New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Information Systems Security Changed CPEH-001 Questions

Page: 21 / 28
Total 736 questions

Certified Professional Ethical Hacker (CPEH) Questions and Answers

Question 81

Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?

Options:

A.

Command Injection Attacks

B.

File Injection Attack

C.

Cross-Site Request Forgery (CSRF)

D.

Hidden Field Manipulation Attack

Question 82

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.

After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

Options:

A.

Botnet Attack

B.

Spear Phishing Attack

C.

Advanced Persistent Threats

D.

Rootkit Attack

Question 83

Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

Options:

A.

Time Keeper

B.

NTP

C.

PPP

D.

OSPP

Question 84

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

Options:

A.

SQL injection attack

B.

Cross-Site Scripting (XSS)

C.

LDAP Injection attack

D.

Cross-Site Request Forgery (CSRF)

Page: 21 / 28
Total 736 questions