312-50v9無料問題集「EC-COUNCIL Certified Ethical Hacker v9」

質問 1

It isan entity or event with the potential to adversely impact a system through unauthorized access destruction disclosures denial of service or modification of data.
Which of the following terms best matches this definition?

（A）Threat

（B）Risk

（C）Vulnerability

（D）Attack

正解：A 解答を投票する

質問 2

An attacker changes the profile information of a particular user on a target website (the victim). The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.
<frame src=http://www/vulnweb.com/updataif.php Style="display:none"></iframe>
What is this type of attack (that can use either HTTP GET or HRRP POST) called?

（A）SQL Injection

（B）Cross-Site Request Forgery

（C）Cross-Site Scripting

（D）Browser Hacking

正解：B 解答を投票する

質問 3

What is the best description of SQL Injection?

（A）It is and attack used to gain unauthorized access to a database.

（B）It is a Denial of Service Attack.

（C）It is an attack used to modify code in an application.

（D）It isa Man-in-the-Middle attack between your SQL Server and Web App Server.

正解：D 解答を投票する

質問 4

You have several plain-text firewall logs that you must review to evaluate network traffic.
You know that in order to do this fast and efficiently you must user regular expressions.
Which command-line utility are you most likely to use?

（A）MS Excel

（B）Relational Database

（C）Notepad

（D）Grep

正解：D 解答を投票する

質問 5

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to www.MyPersonalBank.com, that the user is directed to a phishing site.
Which file does the attacker needto modify?

（A）Sudoers

（B）Hosts

（C）Networks

（D）Boot.ini

正解：B 解答を投票する

質問 6

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening port on the targeted system.
If a scanned port is open, what happens?

（A）The port will ignore the packets.

（B）The port will send an RST.

（C）The port will send an ACK.

（D）The port will send a SYN.

正解：A 解答を投票する

質問 7

You have compromised a server on a network and successfully open a shell. You aimed to identify all operating systems running on the network. However, as you attemptto fingerprint all machines in the machines in the network using the nmap syntax below, it is not going through.
invictus@victim_server:~$nmap -T4 -O 10.10.0.0/24
TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxxx.
QUITTING!
What seems to be wrong?

（A）This is a common behavior for a corrupted nmap application.

（B）The outgoing TCP/IP fingerprinting is blocked by the host firewall.

（C）The nmap syntax is wrong.

（D）OS Scan requires root privileged.

正解：C 解答を投票する

質問 8

After trying multiple exploits, you've gained root access to a Centos 6 answer. To ensure you maintain access. What would you do first?

（A）Disable Key Services

（B）Downloadand Install Netcat

（C）Disable IPTables

（D）Create User Account

正解：B 解答を投票する

質問 9

You are performing a penetration test. You achieved access via a bufferoverflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account.
What should you do?

（A）Do not report it and continue the penetration test.

（B）Do not transfer the money but steal the bitcoins.

（C）Transfer money from the administrator's account to another account.

（D）Report immediately to the administrator.

正解：D 解答を投票する

質問 10

In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known wardriving.
Which algorithm is this referring to?

（A）Wi-Fi Protected Access 2(WPA2)

（B）Wi-Fi Protected Access (WPA)

（C）Wired Equivalent Privacy (WEP)

（D）Temporal Key Integrity Protocol (TRIP)

正解：C 解答を投票する

312-50v9 無料問題集「EC-COUNCIL Certified Ethical Hacker v9」

弊社を連絡する

関連リンク

トップ試験