あなたの312-50v10試験100%合格問題集はここFast2testで一発合格 [Q206-Q221]

Share

あなたの312-50v10試験100%合格問題集はここFast2testで一発合格

突破上級者がシミュレーションされた312-50v10試験問題集PDF

質問 206
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

  • A. NoSQL injection
  • B. Blind SQL injection
  • C. Error-based SQL injection
  • D. Union-based SQL injection

正解: B

 

質問 207
What is a "Collision attack" in cryptography?

  • A. Collision attacks try to find two inputs producing the same hash.
  • B. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key.
  • C. Collision attacks try to break the hash into three parts to get the plaintext value.
  • D. Collision attacks try to get the public key.

正解: A

解説:
A Collision Attack is an attempt to find two input strings of a hash function that produce the same hash result.
References: https://learncryptography.com/hash-functions/hash-collision-attack

 

質問 208
Websites and web portals that provide web services commonly use the Simple Object Access Protocol SOAP.
Which of the following is an incorrect definition or characteristics in the protocol?

  • A. Provides a structured model for messaging
  • B. Based on XML
  • C. Only compatible with the application protocol HTTP
  • D. Exchanges data between web services

正解: C

 

質問 209
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

  • A. Active
  • B. Distributive
  • C. Passive
  • D. Reflective

正解: A

解説:
Explanation

 

質問 210
A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?

  • A. Try to sell the information to a well-paying party on the dark web.
  • B. Ignore it.
  • C. Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability.
  • D. Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem.

正解: C

解説:
Explanation/Reference:

 

質問 211
Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

  • A. VPath injection
  • B. SQL injection
  • C. XML denial of service issues
  • D. Cross-site scripting

正解: C

 

質問 212
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

  • A. biometrics
  • B. single sign on
  • C. PKI
  • D. SOA

正解: C

解説:
Explanation
A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates [1] and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email.
References: https://en.wikipedia.org/wiki/Public_key_infrastructure

 

質問 213
A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0. How can NMAP be used to scan these adjacent Class C networks?

  • A. NMAP -P 192.168.1/17
  • B. NMAP -P 192.168.1.0,2.0,3.0,4.0,5.0
  • C. NMAP -P 192.168.1-5.
  • D. NMAP -P 192.168.0.0/16

正解: C

 

質問 214
Which of the following problems can be solved by using Wireshark?

  • A. Troubleshooting communication resets between two systems
  • B. Resetting the administrator password on multiple systems
  • C. Tracking version changes of source code
  • D. Checking creation dates on all webpages on a server

正解: A

 

質問 215
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

  • A. Whisker
  • B. Hydra
  • C. Burp
  • D. tcpsplice

正解: A

 

質問 216
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

  • A. Validate and escape all information sent to a server.
  • B. Use digital certificates to authenticate a server prior to sending data.
  • C. Verify acces right before allowing access to protected information and UI controls.
  • D. Use security policies and procedures to define and implement proper security settings.

正解: A

 

質問 217
This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like.
What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

  • A. escalating privileges
  • B. gaining access
  • C. footprinting
  • D. network mapping

正解: C

解説:
Explanation
Footprinting is a first step that a penetration tester used to evaluate the security of any IT infrastructure, footprinting means to gather the maximum information about the computer system or a network and about the devices that are attached to this network.
References:
http://www.ehacking.net/2011/02/footprinting-first-step-of-ethical.html

 

質問 218
Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications an unpatched security flaws in a computer system?

  • A. Wireshark
  • B. Maltego
  • C. Metasploit
  • D. Nessus

正解: C

 

質問 219
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

  • A. Sarbanes-Oxley Act (SOX)
  • B. Gramm-Leach-Bliley Act (GLBA)
  • C. Fair and Accurate Credit Transactions Act (FACTA)
  • D. Federal Information Security Management Act (FISMA)

正解: A

 

質問 220
The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106:

What type of activity has been logged?

  • A. Port scan targeting 192.168.1.106
  • B. Teardrop attack targeting 192.168.1.106
  • C. Port scan targeting 192.168.1.103
  • D. Denial of service attack targeting 192.168.1.103

正解: A

 

質問 221
......

312-50v10問題集トレーニングコース完全版:https://jp.fast2test.com/312-50v10-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어