[2022年01月]更新のEC-COUNCIL 312-50v10問題集厳選された問題集でパスして、最短時間を目指そう [Q250-Q270]

[2022年01月]更新のEC-COUNCIL 312-50v10問題集厳選された問題集でパスして、最短時間を目指そう

EC-COUNCIL 312-50v10試験問題集で[2022年最新] 練習 高合格率な試験問題集問題

質問 250
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:

Which exploit is indicated by this script?

• A. A buffer overflow exploit
• B. A denial of service exploit
• C. A chained exploit
• D. A SQL injection exploit

正解: C

 

質問 251
In the OSI model, where does PPTP encryption take place?

• A. Transport layer
• B. Application layer
• C. Network layer
• D. Data link layer

正解: D

 

質問 252
A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below:
Access List should be written between VLANs.

Port security should be enabled for the intranet.

A security solution which filters data packets should be set between intranet (LAN) and DMZ.

A WAF should be used in front of the web applications.

According to the section from the report, which of the following choice is true?

• A. There is access control policy between VLANs.
• B. MAC Spoof attacks cannot be performed.
• C. A stateful firewall can be used between intranet (LAN) and DMZ.
• D. Possibility of SQL Injection attack is eliminated.

正解: C

 

質問 253
When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?

• A. Maskgen
• B. Dimitry
• C. Burpsuite
• D. Proxychains

正解: C

解説:
Explanation
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
References: https://portswigger.net/burp/

 

質問 254
Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?

• A. Service Oriented Architecture
• B. Lean Coding
• C. Object Oriented Architecture
• D. Agile Process

正解: A

解説:
Explanation
A service-oriented architecture (SOA) is an architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network.
References: https://en.wikipedia.org/wiki/Service-oriented_architecture

 

質問 255
Supposed you are the Chief Network Engineer of a certain Telco. Your company is planning for a big business expansion and it requires that your network authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol would you implement?

• A. DIAMETER
• B. RADIUS
• C. TACACS+
• D. Kerberos

正解: B

 

質問 256
Which regulation defines security and privacy controls for Federal information systems and organizations?

• A. HIPAA
• B. EU Safe Harbor
• C. NIST-800-53
• D. PCI-DSS

正解: C

解説:
Explanation/Reference:

 

質問 257
What is the best defense against privilege escalation vulnerability?

• A. Run services with least privileged accounts and implement multi-factor authentication and authorization.
• B. Patch systems regularly and upgrade interactive login privileges at the system administrator level.
• C. Review user roles and administrator privileges for maximum utilization of automation services.
• D. Run administrator and applications on least privileges and use a content registry for tracking.

正解: A

 

質問 258
A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites.
77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

• A. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system
• B. The packets were sent by a worm spoofing the IP addresses of 47 infected sites
• C. 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0
• D. All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number

正解: A

 

質問 259
It is a short-range wireless communication technology that allows mobile phones, computers and other devices to connect and communicate. This technology intends to replace cables connecting portable devices with high regards to security.

• A. WLAN
• B. InfraRed
• C. Bluetooth
• D. Radio-Frequency Identification

正解: C

 

質問 260
The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?

• A. Avoid
• B. Delegate
• C. Mitigate
• D. Accept

正解: B

 

質問 261
Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?

• A. She is using ftp to transfer the file to another hacker named John.
• B. She is using John the Ripper to view the contents of the file.
• C. She is using John the Ripper to crack the passwords in the secret.txt file.
• D. She is encrypting the file.

正解: C

 

質問 262
The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.
You also notice "/bin/sh" in the ASCII part of the output.
As an analyst what would you conclude about the attack?

• A. The attacker is attempting an exploit that launches a command-line shell
• B. The attacker is attempting a buffer overflow attack and has succeeded
• C. The buffer overflow attack has been neutralized by the IDS
• D. The attacker is creating a directory on the compromised machine

正解: A

 

質問 263
Your company was hired by a small healthcare provider to perform a technician assessment on the
network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

• A. Use a scan tool like Nessus
• B. Create a disk image of a clean Windows installation
• C. Use the built-in Windows Update tool
• D. Check MITRE.org for the latest list of CVE findings

正解: A

 

質問 264
You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

• A. Block the Blacklist IP's @ Firewall as well as Clean the Malware which are trying to Communicate with the External Blacklist IP's.
• B. Update the Latest Signatures on your IDS/IPS
• C. Clean the Malware which are trying to Communicate with the External Blacklist IP's
• D. Block the Blacklist IP's @ Firewall

正解: A

 

質問 265
Which of these options is the most secure procedure for storing backup tapes?

• A. Inside the data center for faster retrieval in a fireproof safe
• B. On a different floor in the same building
• C. In a climate controlled facility offsite
• D. In a cool dry environment

正解: C

 

質問 266
Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries.) More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
Basic example to understand how cryptography works is given below:

Which of the following choices is true about cryptography?

• A. Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way.
• B. Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext.
• C. Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.
• D. Algorithm is not the secret, key is the secret.

正解: A

 

質問 267

Identify the correct terminology that defines the above statement.

• A. Vulnerability Scanning
• B. Penetration Testing
• C. Security Policy Implementation
• D. Designing Network Security

正解: B

 

質問 268
You are the Network Admin, and you get a compliant that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.
What may be the problem?

• A. Traffic is Blocked on UDP Port 53
• B. Traffic is Blocked on UDP Port 80
• C. Traffic is Blocked on UDP Port 54
• D. Traffic is Blocked on UDP Port 80

正解: A

 

質問 269
A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.
What is the best security policy concerning this setup?

• A. The operator knows that attacks and down time are inevitable and should have a backup site.
• B. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.
• C. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.
• D. As long as the physical access to the network elements is restricted, there is no need for additional measures.

正解: B

 

質問 270
......

312-50v10試験問題集でPDF合格保証 成功は正確かつ更新された問題：https://www.goshiken.com/EC-COUNCIL/312-50v10-mondaishu.html

312-50v10問題集-[最新2022]EC-COUNCIL試験問題集を掴み取れ：https://drive.google.com/open?id=1CckMZ6IG4XsBeZKIvDwgNApc91XGldt9