GAQM CPEH-001 Actual Free Exam Questions & Community Discussion

  • Exam Code/Number: CPEH-001
  • Exam Name/Title: GAQM Certified Professional Ethical Hacker (CPEH) Exam
  • Certification Provider: GAQM
  • Corresponding Certification: GAQM Information Systems Security
  • Exam Questions: 876
  • Updated On: Jul 11, 2026
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?
Correct Answer: C Vote an answer
In the following example, which of these is the "exploit"?
Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been automated using basic scripting. Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial websites. Select the best answer.
Correct Answer: A Vote an answer
Choose one of the following pseudo codes to describe this statement:
"If we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any more data."
Correct Answer: A Vote an answer
When Nmap performs a ping sweep, which of the following sets of requests does it send to the target device?
Correct Answer: C Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware?
Correct Answer: A Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
What file system vulnerability does the following command take advantage of?
type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe
Correct Answer: A Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
An attacker is attempting to telnet into a corporation's system in the DMZ. The attacker doesn't want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. What could be the reason?
Correct Answer: B Vote an answer
In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network's speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same. Why does this happen in the VPN over wireless implementation?
Correct Answer: A Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Shayla is an IT security consultant, specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company's network security. No employees for the company, other than the IT director, know about Shayla's work she will be doing. Shayla's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee's access badge and uses it to gain unauthorized access to the Treks Avionics offices. What type of insider threat would Shayla be considered?
Correct Answer: B Vote an answer
0
0
0
10