312-50v9試験無料問題集（125題）「EC-COUNCIL Certified Ethical Hacker v9 認定」

出題：1

You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

A. True Negative

B. True Positive

C. False Negative

D. False Positive

正解：C 解答を投票する

出題：2

What is the benefit of performing an unannounced Penetration Testing?

A. Network security would be in a "best state" posture.

B. It is best to catch critical infrastructure unpatched.

C. The tester could not provide an honest analysis.

D. The tester will have an actual security posture visibility of thetarget network.

正解：D 解答を投票する

出題：3

In Risk Management, how is the term "likelihood" related to the concept of "threat?"

A. Likelihood is the probability that a vulnerability is a threat-source.

B. Likelihood is the likely source of a threat that could exploit a vulnerability.

C. Likelihood is a possible threat-source that may exploit a vulnerability.

D. Likelihood is the probability that a threat-source will exploit a vulnerability.

正解：D 解答を投票する

出題：4

Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website byinserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known toincorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.
What type of attack is outlined in the scenario?

A. Shellshock Attack

B. Watering Hole Attack

C. Spear Phising Attack

D. Heartbleed Attack

正解：B 解答を投票する

出題：5

Which of the following statements is TRUE?

A. Sniffers operation on both Layer 2 & Layer 3 of the OSImodel

B. Sniffers operation on Layer 2 of the OSI model

C. Sniffers operation on Layer 3 of the OSI model

D. Sniffers operation on the Layer 1 of the OSI model

正解：A 解答を投票する

出題：6

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

A. PKI

B. SOA

C. single sign on

D. biometrics

正解：A 解答を投票する

出題：7

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to www.MyPersonalBank.com, that the user is directed to a phishing site.
Which file does the attacker needto modify?

A. Networks

B. Boot.ini

C. Sudoers

D. Hosts

正解：D 解答を投票する

出題：8

> NMAP -sn 192.168.11.200-215
The NMAP command above performs which of the following?

A. An operating system detect

B. A ping scan

C. A trace sweep

D. A port scan

正解：B 解答を投票する

出題：9

When you return to your desk after a lunch break, you notice a strange email in your inbox. The senders is someone you did business with recently but the subject line has strange characters in it.
What should you do?

A. Forward the message to your supervisor andask for her opinion on how to handle the situation.

B. Reply to the sender and ask them for more information about the message contents.

C. Delete the email and pretend nothing happened.

D. Forward the message to your company's security response team and permanently delete the message from your computer.

正解：D 解答を投票する

出題：10

During a security audit of IT processes, an IS auditor found that there was no documented security procedures. What should the IS auditor do?

A. Conduct compliance testing

B. Create a procedures document

C. Terminate the audit.

D. Identify and evaluate existing practices.

正解：D 解答を投票する

312-50v9試験無料問題集「EC-COUNCIL Certified Ethical Hacker v9 認定」