312-50v9試験無料問題集（125題）「EC-COUNCIL Certified Ethical Hacker v9 認定」

出題：1

Which of these options is the most secure procedure for strong backup tapes?

A. In a climate controlled facility offsite

B. In a cool dry environment

C. On a different floor in the same building

D. Inside the data center for faster retrieval in afireproof safe

正解：A 解答を投票する

出題：2

A company's security states that all web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

A. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

C. Attempts by attacks to access the user and password information stores in the company's SQL database.

D. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

正解：B 解答を投票する

出題：3

Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

A. ethereal

B. Jack the ripper

C. nessus

D. tcpdump

正解：D 解答を投票する

出題：4

You've gained physical access to a Windows 2008 R2 server which has as accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD.Which Linux tool has the ability to change any user's password or to activate disabled Windows Accounts?

A. CHNTPW

B. John the Ripper

C. SET

D. Cain & Abel

正解：B 解答を投票する

出題：5

The "white box testing" methodology enforces what kind of restriction?

A. Only the internal operation of a system is known to the tester.

B. The internal operation of a system is completely known to the tester.

C. Only the external operation of a system is accessible to the tester.

D. The internal operation of a system is only partly accessible to the tester.

正解：B 解答を投票する

出題：6

Which of the following is a low-tech way of gaining unauthorized access to systems?

A. Eavesdropping

B. Scanning

C. Social engineering

D. Sniffing

正解：C 解答を投票する

出題：7

Which of the following is considered the best way to prevent Personally Identifiable Information (PII) from web application vulnerabilities?

A. Use cryptographic storage to store all PII

B. Use full disk encryption on all hard drives to protect PII

C. Use encrypted communications protocols to transmit PII

D. Use a security token to log onto into all Web application that use PII

正解：C 解答を投票する

出題：8

When you are getting informationabout a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, PUT, DELETE, TRACE) using NMAP script engine.
What nmap script will help you with this task?

A. http enum

B. http-headers

C. http-git

D. http-methods

正解：C 解答を投票する

出題：9

Which of the following is not a Bluetooth attack?

A. Bluesmaking

B. Bluesnarfing

C. Bluedriving

D. Bluejacking

正解：C 解答を投票する

出題：10

You have compromised a server on a network and successfully open a shell. You aimed to identify all operating systems running on the network. However, as you attemptto fingerprint all machines in the machines in the network using the nmap syntax below, it is not going through.
invictus@victim_server:~$nmap -T4 -O 10.10.0.0/24
TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxxx.
QUITTING!
What seems to be wrong?

A. The nmap syntax is wrong.

B. This is a common behavior for a corrupted nmap application.

C. The outgoing TCP/IP fingerprinting is blocked by the host firewall.

D. OS Scan requires root privileged.

正解：A 解答を投票する

312-50v9試験無料問題集「EC-COUNCIL Certified Ethical Hacker v9 認定」