[2022年02月]更新の312-50v10認定実際の問題を提供します [Q189-Q214]

Share

[2022年02月]更新の312-50v10認定実際の問題を提供します

更新されたのは312-50v10問題集PDFで312-50v10リアル有効なブレーン問題集には745問があります!

質問 189
When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

  • A. The amount of time it takes to convert biometric data into a template on a smart card
  • B. The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information
  • C. How long it takes to setup individual user accounts
  • D. The amount of time and resources that are necessary to maintain a biometric system

正解: B

 

質問 190
If executives are found liable for not properly protecting their company's assets and information systems,
what type of law would apply in this situation?

  • A. Criminal
  • B. Civil
  • C. International
  • D. Common

正解: B

 

質問 191
What is correct about digital signatures?

  • A. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
  • B. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
  • C. Digital signatures may be used in different documents of the same type.
  • D. Digital signatures are issued once for each user and can be used everywhere until they expire.

正解: B

 

質問 192
Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.
He identified this when the IDS alerted for malware activities in the network.
What should Bob do to avoid this problem?

  • A. Separate students in a different VLAN
  • B. Use the 802.1x protocol
  • C. Disable unused ports in the switches
  • D. Ask students to use the wireless network

正解: B

 

質問 193
Seth is starting a penetration test from inside the network. He hasn't been given any information about the
network. What type of test is he conducting?

  • A. Internal, Blackbox
  • B. Internal, Whitebox
  • C. External, Whitebox
  • D. External, Blackbox

正解: A

 

質問 194
Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

  • A. Linux
  • B. Windows
  • C. OS X
  • D. Unix

正解: B

 

質問 195
A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?

  • A. The consultant may expose vulnerabilities of other companies.
  • B. The company accepting bids will hire the consultant because of the great work performed.
  • C. The company accepting bids will want the same type of format of testing.
  • D. The consultant will ask for money on the bid because of great work.

正解: A

 

質問 196
What did the following commands determine?

  • A. These commands demonstrate that the guest account has been disabled
  • B. That the true administrator is Joe
  • C. Issued alone, these commands prove nothing
  • D. These commands demonstrate that the guest account has NOT been disabled
  • E. That the Joe account has a SID of 500

正解: B

 

質問 197
Which of the following tools can be used for passive OS fingerprinting?

  • A. tracert
  • B. tcpdump
  • C. nmap
  • D. ping

正解: B

 

質問 198
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned
to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how
an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing -
Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool
should the analyst use to perform a Blackjacking attack?

  • A. Bloover
  • B. BBCrack
  • C. Paros Proxy
  • D. BBProxy

正解: D

 

質問 199
Websites and web portals that provide web services commonly use the Simple Object Access Protocol SOAP.
Which of the following is an incorrect definition or characteristics in the protocol?

  • A. Provides a structured model for messaging
  • B. Based on XML
  • C. Only compatible with the application protocol HTTP
  • D. Exchanges data between web services

正解: C

 

質問 200
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field:

When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".
Which web applications vulnerability did the analyst discover?

  • A. Cross-site scripting
  • B. Command injection
  • C. SQL injection
  • D. Cross-site request forgery

正解: A

 

質問 201
Bob, your senior colleague, has sent you a mail regarding aa deal with one of the clients. You are requested to accept the offer and you oblige.
After 2 days, Bob denies that he had ever sent a mail.
What do you want to "know" to prove yourself that it was Bob who had send a mail?

  • A. Authentication
  • B. Non-Repudiation
  • C. Confidentiality
  • D. Integrity

正解: B

 

質問 202
Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?

  • A. Heuristic Analysis
  • B. Scanning
  • C. Integrity checking
  • D. Code Emulation

正解: D

 

質問 203
From the following table, identify the wrong answer in terms of Range (ft).

  • A. 802.16(WiMax)
  • B. 802.11g
  • C. 802.11a
  • D. 802.11b

正解: C

 

質問 204
Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp's lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

  • A. He must perform privilege escalation.
  • B. He already has admin privileges, as shown by the "501" at the end of the SID.
  • C. He needs to gain physical access.
  • D. He needs to disable antivirus protection.

正解: A

 

質問 205
It is a vulnerability in GNU's bash shell, discovered in September of 2014, that gives attackers access to run remote commands on a vulnerable system. The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers).
Which of the following vulnerabilities is being described?

  • A. Rootshock
  • B. Shellbash
  • C. Rootshell
  • D. Shellshock

正解: D

解説:
Explanation
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014.
References: https://en.wikipedia.org/wiki/Shellshock_(software_bug)

 

質問 206
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He is
determined that the application is vulnerable to SQL injection and has introduced conditional timing delays
into injected queries to determine whether they are successful. What type of SQL injection is Elliot most
likely performing?

  • A. NoSQL injection
  • B. Blind SQL injection
  • C. Error-based SQL injection
  • D. Union-based SQL injection

正解: B

 

質問 207
When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?

  • A. Burpsuite
  • B. Dimitry
  • C. Proxychains
  • D. Maskgen

正解: A

解説:
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
References: https://portswigger.net/burp/

 

質問 208
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?

Output:
Segmentation fault

  • A. C++
  • B. C#
  • C. Java
  • D. Python

正解: A

 

質問 209
Which of the following examples best represents a logical or technical control?

  • A. Security tokens
  • B. Heating and air conditioning
  • C. Smoke and fire alarms
  • D. Corporate security policy

正解: A

 

質問 210
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?
Code:
#include <string.h>
int main(){
char buffer[8];
strcpy(buffer, ""11111111111111111111111111111"");
}
Output:
Segmentation fault

  • A. C++
  • B. C#
  • C. Java
  • D. Python

正解: A

 

質問 211
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.
Which command would you use?

  • A. c:\compmgmt.msc
  • B. c:\gpedit
  • C. c:\services.msc
  • D. c:\ncpa.cp

正解: A

解説:
Explanation
To start the Computer Management Console from command line just type compmgmt.msc
/computer:computername in your run box or at the command line and it should automatically open the Computer Management console.
References:
http://www.waynezim.com/tag/compmgmtmsc/

 

質問 212
Which results will be returned with the following Google search query? site:target.com site:Marketing.target.com accounting

  • A. Results matching "accounting" in domain target.com but not on the site Marketing.target.com
  • B. Results for matches on target.com and Marketing,target.com that include the word "accounting"
  • C. Results matching all words in the query.
  • D. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.

正解: B

 

質問 213
While reviewing the result of scanning run against a target network you come across the following:

Which among the following can be used to get this output?

  • A. A sniffer
  • B. An SNMP walk
  • C. A Bo2k system query.
  • D. nmap protocol scan

正解: B

 

質問 214
......

あなたをお手軽に312-50v10試験合格させるし100%試験合格保証:https://jp.fast2test.com/312-50v10-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어