[2025年02月] 合格させるECCouncil 312-50v13テストエンジンPDFで完全版無料問題集
Certified Ethical Hacker Exam (CEHv13)練習テスト2025年最新の312-50v13ストレスなしで合格!
質問 # 172
Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario?
- A. CxSAST
- B. Wireshark
- C. Burp Suite
- D. Nmap
正解:C
質問 # 173
Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario?
- A. Agent Smith attack
- B. SIM card attack
- C. Clickjacking
- D. SMS phishing attack
正解:A
解説:
Agent Smith Attack
Agent Smith attacks are carried out by luring victims into downloading and installing malicious apps designed and published by attackers in the form of games, photo editors, or other attractive tools from third-party app stores such as 9Apps. Once the user has installed the app, the core malicious code inside the application infects or replaces the legitimate apps in the victim's mobile device C&C commands. The deceptive application replaces legitimate apps such as WhatsApp, SHAREit, and MX Player with similar infected versions. The application sometimes also appears to be an authentic Google product such as Google Updater or Themes. The attacker then produces a massive volume of irrelevant and fraudulent advertisements on the victim's device through the infected app for financial gain. Attackers exploit these apps to steal critical information such as personal information, credentials, and bank details, from the victim's mobile device through C&C commands.
質問 # 174
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?
- A. Netstumbler
- B. Kismet
- C. Nessus
- D. Abel
正解:B
解説:
https://en.wikipedia.org/wiki/Kismet_(software)
Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11 g, and 802.11n traffic.
質問 # 175
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?
- A. Union-based SQL injection
- B. NoSQL injection
- C. Error-based SQL injection
- D. Blind SQL injection
正解:D
質問 # 176
Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?
- A. SFTP
- B. Ipsec
- C. SSL
- D. FTPS
正解:B
解説:
https://en.wikipedia.org/wiki/IPsec
Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).
IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to use during the session. IPsec can protect data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec uses cryptographic security services to protect communications over Internet Protocol (IP) networks. It supports network-level peer authentication, data-origin authentication, data integrity, data confidentiality (encryption), and replay protection.
The initial IPv4 suite was developed with few security provisions. As a part of the IPv4 enhancement, IPsec is a layer 3 OSI model or internet layer end-to-end security scheme. In contrast, while some other Internet security systems in widespread use operate above layer 3, such as Transport Layer Security (TLS) that operates at the Transport Layer and Secure Shell (SSH) that operates at the Application layer, IPsec can automatically secure applications at the IP layer.
質問 # 177
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?
- A. Presentation
- B. Session
- C. Transport
- D. Application
正解:A
解説:
https://en.wikipedia.org/wiki/Presentation_layer
In the seven-layer OSI model of computer networking, the presentation layer is layer 6 and serves as the data translator for the network. It is sometimes called the syntax layer. The presentation layer is responsible for the formatting and delivery of information to the application layer for further processing or display.
Encryption is typically done at this level too, although it can be done on the application, session, transport, or network layers, each having its own advantages and disadvantages. Decryption is also handled at the presentation layer. For example, when logging on to bank account sites the presentation layer will decrypt the data as it is received.
質問 # 178
You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The time complexity of generating an RSA key pair is O(n*2), and AES encryption has a time complexity of O(n).
An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption.
Given *n=4000' and variable 'AES key size', which scenario is likely to provide the best balance of security and performance?
- A. AES key size=192 bits: This configuration is a balance between options A and B, providing moderate security and performance.
- B. AES key size=256 bits: This configuration provides a high level of security, but RSA key generation may be slow.
- C. AES key size=128 bits: This configuration provides less security than option A, but RSA key generation and AES encryption will be faster.
- D. AES key size=512 bits: This configuration provides the highest level of security but at a significant performance cost due to the large AES key size.
正解:C
解説:
A hybrid encryption system is a system that combines the advantages of both asymmetric and symmetric encryption algorithms. Asymmetric encryption, such as RSA, uses a pair of keys: a public key and a private key, which are mathematically related but not identical. Asymmetric encryption can provide key exchange, authentication, and non-repudiation, but it is slower and less efficient than symmetric encryption. Symmetric encryption, such as AES, uses a single key to encrypt and decrypt data. Symmetric encryption is faster and more efficient than asymmetric encryption, but it requires a secure way to share the key.
In a hybrid encryption system, RSA encryption is used for key exchange, and AES encryption is used for data encryption. This way, the system can benefit from the security of RSA and the speed of AES. However, the system also depends on the key sizes of both algorithms, which affect the security and performance of the system.
The key size of RSA encryption determines the number of bits in the public and private keys. The larger the key size, the more secure the encryption, but also the slower the key generation and encryption/decryption processes. The time complexity of generating an RSA key pair is O(n*2), where n is the key size in bits. This means that the time required to generate an RSA key pair increases quadratically with the key size. For example, if it takes 1 second to generate a 1024-bit RSA key pair, it will take 4 seconds to generate a 2048-bit RSA key pair, and 16 seconds to generate a 4096-bit RSA key pair.
The key size of AES encryption determines the number of bits in the symmetric key. The larger the key size, the more secure the encryption, but also the more rounds of encryption/decryption are needed. The time complexity of AES encryption is O(n), where n is the key size in bits. This means that the time required to encrypt/decrypt data increases linearly with the key size. For example, if it takes 1 second to encrypt/decrypt data with a 128-bit AES key, it will take 2 seconds to encrypt/decrypt data with a 256-bit AES key, and 4 seconds to encrypt/decrypt data with a 512-bit AES key.
An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption.
This means that the time required to break RSA encryption decreases exponentially with the key size. For example, if it takes 1 second to break a 1024-bit RSA encryption, it will take 0.25 seconds to break a 2048-bit RSA encryption, and 0.0625 seconds to break a 4096-bit RSA encryption. This makes RSA encryption vulnerable to quantum attacks, unless the key size is very large.
Given n=4000 and variable AES key size, the scenario that is likely to provide the best balance of security and performance is C. AES key size=192 bits. This configuration is a compromise between options A and B, providing moderate security and performance. Option A, AES key size=128 bits, provides less security than option C, but RSA key generation and AES encryption will be faster. Option B, AES key size=256 bits, provides more security than option C, but RSA key generation may be slow. Option D, AES key size=512 bits, provides the highest level of security, but at a significant performance cost due to the large AES key size.
References:
* Hybrid cryptosystem - Wikipedia
* RSA (cryptosystem) - Wikipedia
* Advanced Encryption Standard - Wikipedia
* Quantum computing and cryptography - Wikipedia
質問 # 179
As a budding cybersecurity enthusiast, you have set up a small lab at home to learn more about wireless network security. While experimenting with your home Wi-Fi network, you decide to use a well-known hacking tool to capture network traffic and attempt to crack the Wi-Fi password. However, despite many attempts, you have been unsuccessful. Your home Wi-Fi network uses WPA2 Personal with AES encryption.
Why are you finding it difficult to crack the Wi-Fi password?
- A. The network is using MAC address filtering.
- B. Your hacking tool is outdated
- C. The network is using an uncrackable encryption method
- D. The Wi-Fi password is too complex and long
正解:C
解説:
The network is using an uncrackable encryption method, which makes it difficult to crack the Wi-Fi password. WPA2 Personal with AES encryption is the strongest form of security offered by Wi-Fi devices at the moment, and it should be used for all purposes. AES stands for Advanced Encryption Standard, and it is a symmetric-key algorithm that uses a 128-bit, 192-bit, or 256-bit key to encrypt and decrypt data. AES is considered to be uncrackable by brute force attacks, as it would take an impractical amount of time and computational power to try all possible key combinations12. Therefore, unless you have access to the Wi-Fi password or the encryption key, you will not be able to decrypt the network traffic and crack the password.
The other options are not correct for the following reasons:
* A. The Wi-Fi password is too complex and long: This option is not relevant because the Wi-Fi password is not directly used to encrypt the network traffic. Instead, the password is used to generate a Pre-Shared Key (PSK), which is then used to derive a Pairwise Master Key (PMK), which is then used to derive a Pairwise Transient Key (PTK), which is then used to encrypt the data. Therefore, the complexity and length of the password do not affect the encryption strength, as long as the password is not easily guessed or leaked34.
* B. Your hacking tool is outdated: This option is not plausible because even if your hacking tool is outdated, it would not affect your ability to capture the network traffic and attempt to crack the password. The hacking tool may not support the latest Wi-Fi standards or protocols, but it should still be able to capture the raw data packets and save them in a file. The cracking process would depend on the encryption algorithm and the key, not on the hacking tool.
* D. The network is using MAC address filtering: This option is not feasible because MAC address filtering is a technique that restricts network access and communication to trusted devices based on their MAC addresses, which are unique identifiers assigned to network interfaces. MAC address filtering can prevent unauthorized devices from joining the network, but it cannot prevent authorized devices from capturing the network traffic. Moreover, MAC address filtering can be easily bypassed by spoofing the MAC address of an allowed device56.
References:
* 1: What is AES Encryption and How Does it Work? | Kaspersky
* 2: AES Encryption: Everything You Need to Know | Comparitech
* 3: How Does WPA2 Work? | Techwalla
* 4: How Does WPA2 Encryption Work? | Security Boulevard
* 5: What is MAC Address Filtering? | Definition, Types & Examples - Fortinet
* 6: How to Bypass MAC Address Filtering on Wireless Networks - Null Byte :: WonderHowTo
質問 # 180
Ron, a security professional, was pen testing web applications and SaaS platforms used by his company.
While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company. What is the API vulnerability revealed in the above scenario?
- A. Business logic flaws
- B. Code injections
- C. No ABAC validation
- D. Improper use of CORS
正解:C
質問 # 181
in the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?
- A. 40-6.0
- B. 4.0-6.9
- C. 3.0-6.9
- D. 3.9-6.9
正解:B
解説:
質問 # 182
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
- A. Web site defacement vulnerability
- B. Gross-site Request Forgery vulnerability
- C. SQL injection vulnerability
- D. Cross-site scripting vulnerability
正解:D
解説:
There is no single, standardized classification of cross-site scripting flaws, but most experts distinguish between at least two primary flavors of XSS flaws: non-persistent and persistent. In this issue, we consider the non-persistent cross-site scripting vulnerability.
The non-persistent (or reflected) cross-site scripting vulnerability is by far the most basic type of web vulnerability. These holes show up when the data provided by a web client, most commonly in HTTP query parameters (e.g. HTML form submission), is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the content.
Because HTML documents have a flat, serial structure that mixes control statements, formatting, and the actual content, any non-validated user-supplied data included in the resulting page without proper HTML encoding, may lead to markup injection. A classic example of a potential vector is a site search engine: if one searches for a string, the search string will typically be redisplayed verbatim on the result page to indicate what was searched for. If this response does not properly escape or reject HTML control characters, a cross- site scripting flaw will ensue.
質問 # 183
Fingerprinting an Operating System helps a cracker because:
- A. It doesn't depend on the patches that have been applied to fix existing security holes
- B. It informs the cracker of which vulnerabilities he may be able to exploit on your system
- C. It defines exactly what software you have installed
- D. It opens a security-delayed window based on the port being scanned
正解:B
質問 # 184
You are a cybersecurity consultant for a healthcare organization that utilizes Internet of Medical Things (loMT) devices, such as connected insulin pumps and heart rate monitors, to provide improved patientcare.
Recently, the organization has been targeted by ransomware attacks. While the IT infrastructure was unaffected due to robust security measures, they are worried that the loMT devices could be potential entry points for future attacks. What would be your main recommendation to protect these devices from such threats?
- A. Implement multi-factor authentication for all loMT devices.
- B. Regularly change the IP addresses of all loMT devices.
- C. Disable all wireless connectivity on loMT devices.
- D. Use network segmentation to isolate loMT devices from the main network.
正解:D
解説:
Internet of Medical Things (IoMT) devices are internet-connected medical devices that can collect, transfer, and analyze data over a network. They can provide improved patient care and comfort, but they also pose security challenges and risks, as they can be targeted by cyberattacks, such as ransomware, that can compromise their functionality, integrity, or confidentiality. Ransomware is a type of malware that encrypts the victim's data or system and demands a ransom for its decryption or restoration. Ransomware attacks can cause serious harm to healthcare organizations, as they can disrupt their operations, endanger their patients, and damage their reputation.
To protect IoMT devices from ransomware attacks, the main recommendation is to use network segmentation to isolate IoMT devices from the main network. Network segmentation is a technique that divides a network into smaller subnetworks, each with its own security policies and controls. Network segmentation can prevent or limit the spread of ransomware from one subnetwork to another, as it restricts the communication and access between them. Network segmentation can also improve the performance, visibility, and manageability of the network, as it reduces the network congestion, complexity, and noise.
The other options are not as effective or feasible as network segmentation. Implementing multi-factor authentication for all IoMT devices may not be possible or practical, as some IoMT devices may not support or require user authentication, such as sensors or monitors. Disabling all wireless connectivity on IoMT devices may not be desirable or realistic, as some IoMT devices rely on wireless communication protocols, such as Wi-Fi, Bluetooth, or Zigbee, to function or transmit data. Regularly changing the IP addresses of all IoMT devices may not prevent or deter ransomware attacks, as ransomware can target devices based on other factors, such as their domain names, MAC addresses, or vulnerabilities. References:
* What Is Internet of Medical Things (IoMT) Security?
* 5 Steps to Secure Internet of Medical Things Devices
* Ransomware in Healthcare: How to Protect Your Organization
* [Network Segmentation: Definition, Benefits, and Best Practices]
質問 # 185
What did the following commands determine?
- A. These commands demonstrate that the guest account has been disabled
- B. That the Joe account has a SID of 500
- C. Issued alone, these commands prove nothing
- D. That the true administrator is Joe
- E. These commands demonstrate that the guest account has NOT been disabled
正解:D
質問 # 186
Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?
- A. Brute force attack
- B. Backdoor
- C. False-positive
- D. False-negative
正解:C
解説:
https://www.infocyte.com/blog/2019/02/16/cybersecurity-101-what-you-need-to-know-about-false-positives- and-false-negatives/ False positives are mislabeled security alerts, indicating there is a threat when in actuality, there isn't. These false/non-malicious alerts (SIEM events) increase noise for already over-worked security teams and can include software bugs, poorly written software, or unrecognized network traffic.
False negatives are uncaught cyber threats - overlooked by security tooling because they're dormant, highly sophisticated (i.e. file-less or capable of lateral movement) or the security infrastructure in place lacks the technological ability to detect these attacks.
質問 # 187
Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.
Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.
In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)
- A. Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.
- B. Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.
- C. Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.
- D. Hire more computer security monitoring personnel to monitor computer systems and networks.
正解:A
質問 # 188
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?
- A. Tailgating
- B. Social engineering
- C. Piggybacking
- D. Eavesdropping
正解:B
解説:
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
Social engineering attacks typically involve some form of psychological manipulation, fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data. Commonly, social engineering involves email or other communication that invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file. Because social engineering involves a human element, preventing these attacks can be tricky for enterprises.
質問 # 189
Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks. What is the countermeasure Mike applied to defend against jamming and scrambling attacks?
- A. Allow the transmission of all types of addressed packets at the ISP level
- B. Allow the usage of functions such as gets and strcpy
- C. Implement cognitive radios in the physical layer
- D. A Disable TCP SYN cookie protection
正解:C
解説:
https://ieeexplore.ieee.org/document/5567385
質問 # 190
Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network.
What is the type of vulnerability assessment that Jude performed on the organization?
- A. Host-based assessment
- B. Application assessment
- C. Passive assessment
- D. External assessment
正解:D
解説:
Types of Vulnerability Assessment - External Assessment External assessment examines the network from a hacker's point of view to identify exploits and vulnerabilities accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks from outside the organization. It determines the level of security of the external network and firewall. (P.527/511) External assessment examines the network from a hacker's point of view to identify exploits and vulnerabilities accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks from outside the organization. It determines the level of security of the external network and firewall.
The following are some of the possible steps in performing an external assessment:
o Determine a set of rules for firewall and router configurations for the external network o Check whether the external server devices and network devices are mapped o Identify open ports and related services on the external network o Examine the patch levels on the server and external network devices o Review detection systems such as IDS, firewalls, and application-layer protection systems o Get information on DNS zones o Scan the external network through a variety of proprietary tools available on the Internet o Examine Web applications such as e-commerce and shopping cart software for vulnerabilities
質問 # 191
To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.
Which technique is discussed here?
- A. Permutation scanning technique
- B. Hit-list-scanning technique
- C. Topological scanning technique
- D. Subnet scanning technique
正解:B
解説:
One of the biggest problems a worm faces in achieving a very fast rate of infection is "getting off the ground." although a worm spreads exponentially throughout the early stages of infection, the time needed to infect say the first 10,000 hosts dominates the infection time.
There is a straightforward way for an active worm a simple this obstacle, that we term hit-list scanning.
Before the worm is free, the worm author collects a listing of say ten,000 to 50,000 potentially vulnerable machines, ideally ones with sensible network connections. The worm, when released onto an initial machine on this hit-list, begins scanning down the list. once it infects a machine, it divides the hit-list in half, communicating half to the recipient worm, keeping the other half.
This fast division ensures that even if only 10-20% of the machines on the hit-list are actually vulnerable, an active worm can quickly bear the hit-list and establish itself on all vulnerable machines in only some seconds.
though the hit-list could begin at 200 kilobytes, it quickly shrinks to nothing during the partitioning. This provides a great benefit in constructing a quick worm by speeding the initial infection.
The hit-list needn't be perfect: a simple list of machines running a selected server sort could serve, though larger accuracy can improve the unfold. The hit-list itself is generated victimization one or many of the following techniques, ready well before, typically with very little concern of detection.
* Stealthy scans. Portscans are so common and then wide ignored that even a quick scan of the whole net would be unlikely to attract law enforcement attention or over gentle comment within the incident response community. However, for attackers wish to be particularly careful, a randomised sneaky scan taking many months would be not possible to attract much attention, as most intrusion detection systems are not currently capable of detecting such low-profile scans. Some portion of the scan would be out of date by the time it had been used, however abundant of it'd not.
* Distributed scanning. an assailant might scan the web using a few dozen to some thousand already- compromised "zombies," the same as what DDOS attackers assemble in a very fairly routine fashion.
Such distributed scanning has already been seen within the wild-Lawrence Berkeley National Laboratory received ten throughout the past year.
* DNS searches. Assemble a list of domains (for example, by using wide offered spam mail lists, or trolling the address registries). The DNS will then be searched for the science addresses of mail-servers (via mx records) or net servers (by looking for www.domain.com).
* Spiders. For net server worms (like Code Red), use Web-crawling techniques the same as search engines so as to produce a list of most Internet-connected web sites. this would be unlikely to draw in serious attention.
* Public surveys. for many potential targets there may be surveys available listing them, like the Netcraft survey.
* Just listen. Some applications, like peer-to-peer networks, wind up advertising many of their servers.
Similarly, many previous worms effectively broadcast that the infected machine is vulnerable to further attack. easy, because of its widespread scanning, during the Code Red I infection it was easy to select up the addresses of upwards of 300,000 vulnerable IIS servers-because each came knock on everyone's door!
質問 # 192
Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.
A camera captures people walking and identifies the individuals using Steve's approach.
After that, people must approximate their RFID badges. Both the identifications are required to open the door.
In this case, we can say:
- A. Although the approach has two phases, it actually implements just one authentication factor
- B. The solution will have a high level of false positives
- C. Biological motion cannot be used to identify people
- D. The solution implements the two authentication factors: physical object and physical characteristic
正解:D
質問 # 193
Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?
- A. UDP hijacking
- B. Blind hijacking
- C. TCP/IP hacking
- D. Forbidden attack
正解:C
解説:
A TCP/IP hijack is an attack that spoofs a server into thinking it's talking with a sound client, once actually it' s communication with an assaulter that has condemned (or hijacked) the tcp session. Assume that the client has administrator-level privileges, which the attacker needs to steal that authority so as to form a brand new account with root-level access of the server to be used afterward. A tcp Hijacking is sort of a two-phased man- in-the-middle attack. The man-in-the-middle assaulter lurks within the circuit between a shopper and a server so as to work out what port and sequence numbers are being employed for the conversation.
First, the attacker knocks out the client with an attack, like Ping of Death, or ties it up with some reasonably ICMP storm. This renders the client unable to transmit any packets to the server. Then, with the client crashed, the attacker assumes the client's identity so as to talk with the server. By this suggests, the attacker gains administrator-level access to the server.
One of the most effective means of preventing a hijack attack is to want a secret, that's a shared secret between the shopper and also the server. looking on the strength of security desired, the key may be used for random exchanges. this is often once a client and server periodically challenge each other, or it will occur with each exchange, like Kerberos.
質問 # 194
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses.
What is the tool used by Hailey for gathering a list of words from the target website?
- A. Shadowsocks
- B. Orbot
- C. CeWL
- D. Psiphon
正解:C
解説:
Gathering Wordlist from the Target Website An attacker uses the CeWL tool to gather a list of words from the target website and perform a brute-force attack on the email addresses gathered earlier. # Cewl www.
certifiedhacker.com (P.200/184)
質問 # 195
Which among the following is the best example of the hacking concept called "clearing tracks"?
- A. An attacker gains access to a server through an exploitable vulnerability.
- B. During a cyberattack, a hacker corrupts the event logs on all machines.
- C. During a cyberattack, a hacker injects a rootkit into a server.
- D. After a system is breached, a hacker creates a backdoor to allow re-entry into a system.
正解:B
質問 # 196
You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:
- A. wtmp
- B. auth.fesg
- C. user.log
- D. btmp
正解:A
質問 # 197
......
時間限定!今すぐ無料アクセス312-50v13練習試験用問題:https://drive.google.com/open?id=1HClNKXdA1csNCqaBWvpOTrHU37Dq8ZEf
オンライン試験練習テストと詳細な解説付き!:https://www.passtest.jp/ECCouncil/312-50v13-shiken.html