次の認定試験に速く合格する!

簡単に認定試験を準備し、学び、そして合格するためにすべてが必要だ。

会員センター  カート (0)
  • ホーム
  • ブログ
  • ベストEC-COUNCIL 312-50v11学習ガイドと問題集は2024年更新 [Q63-Q87]

ベストEC-COUNCIL 312-50v11学習ガイドと問題集は2024年更新 [Q63-Q87]

Share

ベストEC-COUNCIL 312-50v11学習ガイドと問題集は2024年更新

トップクラスEC-COUNCIL 312-50v11試験最先端学習ガイド!練習問題バージョン

質問 # 63
Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

  • A. Incident triage
  • B. Eradication
  • C. Preparation
  • D. Incident recording and assignment

正解:A

解説:
Triage is that the initial post-detection incident response method any responder can execute to open an event or false positive. Structuring an efficient and correct triage method can reduce analyst fatigue, reduce time to reply to and right incidents, and ensure that solely valid alerts are promoted to "investigation or incident" status.
Every part of the triage method should be performed with urgency, as each second counts once in the inside of a crisis. However, triage responders face the intense challenge of filtering an unwieldy input supply into a condensed trickle of events. Here are some suggestions for expediting analysis before knowledge is validated:
Organization: reduce redundant analysis by developing a workflow that may assign tasks to responders. Avoid sharing an email box or email alias between multiple responders. Instead use a workflow tool, like those in security orchestration, automation, and response (SOAR) solutions, to assign tasks. Implement a method to re-assign or reject tasks that are out of scope for triage.
Correlation: Use a tool like a security info and even management (SIEM) to mix similar events. Link potentially connected events into one useful event.
Data Enrichment: automate common queries your responders perform daily, like reverse DNS lookups, threat intelligence lookups, and IP/domain mapping. Add this knowledge to the event record or make it simply accessible.
Moving full speed ahead is that the thanks to get through the initial sorting method however a a lot of detailed, measured approach is necessary throughout event verification. Presenting a robust case to be accurately evaluated by your security operations center (SOC) or cyber incident response team (CIRT) analysts is key. Here are many tips for the verification:
Adjacent Data: Check the data adjacent to the event. for example, if an end has a virus signature hit, look to visualize if there's proof the virus is running before career for more response metrics.
Intelligence Review: understand the context around the intelligence. simply because an ip address was flagged as a part of a botnet last week doesn't mean it still is an element of a botnet today.
Initial Priority: Align with operational incident priorities and classify incidents appropriately. ensure the right level of effort is applied to every incident.
Cross Analysis: look for and analyze potentially shared keys, like science addresses or domain names, across multiple knowledge sources for higher knowledge acurity.


質問 # 64
Which of the following is the best countermeasure to encrypting ransomwares?

  • A. Pay a ransom
  • B. Keep some generation of off-line backup
  • C. Analyze the ransomware to get decryption key of encrypted data
  • D. Use multiple antivirus softwares

正解:B


質問 # 65
Richard, an attacker, targets an MNC. In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network.
What type of footprinting technique is employed by Richard?

  • A. Whois footprinting
  • B. Email footprinting
  • C. VPN footprinting
  • D. VoIP footprinting

正解:A


質問 # 66
You are logged in as a local admin on a Windows 7 system, and you need to launch the Computer Management Console from the command line. Which command would you use?

  • A. c:\services.msc
  • B. c:\gpedit
  • C. c:\compmgmt.msc
  • D. c:\ncpa.cpl

正解:C


質問 # 67
A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.
Which of the following advanced operators would allow the pen tester to restrict the search to the organization's web domain?

  • A. [link:]
  • B. [allinurl:]
  • C. [site:]
  • D. [location:]

正解:C


質問 # 68
Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?

  • A. HIPAA
  • B. SOX
  • C. Fed RAMP
  • D. PCIDSS

正解:B

解説:
Explanation
The Sarbanes-Oxley Act of 2002 could be a law the U.S. Congress passed on July thirty of that year to assist defend investors from fallacious money coverage by companies.Also called the SOX Act of 2002 and also the company Responsibility Act of 2002, it mandated strict reforms to existing securities rules and obligatory powerful new penalties on law breakers.
The Sarbanes-Oxley law Act of 2002 came in response to money scandals within the early 2000s involving in public listed corporations like Enron Corporation, Tyco International plc, and WorldCom. The high-profile frauds cask capitalist confidence within the trustiness of company money statements Associate in Nursingd light-emitting diode several to demand an overhaul of decades-old restrictive standards.


質問 # 69
An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task?

  • A. Saleae Logic Analyzer
  • B. AlienVault®OSSIM™
  • C. Cisco ASA
  • D. Syhunt Hybrid

正解:D


質問 # 70
A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.
what tests would you perform to determine whether his computer Is Infected?

  • A. Use ExifTool and check for malicious content.
  • B. You do not check; rather, you immediately restore a previous snapshot of the operating system.
  • C. Upload the file to VirusTotal.
  • D. Use netstat and check for outgoing connections to strange IP addresses or domains.

正解:A


質問 # 71
There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption, what encryption protocol is being used?

  • A. RADIUS
  • B. WPA3
  • C. WPA
  • D. WEP

正解:C

解説:
Explanation
Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found within the previous system, Wired Equivalent Privacy (WEP).WPA (sometimes mentioned because the draft IEEE 802.11i standard) became available in 2003. The Wi-Fi Alliance intended it as an intermediate measure in anticipation of the supply of the safer and sophisticated WPA2, which became available in 2004 and may be a common shorthand for the complete IEEE 802.11i (or IEEE 802.11i-2004) standard.In January 2018, Wi-Fi Alliance announced the discharge of WPA3 with several security improvements over WPA2.The Wi-Fi Alliance intended WPA as an intermediate measure to require the place of WEP pending the supply of the complete IEEE 802.11i standard. WPA might be implemented through firmware upgrades on wireless network interface cards designed for WEP that began shipping as far back as 1999. However, since the changes required within the wireless access points (APs) were more extensive than those needed on the network cards, most pre-2003 APs couldn't be upgraded to support WPA.The WPA protocol implements much of the IEEE
802.11i standard. Specifically, the Temporal Key Integrity Protocol (TKIP) was adopted for WPA. WEP used a 64-bit or 128-bit encryption key that has got to be manually entered on wireless access points and devices and doesn't change. TKIP employs a per-packet key, meaning that it dynamically generates a replacement
128-bit key for every packet and thus prevents the kinds of attacks that compromised WEP.WPA also includes a Message Integrity Check, which is meant to stop an attacker from altering and resending data packets. This replaces the cyclic redundancy check (CRC) that was employed by the WEP standard. CRC's main flaw was that it didn't provide a sufficiently strong data integrity guarantee for the packets it handled. Well-tested message authentication codes existed to unravel these problems, but they required an excessive amount of computation to be used on old network cards. WPA uses a message integrity check algorithm called TKIP to verify the integrity of the packets. TKIP is far stronger than a CRC, but not as strong because the algorithm utilized in WPA2. Researchers have since discovered a flaw in WPA that relied on older weaknesses in WEP and therefore the limitations of the message integrity code hash function, named Michael, to retrieve the keystream from short packets to use for re-injection and spoofing.


質問 # 72
Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?

  • A. WINS.MIB
  • B. LNMIB2.MIB
  • C. MIB_II.MIB
  • D. DHCP.MIS

正解:C

解説:
Explanation
The mib_ii.mib Management Information Base (MIB) document was initially made by Microsoft for RFC1213, which is for the board of TCP/IP-based systems administration for a host framework.
The lmmib2.mib document contains the accompanying SNMP object types:
SNMP object type
Description
system
This object contains information on the host system, such as identification and contacts.
interfaces
This object contains information on the network interfaces of the host system, the associated configurations, and statistics.
at
This object contains Address Translation network information of the host system.
ip
This object contains Internet Protocol network information of the host system.
icmp
This object contains Internet Control Message Protocol network information of the host system.
tcp
This object contains Transmission Control Protocol network information of the host system.
udp
This object contains User Datagram Protocol network information of the host system.
egp
This object contains Exterior Gateway Protocol network information of the host system.
snmp
This object contains Simple Network Management Protocol network information of the host system.
Traps
This object contains informational, error, and warning information regarding the network interfaces, protocols, and statistics of the host system.


質問 # 73
DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.
What command is used to determine if the entry is present in DNS cache?

  • A. nslookup -fullrecursive update.antivirus.com
  • B. nslookup -norecursive update.antivirus.com
  • C. dnsnooping -rt update.antivirus.com
  • D. dns --snoop update.antivirus.com

正解:B


質問 # 74
At what stage of the cyber kill chain theory model does data exfiltration occur?

  • A. Command and control
  • B. Actions on objectives
  • C. Weaponization
  • D. Installation

正解:B


質問 # 75
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.
Identify the behavior of the adversary In the above scenario.

  • A. use of command-line interface
  • B. Use of DNS tunneling
  • C. Data staging
  • D. Unspecified proxy activities

正解:A


質問 # 76
The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

  • A. Immediately roll back the firewall rule until a manager can approve it
  • B. Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.
  • C. Monitor all traffic using the firewall rule until a manager can approve it.
  • D. Have the network team document the reason why the rule was implemented without prior manager approval.

正解:A


質問 # 77
Which of the following is assured by the use of a hash?

  • A. Availability
  • B. Integrity
  • C. Authentication
  • D. Confidentiality

正解:B


質問 # 78
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT.
POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

  • A. RESTful API
  • B. SOAP API
  • C. JSON-RPC
  • D. REST API

正解:D


質問 # 79
Which of the following tools can be used for passive OS fingerprinting?

  • A. tcpdump
  • B. tracert
  • C. ping
  • D. nmap

正解:A


質問 # 80
Which system consists of a publicly available set of databases that contain domain name registration contact information?

  • A. WHOIS
  • B. IETF
  • C. IANA
  • D. CAPTCHA

正解:A


質問 # 81
Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?

  • A. Quid pro quo
  • B. Phishing
  • C. Diversion theft
  • D. Elicitatiom

正解:C


質問 # 82
A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.
what tests would you perform to determine whether his computer Is Infected?

  • A. You do not check; rather, you immediately restore a previous snapshot of the operating system.
  • B. Use netstat and check for outgoing connections to strange IP addresses or domains.
  • C. Use ExifTool and check for malicious content.
  • D. Upload the file to VirusTotal.

正解:D


質問 # 83
Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components. What is the attack technique used by Stephen to damage the industrial systems?

  • A. HMI-based attack
  • B. SMishing attack
  • C. Reconnaissance attack
  • D. Spear-phishing attack

正解:D


質問 # 84
Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

  • A. "GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com"
  • B. "GET /restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com"
  • C. "GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com"
  • D. "GET /restricted/ HTTP/1.1 Host: westbank.com

正解:C


質問 # 85
An attacker runs netcat tool to transfer a secret file between two hosts.

He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt the information before transmitting onto the wire?

  • A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234
  • B. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password
  • C. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234
  • D. Use cryptcat instead of netcat

正解:D


質問 # 86
What is the following command used for?
sqlmap.py-u ,,http://10.10.1.20/?p=1&forumaction=search" -dbs

  • A. Retrieving SQL statements being executed on the database
  • B. Creating backdoors using SQL injection
  • C. Searching database statements at the IP address given
  • D. A Enumerating the databases in the DBMS for the URL

正解:B


質問 # 87
......

有効な312-50v11試験最新問題で2024年最新の学習ガイド:https://www.jpntest.com/shiken/312-50v11-mondaishu

関するブログ

もっと
312-50v11無料問題集

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡 

関連リンク

トップ試験