312-50v11問題集PDFは最新 [2022年最新] 究極な学習ガイド [Q230-Q249]

Share

312-50v11問題集PDFは最新 [2022年最新] 究極な学習ガイド

312-50v11試験問題集PDFは更新された問題集でしかも合格保証付き


EC-COUNCIL 312-50v11 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Webサーバーのハッキング
  • スニッフィング
  • ネットワークのスキャン
トピック 2
  • マルウェアの脅威
  • SQLインジェクション
  • 列挙
トピック 3
  • Webアプリケーションのハッキング
  • 脆弱性分析
トピック 4
  • IDS、ファイアウォール、ハニーポットの回避
  • 暗号化
  • IoTハッキング
トピック 5
  • クラウドコンピューティング
  • フットプリントと偵察
トピック 6
  • サービス拒否
  • セッションハイジャック
  • システムハッキング

 

質問 230
You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?

  • A. filetype
  • B. inurl
  • C. ext
  • D. site

正解: A

解説:
Restrict results to those of a certain filetype. E.g., PDF, DOCX, TXT, PPT, etc. Note: The "ext:" operator can also be used-the results are identical.
Example: apple filetype:pdf / apple ext:pdf

 

質問 231
Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

  • A. OSPP
  • B. PPP
  • C. Time Keeper
  • D. NTP

正解: D

 

質問 232
Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the information, he successfully performed an attack on the target government organization without being traced.
Which of the following techniques is described in the above scenario?

  • A. Website footprinting
  • B. Dark web footprinting
  • C. VPN footprinting
  • D. VoIP footprinting

正解: C

 

質問 233
Which of the following provides a security professional with most information about the system's security posture?

  • A. Phishing, spamming, sending trojans
  • B. Wardriving, warchalking, social engineering
  • C. Social engineering, company site browsing tailgating
  • D. Port scanning, banner grabbing service identification

正解: D

 

質問 234
Which command can be used to show the current TCP/IP connections?

  • A. Netsh
  • B. Net use
  • C. Netstat
  • D. Net use connection

正解: A

 

質問 235
which of the following protocols can be used to secure an LDAP service against anonymous queries?

  • A. SSO
  • B. WPA
  • C. RADIUS
  • D. NTLM

正解: C

解説:
Remote Authentication Dial-In User Service (RADIUS) could be a networking protocols, in operation on ports 1812 and 1813, that gives centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS was developed by American Revolutionary leader Enterprises, Inc. in 1991 as an access server authentication and accounting protocol and later brought into the net Engineering Task Force (IETF) standards.
RADIUS could be a client/server protocol that runs within the application layer, and might use either protocol or UDP as transport. Network access servers, the gateways that management access to a network, sometimes contain a RADIUS consumer element that communicates with the RADIUS server . RADIUS is commonly the back-end of alternative for 802.1X authentication moreover.
The RADIUS server is sometimes a background method running on a UNIX system or Microsoft Windows server.

 

質問 236
Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture that scans newly generated pods and allocates a node to them. This component can also assign nodes based on factors such as the overall resource requirement, data locality, software/hardware/policy restrictions, and internal workload interventions.
Which of the following master components is explained in the above scenario?

  • A. Kube-scheduler
  • B. Kube-controller-manager
  • C. Kube-apiserver
  • D. Etcd cluster

正解: A

 

質問 237
When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

  • A. Reviewing the firewalls configuration
  • B. Data items and vulnerability scanning
  • C. Interviewing employees and network engineers
  • D. Source code review

正解: B

 

質問 238
Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company.
What is the social engineering technique Steve employed in the above scenario?

  • A. Honey trap
  • B. Piggybacking
  • C. Baiting
  • D. Diversion theft

正解: C

 

質問 239
Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after installing the app.
What is the attack performed on Don in the above scenario?

  • A. Agent Smith attack
  • B. SMS phishing attack
  • C. SIM card attack
  • D. Clickjacking

正解: A

 

質問 240
What does a firewall check to prevent particular ports and applications from getting packets into an organization?

  • A. Transport layer port numbers and application layer headers
  • B. Presentation layer headers and the session layer port numbers
  • C. Network layer headers and the session layer port numbers
  • D. Application layer port numbers and the transport layer headers

正解: A

 

質問 241
PGP, SSL, and IKE are all examples of which type of cryptography?

  • A. Secret Key
  • B. Hash Algorithm
  • C. Digest
  • D. Public Key

正解: D

 

質問 242
You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page.
What is the best Linux pipe to achieve your milestone?

  • A. dirb https://site.com | grep "site"
  • B. wget https://site.com | cut -d "http"
  • C. wget https://site.com | grep "<a href=\"http" | grep "site.com"
  • D. curl -s https://site.com | grep "<a href=\"http" | grep "site.com" | cut -d "\"" -f 2

正解: C

 

質問 243
Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP tailback or push APIs that are raised based on trigger events: when invoked, this feature supplies data to other applications so that users can instantly receive real-time Information.
Which of the following techniques is employed by Susan?

  • A. web shells
  • B. REST API
  • C. Webhooks
  • D. SOAP API

正解: C

解説:
Explanation
Webhooks are one of a few ways internet applications will communicate with one another.
It allows you to send real-time data from one application to another whenever a given event happens.
For example, let's say you've created an application using the Foursquare API that tracks when people check into your restaurant. You ideally wish to be able to greet customers by name and provide a complimentary drink when they check in.
What a webhook will is notify you any time someone checks in, therefore you'd be able to run any processes that you simply had in your application once this event is triggered.
The data is then sent over the web from the application wherever the event originally occurred, to the receiving application that handles the data.

Here's a visual representation of what that looks like:
A webhook url is provided by the receiving application, and acts as a phone number that the other application will call once an event happens.
Only it's more complicated than a phone number, because data about the event is shipped to the webhook url in either JSON or XML format. this is known as the "payload." Here's an example of what a webhook url looks like with the payload it's carrying:

 

質問 244
An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task?

  • A. Cisco ASA
  • B. Syhunt Hybrid
  • C. AlienVault®OSSIM™
  • D. Saleae Logic Analyzer

正解: B

 

質問 245
You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.
Dear valued customers,
We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

or you may contact us at the following address:
Media Internet Consultants, Edif. Neptuno, Planta
Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama
How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

  • A. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
  • B. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
  • C. Look at the website design, if it looks professional then it is a Real Anti-Virus website
  • D. Connect to the site using SSL, if you are successful then the website is genuine
  • E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

正解: A

 

質問 246
ViruXine.W32 virus hides their presence by changing the underlying executable code.
This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

Here is a section of the Virus code:

What is this technique called?

  • A. Polymorphic Virus
  • B. Stealth Virus
  • C. Dravidic Virus
  • D. Metamorphic Virus

正解: A

 

質問 247
Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario?

  • A. Dark web footprinting
  • B. VoIP footpnnting
  • C. VPN footprinting
  • D. website footprinting

正解: C

解説:
VoIP (Voice over Internet Protocol) is a web convention that permits the transmission of voice brings over the web. It does as such by changing over the ordinary telephone signals into advanced signs. Virtual Private Networks(VPN) give a protected association with an associations' organization. Along these lines, VoIP traffic can disregard a SSL-based VPN, successfully scrambling VoIP administrations.
When leading surveillance, in the underlying phases of VoIP footprinting, the accompanying freely accessible data can be normal:
All open ports and administrations of the gadgets associated with the VoIP organization The public VoIP worker IP address The working arrangement of the worker running VoIP The organization framework

 

質問 248
This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-2S6. MMAC-SHA384, and ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol?

  • A. WPA2-Enterprise
  • B. WPA3-Enterprise
  • C. WPA2 Personal
  • D. WPA3-Personal

正解: B

解説:
Enterprise, governments, and financial institutions have greater security with WPA3-Enterprise. WPA3-Enterprise builds upon WPA2 and ensures the consistent application of security protocol across the network. WPA3-Enterprise also offers an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to raised protect sensitive data: * Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256) * Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384) * Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) employing a 384-bit elliptic curve * Robust management frame protection: 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256) The 192-bit security mode offered by WPA3-Enterprise ensures the proper combination of cryptographic tools are used and sets a uniform baseline of security within a WPA3 network.

 

質問 249
......

あなたを合格させるEC-COUNCIL試験には312-50v11試験問題集:https://www.passtest.jp/EC-COUNCIL/312-50v11-shiken.html

312-50v11試験問題集でEC-COUNCIL練習テスト問題:https://drive.google.com/open?id=1hwZdw5jV0wWhrEeUEaRvM_MAAr7Wr8-c