312-50v11問題集最新の2024年04月05日練習テスト525リアル解答があります [Q86-Q105]

312-50v11問題集最新の2024年04月05日練習テスト525リアル解答があります

2024年最新の100%試験高合格率312-50v11問題集PDF

CEH v11 認定試験は、情報セキュリティ業界でスキルと知識を向上させたいプロフェッショナルを対象としています。この試験は、エシカルハッキングとサイバーセキュリティの分野に転換したい人々にも適しています。認定試験は、エシカルハッキングの分野での個人の知識とスキルを総合的に評価するよう設計されています。

EC-COUNCIL 312-50v11 (CEH v11)の認定試験に合格するには、情報セキュリティ分野に2年以上の経験があるか、EC-COUNCILの公式トレーニングプログラムを修了している必要があります。試験は125問の多肢選択問題で構成され、4時間以内に受験する必要があります。認定を取得するには70％以上の合格点が必要で、有効期間は3年間です。

EC-COUNCIL 312-50v11 Certified Ethical Hacker Exam（CEH v11）は、ネットワークセキュリティと倫理的ハッキングの分野での個人のスキルと知識を評価する、国際的に認知された認定試験です。試験は、コンピュータネットワークとシステムの脆弱性と弱点を特定し、倫理的なハッキング技術を使用して不正アクセスを防止し、サイバー脅威から保護する能力を試験するために設計されています。

 

質問 # 86
Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols Is used by Bella?

• A. FTPS
• B. IP
• C. HTTPS
• D. FTP

正解：A

解説：
Explanation
The File Transfer Protocol (FTP) is a standard organization convention utilized for the exchange of PC records from a worker to a customer on a PC organization. FTP is based on a customer worker model engineering utilizing separate control and information associations between the customer and the server.[1] FTP clients may validate themselves with an unmistakable book sign-in convention, ordinarily as a username and secret key, however can interface namelessly if the worker is designed to permit it. For secure transmission that ensures the username and secret phrase, and scrambles the substance, FTP is frequently made sure about with SSL/TLS (FTPS) or supplanted with SSH File Transfer Protocol (SFTP).
The primary FTP customer applications were order line programs created prior to working frameworks had graphical UIs, are as yet dispatched with most Windows, Unix, and Linux working systems.[2][3] Many FTP customers and mechanization utilities have since been created for working areas, workers, cell phones, and equipment, and FTP has been fused into profitability applications, for example, HTML editors.

質問 # 87
If you want to only scan fewer ports than the default scan using Nmap tool, which option would you use?

• A. -r
• B. -F
• C. -sP
• D. -P

正解：B

質問 # 88
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. what protocol is this port using and how can he secure that traffic?

• A. it is not necessary to perform any actions, as SNMP is not carrying important information.
• B. RPC and the best practice is to disable RPC completely
• C. SNMP and he should change it to SNMP V3
• D. SNMP and he should change it to SNMP v2, which is encrypted

正解：C

解説：
We have various articles already in our documentation for setting up SNMPv2 trap handling in Opsview, but SNMPv3 traps are a whole new ballgame. They can be quite confusing and complicated to set up the first time you go through the process, but when you understand what is going on, everything should make more sense.
SNMP has gone through several revisions to improve performance and security (version 1, 2c and 3). By default, it is a UDP port based protocol where communication is based on a 'fire and forget' methodology in which network packets are sent to another device, but there is no check for receipt of that packet (versus TCP port when a network packet must be acknowledged by the other end of the communication link).
There are two modes of operation with SNMP - get requests (or polling) where one device requests information from an SNMP enabled device on a regular basis (normally using UDP port 161), and traps where the SNMP enabled device sends a message to another device when an event occurs (normally using UDP port 162). The latter includes instances such as someone logging on, the device powering up or down, or a wide variety of other problems that would need this type of investigation.
This blog covers SNMPv3 traps, as polling and version 2c traps are covered elsewhere in our documentation.
SNMP traps
Since SNMP is primarily a UDP port based system, traps may be 'lost' when sending between devices; the sending device does not wait to see if the receiver got the trap. This means if the configuration on the sending device is wrong (using the wrong receiver IP address or port) or the receiver isn't listening for traps or rejecting them out of hand due to misconfiguration, the sender will never know.
The SNMP v2c specification introduced the idea of splitting traps into two types; the original 'hope it gets there' trap and the newer 'INFORM' traps. Upon receipt of an INFORM, the receiver must send an acknowledgement back. If the sender doesn't get the acknowledgement back, then it knows there is an existing problem and can log it for sysadmins to find when they interrogate the device.

質問 # 89
Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

• A. Diversion theft
• B. Piggybacking
• C. Baiting
• D. Honey trap

正解：D

解説：
Explanation
The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company. In this technique, the victim is an insider who possesses critical information about the target organization.
Baiting is a technique in which attackers offer end users something alluring in exchange for important information such as login details and other sensitive data. This technique relies on the curiosity and greed of the end-users. Attackers perform this technique by leaving a physical device such as a USB flash drive containing malicious files in locations where people can easily find them, such as parking lots, elevators, and bathrooms. This physical device is labeled with a legitimate company's logo, thereby tricking end-users into trusting it and opening it on their systems. Once the victim connects and opens the device, a malicious file downloads. It infects the system and allows the attacker to take control.
For example, an attacker leaves some bait in the form of a USB drive in the elevator with the label "Employee Salary Information 2019" and a legitimate company's logo. Out of curiosity and greed, the victim picks up the device and opens it up on their system, which downloads the bait. Once the bait is downloaded, a piece of malicious software installs on the victim's system, giving the attacker access.

質問 # 90
Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the organization. From this information, he retrieved contextual information about security events and incidents that helped him disclose potential risks and gain insight into attacker methodologies. He collected the information from sources such as humans, social media, and chat rooms as well as from events that resulted in cyberattacks. In this process, he also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks. What is the type of threat intelligence collected by Arnold in the above scenario?

• A. Operational threat intelligence
• B. Strategic threat intelligence
• C. Tactical threat intelligence
• D. Technical threat intelligence

正解：A

質問 # 91
Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario?

• A. website footprinting
• B. VoIP footpnnting
• C. Dark web footprinting
• D. VPN footprinting

正解：D

解説：
VoIP (Voice over Internet Protocol) is a web convention that permits the transmission of voice brings over the web. It does as such by changing over the ordinary telephone signals into advanced signs. Virtual Private Networks(VPN) give a protected association with an associations' organization. Along these lines, VoIP traffic can disregard a SSL-based VPN, successfully scrambling VoIP administrations.
When leading surveillance, in the underlying phases of VoIP footprinting, the accompanying freely accessible data can be normal:
All open ports and administrations of the gadgets associated with the VoIP organization The public VoIP worker IP address The working arrangement of the worker running VoIP The organization framework

質問 # 92
On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.
What is the name of the process by which you can determine those critical businesses?

• A. Business Impact Analysis (BIA)
• B. Disaster Recovery Planning (DRP)
• C. Emergency Plan Response (EPR)
• D. Risk Mitigation

正解：A

質問 # 93
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?
Code:
#include <string.h> int main(){char buffer[8];
strcpy(buffer, ""11111111111111111111111111111"");} Output: Segmentation fault

• A. Java
• B. C++
• C. C#
• D. Python

正解：B

質問 # 94
jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However. Jane has a long, complex password on her router. What attack has likely occurred?

• A. Piggybacking
• B. Evil twin
• C. Wireless sniffing
• D. Wardriving

正解：B

解説：
Explanation
An evil twin may be a fraudulent Wi-Fi access point that appears to be legitimate but is about up to pay attention to wireless communications.[1] The evil twin is that the wireless LAN equivalent of the phishing scam.This type of attack could also be wont to steal the passwords of unsuspecting users, either by monitoring their connections or by phishing, which involves fixing a fraudulent internet site and luring people there.The attacker snoops on Internet traffic employing a bogus wireless access point. Unwitting web users could also be invited to log into the attacker's server, prompting them to enter sensitive information like usernames and passwords. Often, users are unaware they need been duped until well after the incident has occurred.When users log into unsecured (non-HTTPS) bank or e-mail accounts, the attacker intercepts the transaction, since it's sent through their equipment. The attacker is additionally ready to hook up with other networks related to the users' credentials.Fake access points are found out by configuring a wireless card to act as an access point (known as HostAP). they're hard to trace since they will be shut off instantly. The counterfeit access point could also be given an equivalent SSID and BSSID as a close-by Wi-Fi network. The evil twin are often configured to pass Internet traffic through to the legitimate access point while monitoring the victim's connection, or it can simply say the system is temporarily unavailable after obtaining a username and password.

質問 # 95
Which of the following is the best countermeasure to encrypting ransomwares?

• A. Use multiple antivirus softwares
• B. Pay a ransom
• C. Analyze the ransomware to get decryption key of encrypted data
• D. Keep some generation of off-line backup

正解：D

質問 # 96
You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

• A. 0x70
• B. 0x80
• C. 0x60
• D. 0x90

正解：D

質問 # 97
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?

• A. MAC flooding
• B. DNS cache flooding
• C. Evil twin attack
• D. DDoS attack

正解：A

質問 # 98
In an attempt to increase the security of your network, you implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know it.
How do you accomplish this?

• A. Delete the wireless network
• B. Remove all passwords
• C. Disable SSID broadcasting
• D. Lock all users

正解：C

質問 # 99
what firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?

• A. Spoof source address scanning
• B. Packet fragmentation scanning
• C. Idle scanning
• D. Decoy scanning

正解：C

解説：
Explanation
The idle scan could be a communications protocol port scan technique that consists of causing spoofed packets to a pc to seek out out what services square measure obtainable. this can be accomplished by impersonating another pc whose network traffic is extremely slow or nonexistent (that is, not transmission or receiving information). this might be associate idle pc, known as a "zombie".
This action are often done through common code network utilities like nmap and hping. The attack involves causing solid packets to a particular machine target in an attempt to seek out distinct characteristics of another zombie machine. The attack is refined as a result of there's no interaction between the offender pc and also the target: the offender interacts solely with the "zombie" pc.
This exploit functions with 2 functions, as a port scanner and a clerk of sure informatics relationships between machines. The target system interacts with the "zombie" pc and distinction in behavior are often discovered mistreatment totally different|completely different "zombies" with proof of various privileges granted by the target to different computers.
The overall intention behind the idle scan is to "check the port standing whereas remaining utterly invisible to the targeted host." The first step in execution associate idle scan is to seek out associate applicable zombie. It must assign informatics ID packets incrementally on a worldwide (rather than per-host it communicates with) basis. It ought to be idle (hence the scan name), as extraneous traffic can raise its informatics ID sequence, confusing the scan logic. The lower the latency between the offender and also the zombie, and between the zombie and also the target, the quicker the scan can proceed.
Note that once a port is open, IPIDs increment by a pair of. Following is that the sequence:
* offender to focus on -> SYN, target to zombie ->SYN/ACK, Zombie to focus on -> RST (IPID increment by 1)
* currently offender tries to probe zombie for result. offender to Zombie ->SYN/ACK, Zombie to offender
-> RST (IPID increment by 1)
So, during this method IPID increments by a pair of finally.
When associate idle scan is tried, tools (for example nmap) tests the projected zombie and reports any issues with it. If one does not work, attempt another. Enough net hosts square measure vulnerable that zombie candidates are not exhausting to seek out. a standard approach is to easily execute a ping sweep of some network. selecting a network close to your supply address, or close to the target, produces higher results. you'll be able to attempt associate idle scan mistreatment every obtainable host from the ping sweep results till you discover one that works. As usual, it's best to raise permission before mistreatment someone's machines for surprising functions like idle scanning.
Simple network devices typically create nice zombies as a result of {they square measure|they're} normally each underused (idle) and designed with straightforward network stacks that are susceptible to informatics ID traffic detection.
While distinguishing an acceptable zombie takes some initial work, you'll be able to keep re-using the nice ones. as an alternative, there are some analysis on utilizing unplanned public internet services as zombie hosts to perform similar idle scans. leverage the approach a number of these services perform departing connections upon user submissions will function some quite poor's man idle scanning.

質問 # 100
Ricardo has discovered the username for an application in his target's environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application.
What type of attack is Ricardo performing?

• A. Password spraying
• B. Known plaintext
• C. Brute force
• D. Dictionary

正解：D

質問 # 101
which of the following protocols can be used to secure an LDAP service against anonymous queries?

• A. RADIUS
• B. NTLM
• C. SSO
• D. WPA

正解：C

解説：
Single sign-on (SSO) may be a session and user authentication service that allows a user to use one set of login credentials as an example, a reputation and arcanum to access multiple applications. SSO will be employed by enterprises, smaller organizations and people to ease the management of varied usernames and passwords.
In a basic net SSO service, an agent module on the appliance server retrieves the precise authentication credentials for a personal user from a frenzied SSO policy server, whereas authenticating the user against a user repository, like a light-weight Directory Access Protocol (LDAP) directory. The service authenticates the top user for all the applications the user has been given rights to and eliminates future arcanum prompts for individual applications throughout constant session.
How single sign-on works
Single sign-on may be a united identity management (FIM) arrangement, and also the use of such a system is typically referred to as identity federation. OAuth, that stands for Open Authorization and is pronounced "oh-auth," is that the framework that permits AN finish user's account data to be employed by third-party services, like Facebook, while not exposing the user's arcanum.
This graphic provides a mental image of however single sign-on works
OAuth acts as AN mediator on behalf of the top user by providing the service with AN access token that authorizes specific account data to be shared. once a user {attempts|makes AN attempt|tries} to access an application from the service supplier, the service supplier can send letter of invitation to the identity supplier for authentication. The service supplier can then verify the authentication and log the user in.
Types of SSO configurations
Some SSO services use protocols, like Kerberos, and Security Assertion terminology (SAML).
SAML is AN protrusible terminology (XML) customary that facilitates the exchange of user authentication and authorization knowledge across secure domains. SAML-based SSO services involve communications among the user, AN identity supplier that maintains a user directory and a service supplier.
In a Kerberos-based setup, once the user credentials are provided, a price tag-granting ticket (TGT) is issued. The TGT fetches service tickets for different applications the user needs to access, while not asking the user to reenter credentials.
Smart card-based SSO can raise an user to use a card holding the sign-in credentials for the primary log in. Once the cardboard is employed, the user won't got to reenter usernames or passwords. SSO good cards can store either certificates or passwords.
Security risks and SSO
Although single sign-on may be a convenience to users, it presents risks to enterprise security. AN aggressor World Health Organization gains management over a user's SSO credentials are granted access to each application the user has rights to, increasing the number of potential harm. so as to avoid malicious access, it's essential that each facet of SSO implementation be as well as identity governance. Organizations may use two-factor authentication (2FA) or multifactor authentication (MFA) with SSO to enhance security.
Advantages and downsides of SSO
Advantages of SSO embody the following:
It allows users to recollect and manage fewer passwords and usernames for every application.
It streamlines the method of linguistic communication on and exploitation applications - no ought to reenter passwords.
It lessens the prospect of phishing.
It ends up in fewer complaints or hassle concerning passwords for IT facilitate desks.
Disadvantages of SSO embody the following:
It doesn't address sure levels of security every application sign-on might have.
If availableness is lost, then users are fast out of the multiple systems connected to the SSO.
If unauthorized users gain access, then they might gain access to over one application.
SSO vendors
There are multiple SSO vendors that are accepted. Some offer different services, and SSO is a further feature. SSO vendors embody the following:
Rippling allows users to sign on to cloud applications from multiple devices.
Avatier Identity anyplace is an SSO for manual laborer container-based platforms.
OneLogin may be a cloud-based identity and access management (IAM) platform that supports SSO.
Okta may be a tool with AN SSO practicality. Okta additionally supports 2FA and is primarily used by enterprise users.

質問 # 102
John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the IDAP service for sensitive information such as usernames. addresses, departmental details, and server names to launch further attacks on the target organization.
What is the tool employed by John to gather information from the IDAP service?

• A. jxplorer
• B. Ike-scan
• C. EarthExplorer
• D. Zabasearch

正解：A

解説：
Explanation
JXplorer could be a cross platform LDAP browser and editor. it's a standards compliant general purpose LDAP client which will be used to search, scan and edit any commonplace LDAP directory, or any directory service with an LDAP or DSML interface.
It is extremely flexible and can be extended and custom in a very number of the way. JXplorer is written in java, and also the source code and source code build system ar obtainable via svn or as a packaged build for users who wish to experiment or any develop the program.
JX is is available in 2 versions; the free open source version under an OSI Apache two style licence, or within the JXWorkBench Enterprise bundle with inbuilt reporting, administrative and security tools.
JX has been through a number of different versions since its creation in 1999; the foremost recent stable release is version 3.3.1, the August 2013 release.
JXplorer could be a absolutely useful LDAP consumer with advanced security integration and support for the harder and obscure elements of the LDAP protocol. it's been tested on Windows, Solaris, linux and OSX, packages are obtainable for HPUX, AIX, BSD and it should run on any java supporting OS.

質問 # 103
infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?

• A. Gaming access
• B. Reconnaissance
• C. Maintaining access
• D. Scanning

正解：A

解説：
Explanation
This phase having the hacker uses different techniques and tools to realize maximum data from the system.
they're -* Password cracking - Methods like Bruteforce, dictionary attack, rule-based attack, rainbow table are used. Bruteforce is trying all combinations of the password. Dictionary attack is trying an inventory of meaningful words until the password matches. Rainbow table takes the hash value of the password and compares with pre-computed hash values until a match is discovered.* Password attacks - Passive attacks like wire sniffing, replay attack. Active online attack like Trojans, keyloggers, hash injection, phishing. Offline attacks like pre-computed hash, distributed network and rainbow. Non electronic attack like shoulder surfing, social engineering and dumpster diving.

質問 # 104
Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.

• A. Authenticate
• B. Encrypt
• C. Protect the payload and the headers
• D. Work at the Data Link Layer

正解：A

質問 # 105
......

検証済み312-50v11問題集と解答100%合格はJPNTest：https://www.jpntest.com/shiken/312-50v11-mondaishu