[完全版]2021年最新のFast2test 312-50v11のPDFで最近更新された問題です [Q39-Q62]

Share

[完全版]2021年最新のFast2test 312-50v11のPDFで最近更新された問題です

312-50v11試験には保証が付きます。更新されたのは525問があります

質問 39
Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?

  • A. HIPPA/PHl
  • B. Pll
  • C. ISO 2002
  • D. PCIDSS

正解: A

解説:
Explanation
PHI stands for Protected Health info. The HIPAA Privacy Rule provides federal protections for private health info held by lined entities and provides patients an array of rights with regard to that info. under HIPAA phi is considered to be any identifiable health info that's used, maintained, stored, or transmitted by a HIPAA-covered entity - a healthcare provider, health plan or health insurer, or a aid clearinghouse - or a business associate of a HIPAA-covered entity, in relation to the availability of aid or payment for aid services.
It is not only past and current medical info that's considered letter under HIPAA Rules, however also future info concerning medical conditions or physical and mental health related to the provision of care or payment for care. phi is health info in any kind, together with physical records, electronic records, or spoken info.
Therefore, letter includes health records, medical histories, lab check results, and medical bills. basically, all health info is considered letter once it includes individual identifiers. Demographic info is additionally thought of phi underneath HIPAA Rules, as square measure several common identifiers like patient names, Social Security numbers, Driver's license numbers, insurance details, and birth dates, once they square measure connected with health info.
The eighteen identifiers that create health info letter are:
* Names
* Dates, except year
* phonephone numbers
* Geographic information
* FAX numbers
* Social Security numbers
* Email addresses
* case history numbers
* Account numbers
* Health arrange beneficiary numbers
* Certificate/license numbers
* Vehicle identifiers and serial numbers together with license plates
* Web URLs
* Device identifiers and serial numbers
* net protocol addresses
* Full face photos and comparable pictures
* Biometric identifiers (i.e. retinal scan, fingerprints)
* Any distinctive identifying variety or code
One or a lot of of those identifiers turns health info into letter, and phi HIPAA Privacy Rule restrictions can then apply that limit uses and disclosures of the data. HIPAA lined entities and their business associates will ought to guarantee applicable technical, physical, and body safeguards are enforced to make sure the confidentiality, integrity, and availability of phi as stipulated within the HIPAA Security Rule.

 

質問 40
The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap
192.168.1.64/28.
Why he cannot see the servers?

  • A. He needs to add the command ""ip address"" just before the IP address
  • B. He needs to change the address to 192.168.1.0 with the same mask
  • C. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range
  • D. The network must be dawn and the nmap command and IP address are ok

正解: C

 

質問 41
Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. What is the security model implemented by Jane to secure corporate messages?

  • A. Secure Socket Layer (SSL)
  • B. Zero trust network
  • C. Web of trust (WOT)
  • D. Transport Layer Security (TLS)

正解: D

 

質問 42
A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.
What is the best security policy concerning this setup?

  • A. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.
  • B. The operator knows that attacks and down time are inevitable and should have a backup site.
  • C. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.
  • D. As long as the physical access to the network elements is restricted, there is no need for additional measures.

正解: C

 

質問 43
You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.
Dear valued customers,
We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

or you may contact us at the following address:
Media Internet Consultants, Edif. Neptuno, Planta
Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama
How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

  • A. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
  • B. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
  • C. Look at the website design, if it looks professional then it is a Real Anti-Virus website
  • D. Connect to the site using SSL, if you are successful then the website is genuine
  • E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

正解: A

 

質問 44
Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?

  • A. LNMIB2.MIB
  • B. WINS.MIB
  • C. MIB_II.MIB
  • D. DHCP.MIS

正解: A

解説:
Explanation
DHCP.MIB: Monitors network traffic between DHCP servers and remote hosts HOSTMIB.MIB: Monitors and manages host resources LNMIB2.MIB: Contains object types for workstation and server services MIBJI.MIB: Manages TCP/IP-based Internet using a simple architecture and system WINS.MIB: For the Windows Internet Name Service (WINS)

 

質問 45
what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

  • A. msfvenom -p windows/meterpreter/reverse_tcp RHOST= 10.10.10.30 LPORT=4444 -f.exe > shell.exe
  • B. msfvenom -p wlndows/meterpreter/reverse.tcp lhost=io.i 0.1030 lport=4444 -f exe > shell.exe
  • C. msfvenom -p windows/meterpreier/feversetcp LHOST=10.10.10.30 LP0RT=4444-f c
  • D. msfvenom -p windows/rneterpreter/reverse_tcpRMOST=i0.i 0.10.30 LPORT =4444-fc

正解: A

 

質問 46
Which tool can be used to silently copy files from USB devices?

  • A. USB Sniffer
  • B. Use Dumper
  • C. USB Snoopy
  • D. USB Grabber

正解: B

 

質問 47
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT.
POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

  • A. JSON-RPC
  • B. REST API
  • C. SOAP API
  • D. RESTful API

正解: D

 

質問 48
What tool can crack Windows SMB passwords simply by listening to network traffic?

  • A. NTFSDOS
  • B. L0phtcrack
  • C. Netbus
  • D. This is not possible

正解: B

 

質問 49
Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script.
After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives.
What is the tool employed by Mason in the above scenario?

  • A. WebBrowserPassView
  • B. Outlook scraper
  • C. Credential enumerator
  • D. NetPass.exe

正解: C

 

質問 50
Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

  • A. Logic tier
  • B. Presentation tier
  • C. Data tier
  • D. Application Layer

正解: A

 

質問 51
Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges.

  • A. Micah
  • B. Sheela
  • C. Chang
  • D. Rebecca
  • E. John
  • F. Shawn
  • G. Somia

正解: C

 

質問 52
George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?

  • A. Zigbee
  • B. LPWAN
  • C. MQTT
  • D. NB-IoT

正解: A

解説:
Explanation
Zigbee could be a wireless technology developed as associate open international normal to deal with the unique desires of affordable, low-power wireless IoT networks. The Zigbee normal operates on the IEEE
802.15.4 physical radio specification and operates in unauthorised bands as well as a pair of.4 GHz, 900 MHz and 868 MHz.
The 802.15.4 specification upon that the Zigbee stack operates gained confirmation by the Institute of Electrical and physical science Engineers (IEEE) in 2003. The specification could be a packet-based radio protocol supposed for affordable, battery-operated devices. The protocol permits devices to speak in an exceedingly kind of network topologies and may have battery life lasting many years.
The Zigbee three.0 Protocol
The Zigbee protocol has been created and ratified by member corporations of the Zigbee Alliance.Over three hundred leading semiconductor makers, technology corporations, OEMs and repair corporations comprise the Zigbee Alliance membership. The Zigbee protocol was designed to supply associate easy-to-use wireless information answer characterised by secure, reliable wireless network architectures.
THE ZIGBEE ADVANTAGE
The Zigbee 3.0 protocol is intended to speak information through rip-roaring RF environments that area unit common in business and industrial applications. Version 3.0 builds on the prevailing Zigbee normal however unifies the market-specific application profiles to permit all devices to be wirelessly connected within the same network, no matter their market designation and performance. what is more, a Zigbee 3.0 certification theme ensures the ability of product from completely different makers. Connecting Zigbee three.0 networks to the information science domain unveil observance and management from devices like smartphones and tablets on a local area network or WAN, as well as the web, and brings verity net of Things to fruition.
Zigbee protocol options include:
* Support for multiple network topologies like point-to-point, point-to-multipoint and mesh networks
* Low duty cycle - provides long battery life
* Low latency
* Direct Sequence unfold Spectrum (DSSS)
* Up to 65,000 nodes per network
* 128-bit AES encryption for secure information connections
* Collision avoidance, retries and acknowledgements

 

質問 53
To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

  • A. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
  • B. If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit
  • C. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
  • D. If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit

正解: C

 

質問 54
What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

  • A. Residual risk
  • B. Deferred risk
  • C. Inherent risk
  • D. Impact risk

正解: A

 

質問 55
Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

  • A. Configure the Web Server to deny requests involving "hex encoded" characters
  • B. Create rules in IDS to alert on strange Unicode requests
  • C. Use SSL authentication on Web Servers
  • D. Enable Active Scripts Detection at the firewall and routers

正解: B

 

質問 56
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

  • A. OpenVAS
  • B. tcptraceroute
  • C. Nessus
  • D. tcptrace

正解: D

 

質問 57
Which of the following commands checks for valid users on an SMTP server?

  • A. CHK
  • B. VRFY
  • C. RCPT
  • D. EXPN

正解: B

解説:
The VRFY commands enables SMTP clients to send an invitation to an SMTP server to verify that mail for a selected user name resides on the server. The VRFY command is defined in RFC 821. The server sends a response indicating whether the user is local or not, whether mail are going to be forwarded, and so on. A response of 250 indicates that the user name is local; a response of 251 indicates that the user name isn't local, but the server can forward the message. The server response includes the mailbox name.

 

質問 58
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

  • A. web cache poisoning attack
  • B. website defacement
  • C. Web server misconfiguration
  • D. Server-side request forgery (SSRF) attack

正解: D

解説:
Explanation
Server-side request forgery (also called SSRF) is a net security vulnerability that allows an assaulter to induce the server-side application to make http requests to associate arbitrary domain of the attacker's choosing.
In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services among the organization's infrastructure, or to external third-party systems.
Another type of trust relationship that often arises with server-side request forgery is where the application server is able to interact with different back-end systems that aren't directly reachable by users. These systems typically have non-routable private informatics addresses. Since the back-end systems normally ordinarily protected by the topology, they typically have a weaker security posture. In several cases, internal back-end systems contain sensitive functionality that may be accessed while not authentication by anyone who is able to act with the systems.
In the preceding example, suppose there's an body interface at the back-end url https://192.168.0.68/admin.
Here, an attacker will exploit the SSRF vulnerability to access the executive interface by submitting the following request:
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 118
stockApi=http://192.168.0.68/admin

 

質問 59
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.
Which command would you use?

  • A. c:\compmgmt.msc
  • B. c:\gpedit
  • C. c:\services.msc
  • D. c:\ncpa.cp

正解: A

解説:
Explanation
To start the Computer Management Console from command line just type compmgmt.msc
/computer:computername in your run box or at the command line and it should automatically open the Computer Management console.
References:
http://www.waynezim.com/tag/compmgmtmsc/

 

質問 60
What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

  • A. Performing content enumeration using the bruteforce mode and 10 threads
  • B. Shipping SSL certificate verification
  • C. Performing content enumeration using the bruteforce mode and random file extensions
  • D. Performing content enumeration using a wordlist

正解: C

 

質問 61
When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

  • A. Reviewing the firewalls configuration
  • B. Data items and vulnerability scanning
  • C. Interviewing employees and network engineers
  • D. Source code review

正解: B

 

質問 62
......

最新の312-50v11合格保証付き試験問題集の認定サンプル問題:https://jp.fast2test.com/312-50v11-premium-file.html

312-50v11更新された試験問題集で[2021年最新] 練習には有効な試験問題集:https://drive.google.com/open?id=1dxJiUakNv0VegSB0AW2sR9WAe70DxHyc


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어