312-50v13無料問題集「ECCouncil Certified Ethical Hacker Exam (CEHv13)」

質問 1

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

（A）Use and regularly update anti-virus software on all systems commonly affected by malware.

（B）Regularly test security systems and processes.

（C）Encrypt transmission of cardholder data across open, public networks.

（D）Assign a unique ID to each person with computer access.

正解：D 解答を投票する

質問 2

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

（A）Role Based Access Control (RBAC)

（B）Windows authentication

（C）Discretionary Access Control (DAC)

（D）Single sign-on

正解：D 解答を投票する

質問 3

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

（A）Eavesdropping

（B）Tailgating

（C）Social engineering

（D）Piggybacking

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Given below are different steps involved in the vulnerability-management life cycle.
1) Remediation
2) Identify assets and create a baseline
3) Verification
4) Monitor
5) Vulnerability scan
6) Risk assessment
Identify the correct sequence of steps involved in vulnerability management.

（A）2-->5-->6-->1-->3-->4

（B）1-->2-->3-->4-->5-->6

（C）2-->4-->5-->3-->6--> 1

（D）2-->1-->5-->6-->4-->3

正解：A 解答を投票する

質問 5

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

（A）Scanning

（B）Integrity checking

（C）Code Emulation

（D）Heuristic Analysis

正解：C 解答を投票する

質問 6

Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages.
Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication?

（A）WSDL

（B）WS-Security

（C）WS Work Processes

（D）WS-Policy

正解：B 解答を投票する

質問 7

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing?

（A）Disable DNS timeouts

（B）Disable DNS Zone Transfer

（C）Install DNS logger and track vulnerable packets

（D）Install DNS Anti-spoofing

正解：D 解答を投票する

質問 8

Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?

（A）nmap -Pn -sT -p 102 --script s7-info < Target IP >

（B）nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >

（C）nmap -Pn -sT -p 46824 < Target IP >

（D）nmap -Pn -sU -p 44818 --script enip-info < Target IP >

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Ethical backer jane Doe is attempting to crack the password of the head of the it department of ABC company. She Is utilizing a rainbow table and notices upon entering a password that extra characters are added to the password after submitting. What countermeasure is the company using to protect against rainbow tables?

（A）Account lockout

（B）Password key hashing

（C）Password hashing

（D）Password salting

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

（A）Extraction of cryptographic secrets through coercion or torture.

（B）Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

（C）A backdoor placed into a cryptographic algorithm by its creator.

（D）Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?

（A）Docker objects

（B）Docker client

（C）Docker registries

（D）Docker daemon

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.
He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

（A）Use the 802.1x protocol

（B）Disable unused ports in the switches

（C）Separate students in a different VLAN

（D）Ask students to use the wireless network

正解：A 解答を投票する

質問 13

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network lo identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?

（A）Passive assessment

（B）Credentialed assessment

（C）internal assessment

（D）External assessment

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

if you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST.
what do you know about the firewall you are scanning?

（A）This event does not tell you encrypting about the firewall.

（B）It Is a non-stateful firewall.

（C）It is a stateful firewall

（D）There is no firewall in place.

正解：A 解答を投票する

312-50v13 無料問題集「ECCouncil Certified Ethical Hacker Exam (CEHv13)」

弊社を連絡する

関連リンク

トップ試験