312-50v10無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)」

質問 1

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

（A）Fair and Accurate Credit Transactions Act (FACTA)

（B）Sarbanes-Oxley Act (SOX)

（C）Federal Information Security Management Act (FISMA)

（D）Gramm-Leach-Bliley Act (GLBA)

正解：B 解答を投票する

質問 2

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

（A）Announced

（B）Tailgating

（C）Reverse Social Engineering

（D）Piggybacking

正解：B 解答を投票する

質問 3

A security engineer is attempting to map a company's internal network. The engineer enters in the following NMAP command:
NMAP -n -sS -P0 -p 80 ***.***.**.**
What type of scan is this?

（A）Quick scan

（B）Intense scan

（C）Comprehensive scan

（D）Stealth scan

正解：D 解答を投票する

質問 4

What port number is used by LDAP protocol?

（A）464

（B）389

（C）445

（D）110

正解：B 解答を投票する

質問 5

What is the proper response for a NULL scan if the port is closed?

（A）FIN

（B）RST

（C）SYN

（D）ACK

（E）PSH

（F）No response

正解：B 解答を投票する

質問 6

Which of these is capable of searching for and locating rogue access points?

（A）WIPS

（B）HIDS

（C）NIDS

（D）WISS

正解：A 解答を投票する

質問 7

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

（A）nmap -A --host-timeout 99-T1

（B）nmap -A - Pn

（C）nmap -sP -p-65535-T5

（D）nmap -sT -O -T0

正解：D 解答を投票する

質問 8

What is the benefit of performing an unannounced Penetration Testing?

（A）It is best to catch critical infrastructure unpatched.

（B）The tester will have an actual security posture visibility of the target network.

（C）Network security would be in a "best state" posture.

（D）The tester could not provide an honest analysis.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

While performing data validation of web content, a security technician is required to restrict malicious input.
Which of the following processes is an efficient way of restricting malicious input?

（A）Validate web content input with scanning tools.

（B）Validate web content input for query strings.

（C）Validate web content input for type, length, and range.

（D）Validate web content input for extraneous queries.

正解：C 解答を投票する

質問 10

Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?

（A）Wireshark

（B）Metasploit

（C）Cain & Abel

（D）Maltego

正解：D 解答を投票する

質問 11

What hacking attack is challenge/response authentication used to prevent?

（A）Replay attacks

（B）Password cracking attacks

（C）Session hijacking attacks

（D）Scanning attacks

正解：A 解答を投票する

質問 12

What is the least important information when you analyze a public IP address in a security alert?

（A）Geolocation

（B）DNS

（C）ARP

（D）Whois

正解：C 解答を投票する

質問 13

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company.
The phishing message will often use the name of the company CEO, president, or managers. The time a hacker spends performing research to locate this information about a company is known as?

（A）Enumeration

（B）Reconnaissance

（C）Exploration

（D）Investigation

正解：B 解答を投票する

質問 14

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

（A）Create a route statement in the meterpreter.

（B）Issue the pivot exploit and set the meterpreter.

（C）Set the payload to propagate through the meterpreter.

（D）Reconfigure the network settings in the meterpreter.

正解：A 解答を投票する

質問 15

What tool can crack Windows SMB passwords simply by listening to network traffic?

（A）L0phtcrack

（B）Netbus

（C）NTFSDOS

（D）This is not possible

正解：A 解答を投票する

質問 16

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

（A）WebGoat

（B）WebScarab

（C）WebBugs

（D）VULN_HTML

正解：A 解答を投票する

質問 17

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

（A）To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

（B）To perform a DoS

（C）To determine who is the holder of the root account

（D）To test for virus protection

（E）To create needless SPAM

正解：A 解答を投票する

質問 18

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?

（A）Forensic attack

（B）Scanning attack

（C）ARP spoofing attack

（D）Social engineering attack

正解：D 解答を投票する

質問 19

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?

（A）Common Criteria

（B）ISO 26029

（C）Blue Book

（D）The Wassenaar Agreement

正解：A 解答を投票する

312-50v10 無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)」

弊社を連絡する

関連リンク

トップ試験