312-50v10無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)」

質問 1

A server has been infected by a certain type of Trojan. The hacker intended to utilize it to send and host junk mails. What type of Trojan did the hacker use?

（A）Banking Trojans

（B）Ransomware Trojans

（C）Botnet Trojan

（D）Turtle Trojans

正解：C 解答を投票する

質問 2

What tool can crack Windows SMB passwords simply by listening to network traffic?

（A）L0phtcrack

（B）Netbus

（C）NTFSDOS

（D）This is not possible

正解：A 解答を投票する

質問 3

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

（A）Use cryptographic storage to store all PII

（B）Use encrypted communications protocols to transmit PII

（C）Use full disk encryption on all hard drives to protect PII

（D）Use a security token to log into all Web applications that use PII

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which of the following descriptions is true about a static NAT?

（A）A static NAT uses a many-to-one mapping.

（B）A static NAT uses a one-to-one mapping.

（C）A static NAT uses a one-to-many mapping.

（D）A static NAT uses a many-to-many mapping.

正解：B 解答を投票する

質問 5

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

（A）Start by foot printing the network and mapping out a plan of attack.

（B）Ask the employer for authorization to perform the work outside the company.

（C）Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

（D）Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

正解：B 解答を投票する

質問 6

How does the Address Resolution Protocol (ARP) work?

（A）It sends a reply packet for a specific IP, asking for the MAC address.

（B）It sends a request packet to all the network elements, asking for the MAC address from a specific IP.

（C）It sends a request packet to all the network elements, asking for the domain name from a specific IP.

（D）It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which of the following is the best countermeasure to encrypting ransomwares?

（A）Pay a ransom

（B）Use multiple antivirus softwares

（C）Analyze the ransomware to get decryption key of encrypted data

（D）Keep some generation of off-line backup

正解：D 解答を投票する

質問 8

Which of the following is a symmetric cryptographic standard?

（A）RSA

（B）3DES

（C）DSA

（D）PKI

正解：B 解答を投票する

質問 9

An attacker has been successfully modifying the purchase price of items purchased on the company's web site.
The security administrators verify the web server and Oracle database have not been compromised directly.
They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?

（A）By changing hidden form values

（B）By using cross site scripting

（C）By using SQL injection

（D）By utilizing a buffer overflow attack

正解：A 解答を投票する

質問 10

While reviewing the result of scanning run against a target network you come across the following:

Which among the following can be used to get this output?

（A）An SNMP walk

（B）A sniffer

（C）nmap protocol scan

（D）A Bo2k system query.

正解：A 解答を投票する

質問 11

Which of the following is a component of a risk assessment?

（A）Administrative safeguards

（B）Physical security

（C）DMZ

（D）Logical interface

正解：A 解答を投票する

質問 12

A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am.
Which of the following programming languages would most likely be used?

（A）ASP.NET

（B）PHP

（C）Python

（D）C#

正解：C 解答を投票する

質問 13

Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?

（A）Wireshark

（B）Metasploit

（C）Cain & Abel

（D）Maltego

正解：D 解答を投票する

質問 14

During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

（A）The tester must use the tool inSSIDer to crack it using the ESSID of the network.

（B）The tester must capture the WPA2 authentication handshake and then crack it.

（C）The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

（D）The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.

正解：B 解答を投票する

質問 15

Within the context of Computer Security, which of the following statements describes Social Engineering best?

（A）Social Engineering is a training program within sociology studies

（B）Social Engineering is the act of publicly disclosing information

（C）Social Engineering is the means put in place by human resource to perform time accounting

（D）Social Engineering is the act of getting needed information from a person rather than breaking into a system

正解：D 解答を投票する

質問 16

While performing ping scans into a target network you get a frantic call from the organization's security team.
They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization's IDS monitor.
How can you modify your scan to prevent triggering this event in the IDS?

（A）Spoof the source IP address.

（B）Scan more slowly.

（C）Do not scan the broadcast IP.

（D）Only scan the Windows systems.

正解：C 解答を投票する

質問 17

Which of the following examples best represents a logical or technical control?

（A）Corporate security policy

（B）Heating and air conditioning

（C）Smoke and fire alarms

（D）Security tokens

正解：D 解答を投票する

質問 18

The chance of a hard drive failure is known to be once every four years. The cost of a new hard drive is $500.
EF (Exposure Factor) is about 0.5. Calculate for the Annualized Loss Expectancy (ALE).

（A）$65.2

（B）$250

（C）$125

（D）$62.5

正解：D 解答を投票する

312-50v10 無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)」

弊社を連絡する

関連リンク

トップ試験