312-50v10無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)」

質問 1

What type of vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?

（A）Cross-site request forgery

（B）Cross-site scripting

（C）Session hijacking

（D）Server side request forgery

正解：A 解答を投票する

質問 2

An attacker runs netcat tool to transfer a secret file between two hosts.

He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt the information before transmitting onto the wire?

（A）Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234

（B）Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password

（C）Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234

（D）Use cryptcat instead of netcat

正解：D 解答を投票する

質問 3

Which type of scan is used on the eye to measure the layer of blood vessels?

（A）Facial recognition scan

（B）Iris scan

（C）Retinal scan

（D）Signature kinetics scan

正解：C 解答を投票する

質問 4

Which of the following is a preventive control?

（A）Continuity of operations plan

（B）Security policy

（C）Smart card authentication

（D）Audit trail

正解：C 解答を投票する

質問 5

Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

（A）Internet Key Exchange (IKE)

（B）IPsec driver

（C）Oakley

（D）IPsec Policy Agent

正解：A 解答を投票する

質問 6

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

（A）Data Execution Prevention (DEP)

（B）Address Space Layout Randomization (ASLR)

（C）User Access Control (UAC)

（D）Windows firewall

正解：A 解答を投票する

質問 7

Fingerprinting VPN firewalls is possible with which of the following tools?

（A）Arp-scan

（B）Nikto

（C）Angry IP

（D）Ike-scan

正解：D 解答を投票する

質問 8

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

（A）Certificate cryptography

（B）Certificate revocation

（C）Certificate issuance

（D）Certificate validation

正解：D 解答を投票する

質問 9

The chance of a hard drive failure is known to be once every four years. The cost of a new hard drive is $500.
EF (Exposure Factor) is about 0.5. Calculate for the Annualized Loss Expectancy (ALE).

（A）$65.2

（B）$250

（C）$125

（D）$62.5

正解：D 解答を投票する

質問 10

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories:
lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

（A）Hybrid Attack

（B）Dictionary Attack

（C）Brute Force Attack

（D）Online Attack

正解：A 解答を投票する

質問 11

What is the main difference between a "Normal" SQL Injection and a "Blind" SQL Injection vulnerability?

（A）The request to the web server is not visible to the administrator of the vulnerable application.

（B）The vulnerable application does not display errors with information about the injection results to the attacker.

（C）The attack is called "Blind" because, although the application properly filters user input, it is still vulnerable to code injection.

（D）The successful attack does not show an error message to the administrator of the affected application.

正解：B 解答を投票する

質問 12

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it.
What should you do?

（A）Delete the email and pretend nothing happened

（B）Forward the message to your company's security response team and permanently delete the message from your computer.

（C）Reply to the sender and ask them for more information about the message contents.

（D）Forward the message to your supervisor and ask for her opinion on how to handle the situation

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

（A）RSA 1024 bit strength

（B）RSA 512 bit strength

（C）AES 1024 bit strength

（D）AES 512 bit strength

正解：A 解答を投票する

質問 14

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

（A）Nikto

（B）John the Ripper

（C）Dsniff

（D）Snort

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

312-50v10 無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)」

弊社を連絡する

関連リンク

トップ試験