312-50v10無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)」

質問 1

Which element of Public Key Infrastructure (PKI) verifies the applicant?

（A）Verification authority

（B）Validation authority

（C）Registration authority

（D）Certificate authority

正解：C 解答を投票する

質問 2

What is GINA?

（A）Gateway Interface Network Application

（B）Global Internet National Authority (G-USA)

（C）Graphical Identification and Authentication DLL

（D）GUI Installed Network Application CLASS

正解：C 解答を投票する

質問 3

SOAP services use which technology to format information?

（A）XML

（B）SATA

（C）PCI

（D）ISDN

正解：A 解答を投票する

質問 4

While performing data validation of web content, a security technician is required to restrict malicious input.
Which of the following processes is an efficient way of restricting malicious input?

（A）Validate web content input with scanning tools.

（B）Validate web content input for query strings.

（C）Validate web content input for type, length, and range.

（D）Validate web content input for extraneous queries.

正解：C 解答を投票する

質問 5

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

（A）White-box

（B）Black-box

（C）Announced

（D）Grey-box

正解：D 解答を投票する

質問 6

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

（A）0x60

（B）0x80

（C）0x90

（D）0x70

正解：C 解答を投票する

質問 7

This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described?

（A）Institute of Electrical and Electronics Engineers (IEEE)

（B）Payment Card Industry (PCI)

（C）International Security Industry Organization (ISIO)

（D）Center for Disease Control (CDC)

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?

（A）Disable Key Services

（B）Download and Install Netcat

（C）Disable IPTables

（D）Create User Account

正解：D 解答を投票する

質問 9

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules.
Which of the following types of firewalls can protect against SQL injection attacks?

（A）Stateful firewall

（B）Packet firewall

（C）Data-driven firewall

（D）Web application firewall

正解：D 解答を投票する

質問 10

What is the least important information when you analyze a public IP address in a security alert?

（A）Geolocation

（B）DNS

（C）ARP

（D）Whois

正解：C 解答を投票する

質問 11

Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address.
What is the first thing that Nedved needs to do before contacting the incident response team?

（A）Disconnect the email server from the network

（B）Leave it as it Is and contact the incident response te3m right away

（C）Block the connection to the suspicious IP Address from the firewall

（D）Migrate the connection to the backup email server

正解：A 解答を投票する

質問 12

Which of the following is an NMAP script that could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?

（A）http enum

（B）http-methods

（C）http-headers

（D）http-git

正解：B 解答を投票する

質問 13

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.
What is this document called?

（A）Company Compliance Policy (CCP)

（B）Penetration Testing Policy (PTP)

（C）Information Audit Policy (IAP)

（D）Information Security Policy (ISP)

正解：D 解答を投票する

質問 14

A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

（A）if (billingAddress != 50) {update field} else exit

（B）if (billingAddress >= 50) {update field} else exit

（C）if (billingAddress <= 50) {update field} else exit

（D）if (billingAddress = 50) {update field} else exit

正解：C 解答を投票する

質問 15

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive.
Which of the following is being described?

（A）port forwarding

（B）promiscuous mode

（C）WEM

（D）multi-cast mode

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

Destination unreachable administratively prohibited messages can inform the hacker to what?

（A）That the packets are being malformed by the scanning software

（B）That a circuit level proxy has been installed and is filtering traffic

（C）That his/her scans are being blocked by a honeypot or jail

（D）That the network is functioning normally

（E）That a router or other packet-filtering device is blocking traffic

正解：E 解答を投票する

312-50v10 無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)」

弊社を連絡する

関連リンク

トップ試験