最新 [2022年01月19日]EC-COUNCIL 312-50v10試験練習でテストの素晴らしい結果を出そう [Q174-Q193]

最新 [2022年01月19日]EC-COUNCIL 312-50v10試験練習でテストの素晴らしい結果を出そう

あなたのキャリアーを稼いで飛躍せよEC-COUNCIL 312-50v10

質問 174
Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

• A. UPGRADETLS
• B. OPPORTUNISTICTLS STARTTLS
• C. FORCETLS

正解: C

 

質問 175
Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

• A. OS X
• B. Unix
• C. Windows
• D. Linux

正解: C

 

質問 176
Which of the following describes the characteristics of a Boot Sector Virus?

• A. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.
• B. Overwrites the original MBR and only executes the new virus code.
• C. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.
• D. Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

正解: A

 

質問 177
What is a "Collision attack" in cryptography?

• A. Collision attacks try to get the public key.
• B. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key.
• C. Collision attacks try to find two inputs producing the same hash.
• D. Collision attacks try to break the hash into three parts to get the plaintext value.

正解: C

解説:
A Collision Attack is an attempt to find two input strings of a hash function that produce the same hash result.
References: https://learncryptography.com/hash-functions/hash-collision-attack

 

質問 178
Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

• A. RST scan
• B. FIN scan
• C. SYN scan
• D. ACK scan
• E. Connect scan

正解: E

 

質問 179
You are doing an internal security audit and intend to find out what ports are open on all the servers. What is the best way to find out?

• A. Telnet to every port on each server
• B. Physically go to each server
• C. Scan servers with Nmap
• D. Scan servers with MBSA

正解: C

 

質問 180
A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:

The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?

• A. Permit 217.77.88.12 11.12.13.50 RDP 3389
• B. Permit 217.77.88.12 11.12.13.0/24 RDP 3389
• C. Permit 217.77.88.0/24 11.12.13.0/24 RDP 3389
• D. Permit 217.77.88.0/24 11.12.13.50 RDP 3389

正解: A

 

質問 181
What type of vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?

• A. Cross-site request forgery
• B. Server side request forgery
• C. Cross-site scripting
• D. Session hijacking

正解: A

 

質問 182
Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?

• A. a virus scanner
• B. a port scanner
• C. a malware scanner
• D. a vulnerability scanner

正解: D

 

質問 183
Which of the following BEST describes how Address Resolution Protocol (ARP) works?

• A. It sends a request packet to all the network elements, asking for the domain name from a specific IP
• B. It sends a reply packet for a specific IP, asking for the MAC address
• C. It sends a request packet to all the network elements, asking for the MAC address from a specific IP
• D. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP

正解: C

 

質問 184
In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one
knows they sent the spam out to thousands of users at a time. Which of the following best describes what
spammers use to hide the origin of these types of e-mails?

• A. Tools that will reconfigure a mail server's relay component to send the e-mail back to the spammers
  occasionally.
• B. A blacklist of companies that have their mail server relays configured to allow traffic only to their
  specific domain name.
• C. Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers
  continuously.
• D. A blacklist of companies that have their mail server relays configured to be wide open.

正解: C

 

質問 185
An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

• A. Tailgating
• B. Reverse Social Engineering
• C. Piggybacking
• D. Announced

正解: A

 

質問 186
Password cracking programs reverse the hashing process to recover passwords. (True/False.)

• A. False
• B. True

正解: A

 

質問 187
Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.
If these switches' ARP cache is successfully flooded, what will be the result?

• A. The switches will drop into hub mode if the ARP cache is successfully flooded.
• B. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.
• C. The switches will route all traffic to the broadcast address created collisions.
• D. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

正解: A

 

質問 188
Why is a penetration test considered to be more thorough than vulnerability scan?

• A. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
• B. It is not - a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
• C. Vulnerability scans only do host discovery and port scanning by default.
• D. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

正解: A

 

質問 189
What is the role of test automation in security testing?

• A. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
• B. It is an option but it tends to be very expensive.
• C. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
• D. Test automation is not usable in security due to the complexity of the tests.

正解: A

 

質問 190
You have initiated an active operating system fingerprinting attempt with nmap against a target system:

What operating system is the target host running based on the open ports shown above?

• A. Windows 2000 Server
• B. Windows XP
• C. Windows 98 SE
• D. Windows NT4 Server

正解: A

 

質問 191
Name two software tools used for OS guessing? (Choose two.)

• A. Snadboy
• B. Nmap
• C. Queso
• D. UserInfo
• E. NetBus

正解: B,C

 

質問 192
What is the main disadvantage of the scripting languages as opposed to compiled programming languages?

• A. Scripting languages are slower because they require an interpreter to run the code.
• B. Scripting languages cannot be used to create graphical user interfaces.
• C. Scripting languages are hard to learn.
• D. Scripting languages are not object-oriented.

正解: A

 

質問 193
......

正真正銘のベスト資料312-50v10オンライン練習試験：https://www.goshiken.com/EC-COUNCIL/312-50v10-mondaishu.html

365日更新し続ける312-50v10最高の問題集はこちら：https://drive.google.com/open?id=11pNU7uLw7cj6sMkDo9rNffQog-H0XLBW