EC0-350無料問題集「EC-COUNCIL Ethical hacking and countermeasures」

質問 1

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?
Starting NMAP 5.21 at 2011-03-15 11:06
NMAP scan report for 172.16.40.65
Host is up (1.00s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http
139/tcp open netbios-ssn
515/tcp open
631/tcp open ipp
9100/tcp open
MAC Address: 00:00:48:0D. EE:89

（A）The host is likely a router.

（B）The host is likely a printer.

（C）The host is likely a Windows machine.

（D）The host is likely a Linux machine.

正解：B 解答を投票する

質問 2

ICMP ping and ping sweeps are used to check for active systems and to check

（A）the number of hops an ICMP ping takes to reach a destination.

（B）the location of the switchport in relation to the ICMP ping.

（C）the route that the ICMP ping took.

（D）if ICMP ping traverses a firewall.

正解：D 解答を投票する

質問 3

Exhibit:

Given the following extract from the snort log on a honeypot, what service is being exploited? :

（A）Telnet

（B）FTP

（C）SMTP

（D）SSH

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

（A）Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

（B）To get messaging programs to function with this algorithm requires complex configurations.

（C）It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

（D）It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.

正解：C 解答を投票する

質問 5

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

（A）LOGIN, NICK

（B）USER, PASS

（C）USER, NICK

（D）LOGIN, USER

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

（A）Tailgating

（B）Social engineering

（C）Man trap

（D）Shoulder surfing

正解：A 解答を投票する

質問 7

How do you defend against ARP Poisoning attack? (Select 2 answers)

（A）Enable Dynamic ARP Inspection

（B）Enable DHCP Snooping Binding Table

（C）Enable MAC snooping Table

（D）Restrict ARP Duplicates

正解：A、B 解答を投票する

質問 8

A denial of Service (DoS) attack works on the following principle:

（A）MS-DOS and PC-DOS operating system utilize a weaknesses that can be compromised and permit them to launch an attack easily.

（B）A server stops accepting connections from certain networks one those network become flooded.

（C）Overloaded buffer systems can easily address error conditions and respond appropriately.

（D）All CLIENT systems have TCP/IP stack implementation weakness that can be compromised and permit them to lunch an attack easily.

（E）Host systems cannot respond to real traffic, if they have an overwhelming number of incomplete connections (SYN/RCVD State).

正解：E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which of the following encryption is NOT based on block cipher?

（A）AES (Rijndael)

（B）RC4

（C）Blowfish

（D）DES

正解：B 解答を投票する

質問 10

What is the algorithm used by LM for Windows2000 SAM?

（A）SSL

（B）SHA

（C）MD4

（D）DES

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

Statistics from cert.org and other leading security organizations has clearly showed a steady rise in the number of hacking incidents perpetrated against companies.
What do you think is the main reason behind the significant increase in hacking attempts over the past years?

（A）There is a phenomenal increase in processing power.

（B）The ease with which hacker tools are available on the Internet.

（C）It is getting more challenging and harder to hack for non technical people.

（D）New TCP/IP stack features are constantly being added.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

What are the three types of authentication?

（A）Something you: have, know, are

（B）Something you: show, prove, are

（C）Something you: show, have, prove

（D）Something you: know, remember, prove

正解：A 解答を投票する

質問 13

Your company has blocked all the ports via external firewall and only allows port 80/443 to connect to the Internet. You want to use FTP to connect to some remote server on the Internet. How would you accomplish this?

（A）Use Proxy Chaining

（B）Use TOR Network

（C）Use HTTP Tunneling

（D）Use Reverse Chaining

正解：C 解答を投票する

質問 14

Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response?

（A）If a port does not respond to an XMAS scan using NMAP, that port is closed.

（B）These ports are open because they do not illicit a response.

（C）The scan was not performed correctly using NMAP since all ports, no matter what their state, will illicit some sort of response from an XMAS scan.

（D）He can tell that these ports are in stealth mode.

正解：B 解答を投票する

質問 15

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?

（A）Since he does not care about going to jail, he would be considered a Black Hat

（B）Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

（C）Because Yancey works for the company currently; he would be a White Hat

（D）Yancey would be considered a Suicide Hacker

正解：D 解答を投票する

質問 16

Ursula is a college student at a University in Amsterdam. Ursula originally went to college to study engineering but later changed to marine biology after spending a month at sea with her friends. These friends frequently go out to sea to follow and harass fishing fleets that illegally fish in foreign waters. Ursula eventually wants to put companies practicing illegal fishing out of business. Ursula decides to hack into the parent company's computers and destroy critical data knowing fully well that, if caught, she probably would be sent to jail for a very long time. What would Ursula be considered?

（A）She would be called a cracker.

（B）Ursula would be considered a black hat.

（C）Ursula would be considered a gray hat since she is performing an act against illegal activities.

（D）She would be considered a suicide hacker.

正解：D 解答を投票する

EC0-350 無料問題集「EC-COUNCIL Ethical hacking and countermeasures」

弊社を連絡する

関連リンク

トップ試験