2023年最新の100%試験高合格率312-38問題集PDF
合格させる試験完全版312-38問題集171解答
EC-COUNCIL 312-38 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
質問 59
Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. What is the last step he should list?
- A. Assign eradication.
- B. Containment
- C. Recovery
- D. A follow-up.
正解: D
質問 60
Which of the following OSI layers defines the electrical and physical specifications for devices?
- A. Data link layer
- B. Transport layer
- C. Physical layer
- D. Presentation layer
正解: C
質問 61
Consider a scenario consisting of a tree network. The root Node N is connected to two man nodes N1 and N2. N1 is connected to N11 and N12. N2 is connected to N21 and N22. What will happen if any one of the main nodes fail?
- A. Does not cause any disturbance to the child nodes or its tranmission
- B. Affects the root node only
- C. Failure of the main node affects all other child nodes at the same level irrespective of the main node.
- D. Failure of the main node will affect all related child nodes connected to the main node
正解: D
質問 62
Which of the following is a session layer protocol?
- A. SLP
- B. RPC
- C. RDP
- D. ICMP
正解: B
質問 63
DRAG DROP
Drag and drop the terms to match with their descriptions.
正解:
解説:
Explanation:
Following are the terms with their descriptions:
A Trojan horse is a malicious software program that contains hidden code and masquerades itself as a normal program. When a Trojan horse program is run, its hidden code runs to destroy or scramble data on the hard disk. An example of a Trojan horse is a program that masquerades as a computer logon to retrieve user names and password information. The developer of a Trojan horse can use this information later to gain unauthorized access to computers. Trojan horses are normally spread by e-mail attachments. Ping sweep is a technique used to determine which of a range of IP addresses map to live hosts. It consists of ICMP ECHO requests sent to multiple hosts. If a given address is live, it will return an ICMP ECHO reply. A ping is often used to check that a network device is functioning. To disable ping sweeps on a network, administrators can block ICMP ECHO requests from outside sources. However, ICMP TIMESTAMP and ICMP INFO can be used in a similar manner. Spamware is software designed by or for spammers to send out automated spam e-mail. Spamware is used to search for e-mail addresses to build lists of e-mail addresses to be used either for spamming directly or to be sold to spammers. The spamware package also includes an e-mail harvesting tool. A backdoor is any program that allows a hacker to connect to a computer without going through the normal authentication process. The main advantage of this type of attack is that the network traffic moves from inside a network to the hacker's computer. The traffic moving from inside a network to the outside world is typically the least restrictive, as companies are more concerned about what comes into a network, rather than what leaves it. It, therefore, becomes hard to detect backdoors.
質問 64
Which of the following is a 16-bit field that identifies the source port number of the application program in the host that is sending the segment?
- A. Header Length
- B. Acknowledgment Number
- C. Source Port Address
- D. Sequence Number
正解: C
解説:
Source Port Address is a 16-bit field that identifies the source port number of the application
program in the host that is sending the segment.
Answer option C is incorrect. This is a 32-bit field that identifies the byte number that the sender of
the segment is expecting to receive from the receiver.
Answer option B is incorrect. This is a 4-bit field that defines the 4-byte words in the TCP header.
The header length can be between 20 and 60 bytes. Therefore, the value of this field can be
between 5 and 15.
Answer option A is incorrect. This is a 32-bit field that identifies the number assigned to the first
byte of data contained in the segment.
質問 65
Which of the following is a standard-based protocol that provides the highest level of VPN security?
- A. PPP
- B. L2TP
- C. IPSec
- D. IP
正解: C
解説:
Internet Protocol Security (IPSec) is a standard-based protocol that provides the highest level of VPN security. IPSec can encrypt virtually everything above the networking layer. It is used for VPN connections that use the L2TP protocol. It secures both data and password. IPSec cannot be used with Point-to-Point Tunneling Protocol (PPTP). Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP. IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed actively worldwide. Answer option C is incorrect. Point-to-Point Protocol (PPP) is a remote access protocol commonly used to connect to the Internet. It supports compression and encryption and can be used to connect to a variety of networks. It can connect to a network running on the IPX, TCP/IP, or NetBEUI protocol. It supports multi-protocol and dynamic IP assignments. It is the default protocol for the Microsoft Dial-Up adapter. Answer option D is incorrect. Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication. It allows the transfer of Point-to-Point Protocol (PPP) traffic between different networks. L2TP combines with IPSec to provide tunneling and security for Internet Protocol (IP), Internetwork Packet Exchange (IPX), and other protocol packets across IP networks.
質問 66
Adam, a malicious hacker, has just succeeded in stealing a secure cookie via a XSS attack. He is able to
replay the cookie even while the session is valid on the server. Which of the following is the most likely reason
of this cause?
- A. Two way encryption is applied.
- B. Encryption is performed at the application layer (single encryption key).
- C. No encryption is applied.
- D. Encryption is performed at the network layer (layer 1 encryption).
正解: B
解説:
Single key encryption uses a single word or phrase as the key. The same key is used by the sender to encrypt
and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from
one to the other. With TLS or SSL this would not be possible. Symmetric encryption is a type of encryption that
uses a single key to encrypt and decrypt data. Symmetric encryption algorithms are faster than public key
encryption. Therefore, it is commonly used when a message sender needs to encrypt a large amount of data.
Data Encryption Standard (DES) uses the symmetric encryption key algorithm to encrypt data.
質問 67
Which of the following is a best practice for wireless network security?
- A. Do not changing the default SSID
- B. Do not placing packet filter between the AP and the corporate intranet
- C. Enabling the remote router login
- D. Using SSID cloaking
正解: D
質問 68
Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings, blogs, DNS listings, and Web pages. He then sends a large number of unsolicited commercial e-mail (UCE) messages to these addresses. Which of the following e-mail crimes is Peter committing?
- A. E-mail spam
- B. E-mail storm
- C. E-mail bombing
- D. E-mail spoofing
正解: A
解説:
Peter is performing spamming activity. Spam is a term that refers to the unsolicited e-mails sent to a large number of e-mail users. The number of such e-mails is increasing day by day, as most companies now prefer to use e-mails for promoting their products. Because of these unsolicited e-mails, legitimate e-mails take a much longer time to deliver to their destination. The attachments sent through spam may also contain viruses.
However, spam can be stopped by implementing spam filters on servers and e-mail clients.
Answer option C is incorrect. Mail bombing is an attack that is used to overwhelm mail servers and clients by sending a large number of unwanted e-mails. The aim of this type of attack is to completely fill the recipient's hard disk with immense, useless files, causing at best irritation, and at worst total computer failure. E-mail filtering and properly configuring email relay functionality on mail servers can be helpful for protection against this type of attack.
Answer option B is incorrect. An e-mail storm is a sudden spike of Reply All messages on an e-mail distribution list, usually caused by a controversial or misdirected message. Such storms start when multiple members of the distribution list reply to the entire list at the same time in response to an instigating message. Other members soon respond, usually adding vitriol to the discussion, asking to be removed from the list, or pleading for the cessation of messages. If enough members reply to these unwanted messages, this triggers a chain reaction of e-mail messages. The sheer load of traffic generated by these storms can render the e-mail servers carrying them inoperative, similar to a DDoS attack.
Some e-mail viruses also have the capacity to create e-mail storms, by sending copies of themselves to an infected user's contacts, including distribution lists, infecting the contacts in turn.
Answer option D is incorrect. E-mail spoofing is a term used to describe e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path, and Reply- To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to come from the address indicated in the From field, it actually comes from another source.
質問 69
Peter works as a network administrator at an IT company. He wants to avoid exploitation of the cloud, particularly Azure services. Which of the following is a group of PowerShell scripts designed to help the network administrator understand how attacks happen and help them protect the cloud?
- A. Sysmon
- B. MicroBurst
- C. SecurityPolicyDsc
- D. POSH-Sysmon
正解: B
質問 70
Fill in the blank with the appropriate term.
A ______________ is a translation device or service that is often controlled by a separate Media Gateway Controller, which provides the call control and signaling functionality.
正解:
解説:
Media gateway
質問 71
Which of the following is a standard protocol for interfacing external application software with an information
server, commonly a Web server?
- A. DHCP
- B. CGI
- C. IP
- D. TCP
正解: B
解説:
The Common Gateway Interface (CGI) is a standard protocol for interfacing external application software with
an information server, commonly a Web server. The task of such an information server is to respond to
requests (in the case of web servers, requests from client web browsers) by returning output. When a user
requests the name of an entry, the server will retrieve the source of that entry's page (if one exists), transform it
into HTML, and send the result.
Answer option A is incorrect. DHCP is a Dynamic Host Configuration Protocol that allocates unique (IP)
addresses dynamically so that they can be used when no longer needed. A DHCP server is set up in a DHCP
environment with the appropriate configuration parameters for the given network. The key parameters include
the range or "pool" of available IP addresses, correct subnet masks, gateway, and name server addresses.
Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a
packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP.IP is the primary
protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol
datagrams (packets) from the source host to the destination host solely based on their addresses. For this
purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The
first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the
dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed
actively worldwide.
Answer option D is incorrect. Transmission Control Protocol (TCP) is a reliable, connection-oriented protocol
operating at the transport layer of the OSI model. It provides a reliable packet delivery service encapsulated
within the Internet Protocol (IP). TCP guarantees the delivery of packets, ensures proper sequencing of data,
and provides a checksum feature that validates both the packet header and its data for accuracy. If the
network corrupts or loses a TCP packet during transmission, TCP is responsible for retransmitting the faulty
packet. It can transmit large amounts of data. Application layer protocols, such as HTTP and FTP, utilize the
services of TCP to transfer files between clients and servers.
質問 72
Which of the following key features limits the rate a sender transfers data to guarantee reliable delivery?
- A. Flow control
- B. Error-free data transfer
- C. Ordered data transfer
- D. Congestion control
正解: A
質問 73
Which BC/DR activity works on the assumption that the most critical processes are brought back from a remote location first, followed by the less critical functions?
- A. Recovery
- B. Response
- C. Restoration
- D. Resumption
正解: A
質問 74
Which of the following are the valid steps for securing routers? Each correct answer represents a complete solution. Choose all that apply.
- A. Use a password that is easy to remember for a router's administrative console.
- B. Keep routers updated with the latest security patches.
- C. Configure access list entries to prevent unauthorized connections and traffic routing.
- D. Use a complex password for a router's administrative console.
正解: B,C,D
解説:
The following are the valid steps for securing routers and devices:
Configure access list entries to prevent unauthorized connections and traffic routing.
Use a complex password for a router's administrative console.
Keep routers in locked rooms.
Keep routers updated with the latest security patches.
Use monitoring an equipment to protect routers and devices.
Router is a device that routes data packets between computers in different networks. It is used to connect multiple networks, and it determines the path to be taken by each data packet to its destination computer.
Router maintains a routing table of the available routes and their conditions. By using this information, along with distance and cost algorithms, the router determines the best path to be taken by the data packets to the destination computer. A router can connect dissimilar networks, such as Ethernet, FDDI, and Token Ring, and route data packets among them. Routers operate at the network layer (layer 3) of the Open Systems Interconnection (OSI) model.
A security patch is a program that eliminates a vulnerability exploited by hackers.
質問 75
Which of the following representatives of the incident response team takes forensic backups of systems that are the focus of an incident?
- A. Technical representative
- B. Lead investigator
- C. Information security representative
- D. Legal representative
正解: A
解説:
A technical representative creates forensic backups of systems that are the focus of an incident
and provides valuable information about the configuration of the network and target system.
Answer option B is incorrect. A lead investigator acts as the manager of the computer security
incident response team.
Answer option D is incorrect. The legal representative looks after legal issues and ensures that the
investigation process does not break any law.
Answer option C is incorrect. The information security representative informs about the security
safeguards that may affect their ability to respond to the incident.
質問 76
Harry has successfully completed the vulnerability scanning process and found serious vulnerabilities exist in the organization's network. Identify the vulnerability management phases through which he will proceed to ensure all the detected vulnerabilities are addressed and eradicated. (Select all that apply)
- A. Mitigation
- B. Assessment
- C. Verification
- D. Remediation
正解: A,C,D
質問 77
Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.
- A. They are considered an indicator of threats coupled with vulnerability.
- B. They can be analyzed and measured by the risk analysis process.
- C. They can be mitigated by reviewing and taking responsible actions based on possible risks.
- D. They can be removed completely by taking proper actions.
正解: A,B,C
解説:
In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process. Answer option B is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.
質問 78
Which of the following is a protocol that describes an approach to providing "streamlined" support of OSI application services on top of TCP/IP-based networks for some constrained environments?
- A. Lightweight Presentation Protocol
- B. Network News Transfer Protocol
- C. Dynamic Host Configuration Protocol
- D. Internet Relay Chat Protocol
正解: A
質問 79
Which of the following layers of the OSI model provides end-to-end connections and reliability?
- A. Session layer
- B. Physical layer
- C. Transport layer
- D. Network layer
正解: C
質問 80
Which of the following is a digital telephone/telecommunication network that carries voice, data, and video over
an existing telephone network infrastructure?
- A. X.25
- B. PPP
- C. Frame relay
- D. ISDN
正解: D
解説:
Integrated Services Digital Network (ISDN) is a digital telephone/telecommunication network that carries voice,
data, and video over an existing telephone network infrastructure. It requires an ISDN modem at both the ends
of a transmission. ISDN is designed to provide a single interface for hooking up a telephone, fax machine,
computer, etc.
ISDN has two levels of service, i.e., Basic Rate Interface (BRI) and Primary Rate Interface (PRI).
Answer option A is incorrect. The Point-to-Point Protocol, or PPP, is a data link protocol commonly used to
establish a direct connection between two networking nodes. It can provide connection authentication,
transmission encryption privacy, and compression. PPP is commonly used as a data link layer protocol for
connection over synchronous and asynchronous circuits, where it has largely superseded the older, non-
standard Serial Line Internet Protocol (SLIP) and telephone company mandated standards (such as Link
Access Protocol, Balanced (LAPB) in the X.25 protocol suite). PPP was designed to work with numerous
network layer protocols, including Internet Protocol (IP), Novell's Internetwork Packet Exchange (IPX), NBF,
and AppleTalk.
Answer option D is incorrect. The X.25 protocol, adopted as a standard by the Consultative Committee for
International Telegraph and Telephone (CCITT), is a commonly-used network protocol. The X.25 protocol
allows computers on different public networks (such as CompuServe, Tymnet, or a TCP/IP network) to
communicate through an intermediary computer at the network layer level. X.25's protocols correspond closely
to the data-link and physical-layer protocols defined in the Open Systems Interconnection (OSI) communication
model.
Answer option B is incorrect. Frame relay is a telecommunication service designed for cost-efficient data
transmission for intermittent traffic between local area networks (LANs) and between end-points in a wide area
network (WAN). Frame relay puts data in a variable-size unit called a frame. It checks for lesser errors as
compared to other traditional forms of packet switching and hence speeds up data transmission.
When an error is detected in a frame, it is simply dropped. The end points are responsible for detecting and
retransmitting dropped frames.
質問 81
Which of the following applications is used for the statistical analysis and reporting of the log files?
- A. Snort
- B. jplag
- C. Sawmill
- D. Sniffer
正解: C
質問 82
Which of the following is a type of scam that entices a user to disclose personal information?
- A. Sniffing
- B. Spamming
- C. Smurfing
- D. Phishing
正解: D
質問 83
......
検証済み312-38問題集で問題と解答100%合格Fast2test:https://jp.fast2test.com/312-38-premium-file.html
合格させる312-38試験一発合格保証2023問題集:https://drive.google.com/open?id=1FIngkazFvuLB9tucLtYxqpgNmWPAcgPA