CEH-001 Free Practice Test

- (Topic 5)
A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

1. A. white box
2. B. grey box
3. C. red box
4. D. black box

Correct Answer: D

- (Topic 6)
Exhibit
<>>

1. A. The first column reports the sequence number
2. B. The second column reports the difference between the current and last sequence number
3. C. The second column reports the next sequence number
4. D. The first column reports the difference between current and last sequence number

Correct Answer: AB

- (Topic 4)
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator classify this situation?

1. A. True negatives
2. B. False negatives
3. C. True positives
4. D. False positives

Correct Answer: D

- (Topic 8)
Sally is a network admin for a small company. She was asked to install wireless accesspoints in the building. In looking at the specifications for the access-points, she sees that all of them offer WEP. Which of these are true about WEP?
Select the best answer.

1. A. Stands for Wireless Encryption Protocol
2. B. It makes a WLAN as secure as a LAN
3. C. Stands for Wired Equivalent Privacy
4. D. It offers end to end security

Correct Answer: C
Explanations:
WEP is intended to make a WLAN as secure as a LAN but because a WLAN is not constrained by wired, this makes access much easier. Also, WEP has flaws that make it less secure than was once thought.WEP does not offer end-to-end security. It only attempts to protect the wireless portion of the network.