試験問題集で312-50v13練習で無料最新のECCouncil練習テスト
312-50v13試験問題、リアル312-50v13練習問題集
質問 # 161
Kate dropped her phone and subsequently encountered an issue with the phone's internal speaker. Thus, she is using the phone's loudspeaker for phone calls and other activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits the hardware of Kate's phone so that he can monitor the loudspeaker's output from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy. What is the type of attack Bob performed on Kate in the above scenario?
- A. SIM card attack
- B. aLTEr attack
- C. Spearphone attack
- D. Man-in-the-disk attack
正解:C
質問 # 162
what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?
- A. idq.dll
- B. httpd.conf
- C. php.ini
- D. administration.config
正解:C
解説:
The php.ini file may be a special file for PHP. it's where you declare changes to your PHP settings. The server is already configured with standard settings for PHP, which your site will use by default. Unless you would like to vary one or more settings, there's no got to create or modify a php.ini file. If you'd wish to make any changes to settings, please do so through the MultiPHP INI Editor.
質問 # 163
From the following table, identify the wrong answer in terms of Range (ft).
Standard Range (ft)
802.11a 150-150
802.11b 150-150
802.11g 150-150
802.16 (WiMax) 30 miles
- A. 802.11b
- B. 802.11a
- C. 802.11g
- D. 802.16 (WiMax)
正解:D
質問 # 164
Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system.
Which TCP and UDP ports must you filter to check null sessions on your network?
- A. 137 and 139
- B. 137 and 443
- C. 139 and 445
- D. 139 and 443
正解:C
質問 # 165
Which among the following is the best example of the third step (delivery) in the cyber kill chain?
- A. An intruder's malware is installed on a target's machine.
- B. An intruder's malware is triggered when a target opens a malicious email attachment.
- C. An intruder sends a malicious attachment via email to a target.
- D. An intruder creates malware to be used as a malicious attachment to an email.
正解:C
質問 # 166
in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?
- A. Chop chop attack
- B. Wardriving
- C. Evil twin
- D. KRACK
正解:D
解説:
In this attack KRACK is an acronym for Key Reinstallation Attack. KRACK may be a severe replay attack on Wi-Fi Protected Access protocol (WPA2), which secures your Wi-Fi connection. Hackers use KRACK to take advantage of a vulnerability in WPA2. When in close range of a possible victim, attackers can access and skim encrypted data using KRACK.
How KRACK WorksYour Wi-Fi client uses a four-way handshake when attempting to attach to a protected network. The handshake confirms that both the client - your smartphone, laptop, et cetera - and therefore the access point share the right credentials, usually a password for the network. This establishes the Pairwise passkey (PMK), which allows for encoding .Overall, this handshake procedure allows for quick logins and connections and sets up a replacement encryption key with each connection. this is often what keeps data secure on Wi-Fi connections, and every one protected Wi-Fi connections use the four-way handshake for security. This protocol is that the reason users are encouraged to use private or credential-protected Wi-Fi instead of public connections.KRACK affects the third step of the handshake, allowing the attacker to control and replay the WPA2 encryption key to trick it into installing a key already in use. When the key's reinstalled, other parameters related to it - the incremental transmit packet number called the nonce and therefore the replay counter - are set to their original values.Rather than move to the fourth step within the four-way handshake, nonce resets still replay transmissions of the third step. This sets up the encryption protocol for attack, and counting on how the attackers replay the third-step transmissions, they will take down Wi-Fi security.
Why KRACK may be a ThreatThink of all the devices you employ that believe Wi-Fi. it isn't almost laptops and smartphones; numerous smart devices now structure the web of Things (IoT). due to the vulnerability in WPA2, everything connected to Wi-Fi is in danger of being hacked or hijacked.Attackers using KRACK can gain access to usernames and passwords also as data stored on devices. Hackers can read emails and consider photos of transmitted data then use that information to blackmail users or sell it on the Dark Web.Theft of stored data requires more steps, like an HTTP content injection to load malware into the system. Hackers could conceivably take hold of any device used thereon Wi-Fi connection. Because the attacks require hackers to be on the brink of the target, these internet security threats could also cause physical security threats.On the opposite hand, the necessity to be in close proximity is that the only excellent news associated with KRACK, as meaning a widespread attack would be extremely difficult.Victims are specifically targeted. However, there are concerns that a experienced attacker could develop the talents to use HTTP content injection to load malware onto websites to make a more widespread affect.
Everyone is in danger from KRACK vulnerability. Patches are available for Windows and iOS devices, but a released patch for Android devices is currently in question (November 2017). There are issues with the discharge , and lots of question if all versions and devices are covered.The real problem is with routers and IoT devices. These devices aren't updated as regularly as computer operating systems, and for several devices, security flaws got to be addressed on the manufacturing side. New devices should address KRACK, but the devices you have already got in your home probably aren't protected.
The best protection against KRACK is to make sure any device connected to Wi-Fi is patched and updated with the newest firmware. that has checking together with your router's manufacturer periodically to ascertain if patches are available.
The safest connection option may be a private VPN, especially when publicly spaces. If you would like a VPN for private use, avoid free options, as they need their own security problems and there'll even be issues with HTTPs. Use a paid service offered by a trusted vendor like Kaspersky. Also, more modern networks use WPA3 for better security.Avoid using public Wi-Fi, albeit it's password protection. That password is out there to almost anyone, which reduces the safety level considerably.All the widespread implications of KRACK and therefore the WPA2 vulnerability aren't yet clear. what's certain is that everybody who uses Wi- Fi is in danger and wishes to require precautions to guard their data and devices.
質問 # 167
Harper, a software engineer, is developing an email application. To ensure the confidentiality of email messages. Harper uses a symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size of 64 bits for encryption, which includes large 8 x 32-bit S-boxes (S1, S2, S3, S4) based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. This cipher also uses a masking key(Km1)and a rotation key (Kr1) for performing its functions. What is the algorithm employed by Harper to secure the email messages?
- A. GOST block cipher
- B. CAST-128
- C. DES
- D. AES
正解:B
質問 # 168
Scenario1:
1.Victim opens the attacker's web site.
2.Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make
$1000 in a day?'.
3.Victim clicks to the interesting and attractive content URL.
4.Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?
- A. HTML Injection
- B. HTTP Parameter Pollution
- C. Clickjacking Attack
- D. Session Fixation
正解:C
解説:
https://en.wikipedia.org/wiki/Clickjacking
Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.
Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they are clicking the visible page but in fact they are clicking an invisible element in the additional page transposed on top of it.
質問 # 169
Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?
- A. Medium
- B. High
- C. Low
- D. Critical
正解:A
解説:
Rating CVSS Score
None 0.0
Low 0.1 - 3.9
Medium 4.0 - 6.9
High 7.0 - 8.9
Critical 9.0 - 10.0
https://www.first.org/cvss/v3.0/specification-document
The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base metrics produce a score ranging from 0 to 10, which can then be modified by scoring the Temporal and Environmental metrics. A CVSS score is also represented as a vector string, a compressed textual representation of the values used to derive the score. Thus, CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability severity scores. Two common uses of CVSS are calculating the severity of vulnerabilities discovered on one's systems and as a factor in prioritization of vulnerability remediation activities. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities.
Qualitative Severity Rating Scale
For some purposes, it is useful to have a textual representation of the numeric Base, Temporal and Environmental scores.
Table Description automatically generated
質問 # 170
You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23.
Which of the following IP addresses could be teased as a result of the new configuration?
- A. 10.1.5.200
- B. 10.1.4.254
- C. 10.1.4.156
- D. 210.1.55.200
正解:A
解説:
https://en.wikipedia.org/wiki/Subnetwork
As we can see, we have an IP address of 10.1.4.0 with a subnet mask of /23. According to the question, we need to determine which IP address will be included in the range of the last 100 IP addresses.
The available addresses for hosts start with 10.1.4.1 and end with 10.1.5.254. Now you can clearly see that the last 100 addresses include the address 10.1.5.200.
質問 # 171
In the process of implementing a network vulnerability assessment strategy for a tech company, the security analyst is confronted with the following scenarios:
1) A legacy application is discovered on the network, which no longer receives updates from the vendor.
2) Several systems in the network are found running outdated versions of web browsers prone to distributed attacks.
3) The network firewall has been configured using default settings and passwords.
4) Certain TCP/IP protocols used in the organization are inherently insecure.
The security analyst decides to use vulnerability scanning software. Which of the following limitations of vulnerability assessment should the analyst be most cautious about in this context?
- A. Vulnerability scanning software is limited in its ability to perform live tests on web applications to detect errors or unexpected behavior
- B. Vulnerability scanning software is limited in its ability to detect vulnerabilities at a given point in time
- C. Vulnerability scanning software cannot define the impact of an identified vulnerability on different business operations
- D. Vulnerability scanning software is not immune to software engineering flaws that might lead to serious vulnerabilities being missed
正解:D
解説:
Vulnerability scanning software is a tool that can help security analysts identify and prioritize known vulnerabilities in their systems and applications. However, it is not a perfect solution and has some limitations that need to be considered. One of the most critical limitations is that vulnerability scanning software is not immune to software engineering flaws that might lead to serious vulnerabilities being missed. This means that the software itself might have bugs, errors, or oversights that could affect its accuracy, reliability, or performance. For example, the software might:
* Fail to detect some vulnerabilities due to incomplete or outdated databases, incorrect signatures, or insufficient coverage of the target system or application.
* Produce false positives or false negatives due to misinterpretation of the scan results, incorrect configuration, or lack of context or validation.
* Cause unintended consequences or damage to the target system or application due to intrusive or aggressive scanning techniques, such as exploiting vulnerabilities, modifying data, or crashing services.
* Be vulnerable to attacks or compromise by malicious actors who could exploit its weaknesses, tamper with its functionality, or steal its data.
Therefore, the security analyst should be most cautious about this limitation of vulnerability scanning software, as it could lead to a false sense of security, missed opportunities for remediation, or increased exposure to threats. The security analyst should always verify the scan results, use multiple tools and methods, and update and patch the software regularly to mitigate this risk.
References:
* [CEHv12 Module 03: Vulnerability Analysis]
* 7 limitations of vulnerability scanners
* The pros and cons of vulnerability scanning tools
質問 # 172
A large enterprise has been experiencing sporadic system crashes and instability, resulting in limited access to its web services. The security team suspects it could be a result of a Denial of Service (DoS) attack. A significant increase in traffic was noticed in the network logs, with patterns suggesting packet sizes exceeding the prescribed size limit. Which among the following DoS attack techniques best describes this scenario?
- A. Ping of Death attack
- B. Smurf attack
- C. UDP flood attack
- D. Pulse wave attack
正解:A
解説:
A Ping of Death attack is a type of DoS attack that exploits a vulnerability in the IP protocol that allows packets to be fragmented and reassembled at the destination. The attacker sends a malformed packet that exceeds the maximum size of 65,535 bytes, which causes the target system to crash or become unstable when it tries to reassemble the packet. This attack can affect various operating systems and devices, such as routers, switches, and firewalls. A Ping of Death attack can be detected by monitoring the network traffic for unusually large packets or ICMP messages. References:
* Ping of Death (PoD) Attack
* Denial-of-Service Attacks: History, Techniques & Prevention
* What is a denial-of-service (DoS) attack?
質問 # 173
The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.
You also notice "/bin/sh" in the ASCII part of the output.
As an analyst what would you conclude about the attack?
- A. The attacker is creating a directory on the compromised machine
- B. The attacker is attempting an exploit that launches a command-line shell
- C. The buffer overflow attack has been neutralized by the IDS
- D. The attacker is attempting a buffer overflow attack and has succeeded
正解:B
質問 # 174
The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?
- A. SYN
- B. RST
- C. ACK
- D. SYN-ACK
正解:A
質問 # 175
Which definition among those given below best describes a covert channel?
- A. It is one of the weak channels used by WEP which makes it insecure
- B. Making use of a protocol in a way it is not intended to be used.
- C. It is the multiplexing taking place on a communication link.
- D. A server program using a port that is not well known.
正解:B
質問 # 176
......
確認済み312-50v13試験問題集と解答で時間限定無料提供!312-50v13には正解付き:https://www.passtest.jp/ECCouncil/312-50v13-shiken.html
あなたを合格させる312-50v13無料問題集最新のECCouncil練習テスト:https://drive.google.com/open?id=1HClNKXdA1csNCqaBWvpOTrHU37Dq8ZEf