first record it found
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 7：
Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on?
A. A denial of service attack
B. A sniffing attack
C. A man in the middle attack
D. A spoofing attack
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 8：
SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts. Which of the following features makes this possible? (Choose two)
A. It is susceptible to sniffing.
B. It is used by all network devices on the market.
C. It used TCP as the underlying protocol.
D. It uses community string that is transmitted in clear text.
正解：B,D
解説: (Topexam メンバーにのみ表示されます)

質問 9：
Cyber Criminals have long employed the tactic of masking their true identity. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine, by "spoofing" the IP address of that machine. How would you detect IP spoofing?
A. Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet
B. Turn on 'Enable Spoofed IP Detection' in Wireshark, you will see a flag tick if the packet is spoofed
C. Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet
D. Probe a SYN Scan on the claimed host and look for a response SYN/FIN packet, if the connection completes then it is a spoofed packet
正解：A