312-50v10無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)」

質問 1

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

（A）Tailgating

（B）Social engineering

（C）Man trap

（D）Shoulder surfing

正解：A 解答を投票する

質問 2

A security engineer is attempting to map a company's internal network. The engineer enters in the following NMAP command:
NMAP -n -sS -P0 -p 80 ***.***.**.**
What type of scan is this?

（A）Quick scan

（B）Intense scan

（C）Comprehensive scan

（D）Stealth scan

正解：D 解答を投票する

質問 3

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

（A）To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

（B）To perform a DoS

（C）To determine who is the holder of the root account

（D）To test for virus protection

（E）To create needless SPAM

正解：A 解答を投票する

質問 4

Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?

（A）Security

（B）Scalability

（C）Key distribution

（D）Speed

正解：D 解答を投票する

質問 5

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

（A）Input validation flaw

（B）0-day vulnerability

（C）Time-to-check to time-to-use flaw

（D）HTTP header injection vulnerability

正解：B 解答を投票する

質問 6

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:

Which exploit is indicated by this script?

（A）A SQL injection exploit

（B）A buffer overflow exploit

（C）A chained exploit

（D）A denial of service exploit

正解：C 解答を投票する

質問 7

Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

（A）Passive

（B）Reactive

（C）Intuitive

（D）Detective

正解：A 解答を投票する

質問 8

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it.
What should you do?

（A）Delete the email and pretend nothing happened

（B）Forward the message to your company's security response team and permanently delete the message from your computer.

（C）Reply to the sender and ask them for more information about the message contents.

（D）Forward the message to your supervisor and ask for her opinion on how to handle the situation

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)

（A）BA810DBA98995F1817306D272A9441BB

（B）E52CAC67419A9A224A3B108F3FA6CB6D

（C）0182BD0BD4444BF836077A718CCDF409

（D）B757BF5C0D87772FAAD3B435B51404EE

（E）44EFCE164AB921CQAAD3B435B51404EE

（F）CEC52EB9C8E3455DC2265B23734E0DAC

正解：D、E 解答を投票する

質問 10

Which of the following is a client-server tool utilized to evade firewall inspection?

（A）nikto

（B）kismet

（C）tcp-over-dns

（D）hping

正解：C 解答を投票する

質問 11

What is the approximate cost of replacement and recovery operation per year of a hard drive that has a value of $300 given that the technician who charges $10/hr would need 10 hours to restore OS and Software and needs further 4 hours to restore the database from the last backup to the new hard disk? Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

（A）$440

（B）$1320

（C）$146

（D）$100

正解：C 解答を投票する

質問 12

A new wireless client that is 802.11 compliant cannot connect to a wireless network given that the client can see the network and it has compatible hardware and software installed. Upon further tests and investigation, it was found out that the Wireless Access Point (WAP) was not responding to the association requests being sent by the wireless client. What MOST likely is the issue on this scenario?

（A）The WAP does not recognize the client's MAC address.

（B）The wireless client is not configured to use DHCP.

（C）The client cannot see the SSID of the wireless network

（D）Client is configured for the wrong channel

正解：A 解答を投票する

質問 13

Which of the following items of a computer system will an anti-virus program scan for viruses?

（A）Deleted Files

（B）Password Protected Files

（C）Windows Process List

（D）Boot Sector

正解：D 解答を投票する

質問 14

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

（A）Error-based SQL injection

（B）Union-based SQL injection

（C）Blind SQL injection

（D）NoSQL injection

正解：C 解答を投票する

312-50v10 無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)」

弊社を連絡する

関連リンク

トップ試験