あなたの312-50v10試験100%合格問題集はここFast2testで一発合格
突破上級者がシミュレーションされた312-50v10試験問題集PDF
質問 206
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?
- A. NoSQL injection
- B. Blind SQL injection
- C. Error-based SQL injection
- D. Union-based SQL injection
正解: B
質問 207
What is a "Collision attack" in cryptography?
- A. Collision attacks try to find two inputs producing the same hash.
- B. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key.
- C. Collision attacks try to break the hash into three parts to get the plaintext value.
- D. Collision attacks try to get the public key.
正解: A
解説:
A Collision Attack is an attempt to find two input strings of a hash function that produce the same hash result.
References: https://learncryptography.com/hash-functions/hash-collision-attack
質問 208
Websites and web portals that provide web services commonly use the Simple Object Access Protocol SOAP.
Which of the following is an incorrect definition or characteristics in the protocol?
- A. Provides a structured model for messaging
- B. Based on XML
- C. Only compatible with the application protocol HTTP
- D. Exchanges data between web services
正解: C
質問 209
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?
- A. Active
- B. Distributive
- C. Passive
- D. Reflective
正解: A
解説:
Explanation
質問 210
A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?
- A. Try to sell the information to a well-paying party on the dark web.
- B. Ignore it.
- C. Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability.
- D. Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem.
正解: C
解説:
Explanation/Reference:
質問 211
Which of the following is a common Service Oriented Architecture (SOA) vulnerability?
- A. VPath injection
- B. SQL injection
- C. XML denial of service issues
- D. Cross-site scripting
正解: C
質問 212
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
- A. biometrics
- B. single sign on
- C. PKI
- D. SOA
正解: C
解説:
Explanation
A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates [1] and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email.
References: https://en.wikipedia.org/wiki/Public_key_infrastructure
質問 213
A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0. How can NMAP be used to scan these adjacent Class C networks?
- A. NMAP -P 192.168.1/17
- B. NMAP -P 192.168.1.0,2.0,3.0,4.0,5.0
- C. NMAP -P 192.168.1-5.
- D. NMAP -P 192.168.0.0/16
正解: C
質問 214
Which of the following problems can be solved by using Wireshark?
- A. Troubleshooting communication resets between two systems
- B. Resetting the administrator password on multiple systems
- C. Tracking version changes of source code
- D. Checking creation dates on all webpages on a server
正解: A
質問 215
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?
- A. Whisker
- B. Hydra
- C. Burp
- D. tcpsplice
正解: A
質問 216
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
- A. Validate and escape all information sent to a server.
- B. Use digital certificates to authenticate a server prior to sending data.
- C. Verify acces right before allowing access to protected information and UI controls.
- D. Use security policies and procedures to define and implement proper security settings.
正解: A
質問 217
This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like.
What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?
- A. escalating privileges
- B. gaining access
- C. footprinting
- D. network mapping
正解: C
解説:
Explanation
Footprinting is a first step that a penetration tester used to evaluate the security of any IT infrastructure, footprinting means to gather the maximum information about the computer system or a network and about the devices that are attached to this network.
References:
http://www.ehacking.net/2011/02/footprinting-first-step-of-ethical.html
質問 218
Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications an unpatched security flaws in a computer system?
- A. Wireshark
- B. Maltego
- C. Metasploit
- D. Nessus
正解: C
質問 219
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?
- A. Sarbanes-Oxley Act (SOX)
- B. Gramm-Leach-Bliley Act (GLBA)
- C. Fair and Accurate Credit Transactions Act (FACTA)
- D. Federal Information Security Management Act (FISMA)
正解: A
質問 220
The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106:
What type of activity has been logged?
- A. Port scan targeting 192.168.1.106
- B. Teardrop attack targeting 192.168.1.106
- C. Port scan targeting 192.168.1.103
- D. Denial of service attack targeting 192.168.1.103
正解: A
質問 221
......
312-50v10問題集トレーニングコース完全版:https://jp.fast2test.com/312-50v10-premium-file.html