312-50v11無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v11)」

質問 1

Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network.
Which type of threat intelligence is used by Roma to secure the internal network?

（A）Technical threat intelligence

（B）Tactical threat intelligence

（C）Operational threat intelligence

（D）Strategic threat intelligence

正解：A 解答を投票する

質問 2

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

（A）Scanning

（B）Integrity checking

（C）Code Emulation

（D）Heuristic Analysis

正解：C 解答を投票する

質問 3

At what stage of the cyber kill chain theory model does data exfiltration occur?

（A）Command and control

（B）installation

（C）Weaponization

（D）Actions on objectives

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment-

（A）Behaviour based

（B）Heuristics based

（C）VCloud based

（D）Honypot based

正解：C 解答を投票する

質問 5

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

（A）Presentation layer headers and the session layer port numbers

（B）Application layer port numbers and the transport layer headers

（C）Network layer headers and the session layer port numbers

（D）Transport layer port numbers and application layer headers

正解：D 解答を投票する

質問 6

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.
Which of the following advanced operators would allow the pen tester to restrict the search to the organization's web domain?

（A）[site:]

（B）[link:]

（C）[location:]

（D）[allinurl:]

正解：A 解答を投票する

質問 7

which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

（A）Bluebugging

（B）Bluesnarfing

（C）Bluesmacking

（D）Bluejacking

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequently susceptible to internal users. He decides to draft an email, spoof the sender as the internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh sends the email, he decides to investigate other methods of getting the file onto the system. For this particular attempt, what was the last stage of the cyber kill chain that Josh performed?

（A）Exploitation

（B）Weaponization

（C）Reconnaissance

（D）Delivery

正解：B 解答を投票する

質問 9

When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?

（A）Maskgen

（B）Proxychains

（C）Dimitry

（D）Burpsuite

正解：D 解答を投票する

質問 10

This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

（A）Twofish encryption algorithm

（B）IDEA

（C）HMAC encryption algorithm

（D）Blowfish encryption algorithm

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

（A）Modifying and replaying captured network traffic

（B）Identifying operating systems, services, protocols and devices

（C）Collecting unencrypted information about usernames and passwords

（D）Capturing a network traffic for further analysis

正解：A 解答を投票する

質問 12

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

（A）Application

（B）Session

（C）Presentation

（D）Transport

正解：C 解答を投票する

質問 13

infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?

（A）Maintaining access

（B）Scanning

（C）Reconnaissance

（D）Gaining access

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

When discussing passwords, what is considered a brute force attack?

（A）You load a dictionary of words into your cracking program

（B）You attempt every single possibility until you exhaust all possible combinations or discover the password

（C）You threaten to use the rubber hose on someone unless they reveal their password

（D）You wait until the password expires

（E）You create hashes of a large number of words and compare it with the encrypted passwords

正解：B 解答を投票する

質問 15

What is the most common method to exploit the "Bash Bug" or "Shellshock" vulnerability?

（A）SYN Flood

（B）Manipulate format strings in text fields

（C）Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

（D）SSH

正解：C 解答を投票する

質問 16

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing dat a. For this purpose, he uses a web service that uses HTTP methods such as PUT. POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

（A）SOAP API

（B）RESTful API

（C）JSON-RPC

（D）REST API

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 17

Which of the following commands checks for valid users on an SMTP server?

（A）RCPT

（B）CHK

（C）VRFY

（D）EXPN

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

312-50v11 無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v11)」

弊社を連絡する

関連リンク

トップ試験