412-79無料問題集「EC-COUNCIL EC-Council Certified Security Analyst (ECSA)」

質問 1

Why is a legal agreement important to have before launching a penetration test?

（A）Allows you to perform a penetration test without the knowledge and consent of the organization's upper management

（B）It is important to ensure that the target organization has implemented mandatory security policies

（C）Guarantees your consultant fees

（D）It establishes the legality of the penetration test by documenting the scope of the project and the consent of the company.

正解：D 解答を投票する

質問 2

Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a type and code field.

Which of the following ICMP messages will be generated if the destination port is not reachable?

（A）ICMP Type 3 code 3

（B）ICMP Type 3 code 2

（C）ICMP Type 11 code 1

（D）ICMP Type 5 code 3

正解：A 解答を投票する

質問 3

Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. It sends a sequence of three Internet Control Message Protocol (ICMP) echo request packets addressed to a destination host.
The time-to-live (TTL) value, also known as hop limit, is used in determining the intermediate routers being traversed towards the destination.

During routing, each router reduces packets' TTL value by

（A）3

（B）1

（C）4

（D）2

正解：B 解答を投票する

質問 4

External penetration testing is a traditional approach to penetration testing and is more focused on the servers, infrastructure and the underlying software comprising the target. It involves a comprehensive analysis of publicly available information about the target, such as Web servers, Mail servers, Firewalls, and Routers.

Which of the following types of penetration testing is performed with no prior knowledge of the site?

（A）Grey box testing

（B）Black box testing

（C）White box testing

（D）Blue box testing

正解：B 解答を投票する

質問 5

Which one of the following is a command line tool used for capturing data from the live network and copying those packets to a file?

（A）Wireshark: Capinfos

（B）Wireshark: Tcpdump

（C）Wireshark: Dumpcap

（D）Wireshark: Text2pcap

正解：C 解答を投票する

質問 6

One of the steps in information gathering is to run searches on a company using complex keywords in Google.

Which search keywords would you use in the Google search engine to find all the PowerPoint presentations containing information about a target company, ROCHESTON?

（A）ROCHESTON ppt:filestring

（B）ROCHESTON +ppt:filesearch

（C）ROCHESTON fileformat:+ppt

（D）ROCHESTON filetype:ppt

正解：D 解答を投票する

質問 7

Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

（A）Product-based Assessment Solutions

（B）Inference-based Assessment

（C）Tree-based Assessment

（D）Service-based Assessment Solutions

正解：C 解答を投票する

質問 8

Which of the following protocols cannot be used to filter VoIP traffic?

（A）Media Gateway Control Protocol (MGCP)

（B）Session Description Protocol (SDP)

（C）Real-time Transport Control Protocol (RTCP)

（D）Real-Time Publish Subscribe (RTPS)

正解：D 解答を投票する

質問 9

The Internet is a giant database where people store some of their most private information on the cloud, trusting that the service provider can keep it all safe. Trojans, Viruses, DoS attacks, website defacement, lost computers, accidental publishing, and more have all been sources of major leaks over the last 15 years.

What is the biggest source of data leaks in organizations today?

（A）Vulnerabilities, risks, and threats facing Web sites

（B）Weak passwords and lack of identity management

（C）Insufficient IT security budget

（D）Rogue employees and insider attacks

正解：D 解答を投票する

質問 10

What is a goal of the penetration testing report?

（A）The penetration testing report allows you to increase sales performance by effectively communicating with the internal security team.

（B）The penetration testing report allows you to sleep better at night thinking your organization is protected

（C）The pen testing report helps executive management to make decisions on implementing security controls in the organization and helps the security team implement security controls and patch any flaws discovered during testing.

（D）The penetration testing report helps you comply with local laws and regulations related to environmental conditions in the organization.

正解：C 解答を投票する

412-79 無料問題集「EC-COUNCIL EC-Council Certified Security Analyst (ECSA)」

弊社を連絡する

関連リンク

トップ試験