
2024年最新の更新のCertified Ethical Hackerが有効な312-38問題集を無料提供しています
最新のFast2test 312-38PDF問題集をダウンロードしちゃおう:https://jp.fast2test.com/312-38-premium-file.html(348問題と解答)
質問 # 176
Which type of firewall consists of three interfaces and allows further subdivision of the systems based on specific security objectives of the organization?
- A. Bastion host
- B. Unscreened subnet
- C. Multi-homed firewall
- D. Screened subnet
正解:C
解説:
A multi-homed firewall is designed with three or more network interfaces. This type of firewall allows an organization to create multiple subnets, each serving different security objectives. The multi-homed firewall can enforce security policies and control traffic flow between these subnets, effectively segmenting the network based on the organization's specific needs. This segmentation enhances security by isolating different parts of the network, reducing the risk of widespread network compromise in the event of a security breach.
質問 # 177
Which of the following is NOT an AWS Shared Responsibility Model devised by AWS?
- A. Shared Responsibility Model for Infrastructure Services
- B. Shared Responsibility Model for Abstract Services
- C. Shared Responsibility Model for Container Services
- D. Shared Responsibility Model for Storage Services
正解:D
質問 # 178
Which of the following acts as a verifier for the certificate authority?
- A. Certificate Management system
- B. Registration authority
- C. Certificate authority
- D. Directory management system
正解:B
解説:
The Registration Authority (RA) acts as the verifier for the Certificate Authority (CA). The RA is responsible for accepting requests for digital certificates and authenticating the entity making the request before passing the request to the CA for issuance. In essence, the RA serves as a trusted intermediary between the user and the CA, ensuring that the CA can rely on the information provided by the RA when issuing a certificate.
質問 # 179
Kelly is taking backups of the organization's dat
a. Currently, he is taking backups of only those files which are created or modified after the last backup. What type of backup is Kelly using?
- A. Full backup
- B. Differential Backup
- C. Normal Backup
- D. Incremental backup
正解:D
解説:
An incremental backup is a type of data backup that copies only the files that have been created or modified since the last backup operation of any type. This method is efficient because it only backs up data that has changed, which can save on storage space and reduce the time needed to complete the backup. In Kelly's case, since he is backing up only the new or changed files since the last backup, he is using an incremental backup approach.
質問 # 180
Which of the following is the full form of SAINT?
- A. System Administrators Integrated Network Tool
- B. System Automated Integrated Network Tool
- C. System Admin Integrated Network Tool
- D. Security Admin Integrated Network Tool
正解:A
質問 # 181
Which of the following policies helps in defining what users can and should do to use network and organization's computer equipment?
- A. User policy
- B. General policy
- C. IT policy
- D. Remote access policy
正解:A
解説:
A user policy helps in defining what users can and should do to use network and organization's computer equipment. It also defines what limitations are put on users for maintaining the network secure such as whether users can install programs on their workstations, types of programs users are using, and how users can access data.
Answer option C is incorrect. IT policy includes general policies for the IT department. These policies are intended to keep the network secure and stable. It includes the following:
Virus incident and security incident
Backup policy
Client update policies
Server configuration, patch update, and modification policies (security) Firewall policies Dmz policy, email retention, and auto forwarded email policy Answer option A is incorrect. It defines the high level program policy and business continuity plan.
Answer option B is incorrect. Remote access policy is a document that outlines and defines acceptable methods of remotely connecting to the internal network.
質問 # 182
Larry is responsible for the company's network consisting of 300 workstations and 25 servers. After using a hosted email service for a year, the company wants to control the email internally. Larry likes this idea because it will give him more control over the email. Larry wants to purchase a server for email but does not want the server to be on the internal network due to the potential to cause security risks. He decides to place the server outside of the company's internal firewall. There is another firewall connected directly to the Internet that will protect traffic from accessing the email server. The server will be placed between the two firewalls. What logical area is Larry putting the new email server into?
- A. He will put the email server in an IPsec zone.
- B. He is going to place the server in a Demilitarized Zone (DMZ)
- C. For security reasons, Larry is going to place the email server in the company's Logical Buffer Zone (LBZ).
- D. Larry is going to put the email server in a hot-server zone.
正解:B
質問 # 183
Which of the following honeypots is a useful little burglar alarm?
- A. Honeyd
- B. Backofficer friendly
- C. Specter
- D. Honeynet
正解:B
質問 # 184
Which firewall technology can be implemented in all (application, session, transport, network, and presentation) layers of the OSl model?
- A. Circuit-level gateway
- B. VPN
- C. Packet filtering
- D. Network address translation
正解:A
解説:
A circuit-level gateway is a type of firewall technology that can be implemented across all layers of the OSI model, including the application, session, transport, network, and presentation layers. This type of firewall monitors TCP handshaking and session fulfillment between packets to ensure that the session is legitimate. Circuit-level gateways are effective because they do not inspect the packet itself, but rather the transmission attributes to ensure a trusted session is established.
質問 # 185
Consider a scenario consisting of a tree network. The root Node N is connected to two man nodes N1 and N2. N1 is connected to N11 and N12. N2 is connected to N21 and N22. What will happen if any one of the main nodes fail?
- A. Affects the root node only
- B. Does not cause any disturbance to the child nodes or its tranmission
- C. Failure of the main node will affect all related child nodes connected to the main node
- D. Failure of the main node affects all other child nodes at the same level irrespective of the main node.
正解:C
質問 # 186
In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?
- A. DDoS attack
- B. Bonk attack
- C. Smurf attack
- D. Buffer-overflow attack
正解:A
解説:
In the distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that it has previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for the DDoS attack.
Answer option A is incorrect. A Smurf attack is a type of attack that uses third-party intermediaries to defend against, and get back to the originating system. In a Smurf attack, a false ping packet is forwarded by the originating system. The broadcast address of the third-party network is the packet's destination. Hence, each machine on the third-party network has a copy of the ping request. The victim system is the originator. The originator rapidly forwards a large number of these requests via different intermediary networks. The victim gets overwhelmed by these large number of requests.
Answer option B is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks:
stack-based buffer overflow attack:
Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow.
heap-based buffer overflow attack:
Heap-based overflow attack floods the memory space reserved for the programs.
Answer option D is incorrect. Bonk attack is a variant of the teardrop attack that affects mostly Windows computers by sending corrupt UDP packets to DNS port 53. It is a type of denial-of-service (DoS) attack. A bonk attack manipulates a fragment offset field in TCP/IP packets. This field tells a computer how to reconstruct a packet that was fragmented, because it is difficult to transmit big packets. A bonk attack causes the target computer to reassemble a packet that is too big to be reassembled and causes the target computer to crash.
質問 # 187
Which of the following types of RAID is also known as disk striping?
- A. RAID 1
- B. RAID 0
- C. RAID 3
- D. RAID 2
正解:B
質問 # 188
Nancy is working as a network administrator for a small company. Management wants to implement a RAID storage for their organization. They want to use the appropriate RAID level for their backup plan that will satisfy the following requirements: 1. It has a parity check to store all the information about the data in multiple drives 2. Help reconstruct the data during downtime. 3. Process the data at a good speed. 4. Should not be expensive. The management team asks Nancy to research and suggest the appropriate RAID level that best suits their requirements. What RAID level will she suggest?
- A. RAID 1
- B. RAID 0
- C. RAID 10
- D. RAID 3
正解:D
解説:
RAID 3 is a level of RAID that uses striping with a dedicated parity disk. This means that data is spread across multiple disks, and parity information is stored on one dedicated disk. RAID 3 allows for good read and write speeds and can reconstruct data if one drive fails, thanks to the parity information. It is also a cost-effective solution because it requires only one additional disk for parity, regardless of the size of the array. This makes it suitable for environments where data throughput and fault tolerance are important but budget constraints are a consideration.
質問 # 189
The company has implemented a backup plan. James is working as a network administrator for the company and is taking full backups of the data every time a backup is initiated. Alex who is a senior security manager talks to him about using a differential backup instead and asks him to implement this once a full backup of the data is completed. What is/are the reason(s) Alex is suggesting that James use a differential backup? (Select all that apply)
- A. Father restoration
- B. Less storage space is required
- C. Less expensive than full backup
- D. Faster than a full backup
- E. Slower than a full backup
正解:B、D
質問 # 190
The--------------protocol works in the network layer and is responsible for handling the error codes during the delivery of packets. This protocol is also responsible for providing communication in the TCP/IP stack.
- A. ICMP
- B. ARP
- C. RARP
- D. DHCP
正解:A
解説:
The Internet Control Message Protocol (ICMP) operates at the network layer and is integral to the Internet Protocol suite. It is utilized primarily for error handling during packet delivery, such as informing senders of a failed delivery due to unreachable destinations or other path-related issues. ICMP is also used for diagnostic purposes, with tools like ping and traceroute relying on ICMP messages to test connectivity and trace packet routes. Unlike transport layer protocols like TCP or UDP, ICMP does not establish a connection before sending messages, making it a connectionless protocol. This characteristic allows ICMP to quickly relay error messages and network information without the overhead of establishing a session.
質問 # 191
Which of the following network scanning tools is a TCP/UDP port scanner that works as a ping sweeper and hostname resolver?
- A. Netstat
- B. Hping
- C. Nmap
- D. SuperScan
正解:D
解説:
SuperScan is a TCP/UDP port scanner. It also works as a ping sweeper and hostname resolver. It can ping a given range of IP addresses and resolve the host name of the remote system.
The features of SuperScan are as follows:
It scans any port range from a built-in list or any given range.
It performs ping scans and port scans using any IP range.
It modifies the port list and port descriptions using the built in editor.
It connects to any discovered open port using user-specified "helper" applications.
It has the transmission speed control utility.
Answer option D is incorrect. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows, etc.
Answer option C is incorrect. Netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics. It is available on Unix, Unix-like, and Windows NT-based operating systems. It is used to find problems on the network and to determine the amount of traffic on the network as a performance measurement.
Answer option A is incorrect. Hping is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de facto tools for security auditing and testing of firewalls and networks. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in very short time. Like most tools used in computer security, hping is useful to both system administrators and crackers (or script kiddies).
質問 # 192
In which of the following transmission modes is data sent and received alternatively?
- A. Half-duplex mode
- B. Simplex mode
- C. Bridge mode
- D. Full-duplex mode
正解:A
質問 # 193
Which of the following are the responsibilities of the disaster recovery team? Each correct answer represents a
complete solution. Choose all that apply.
- A. To notify management, affected personnel, and third parties about the disaster
- B. To initiate the execution of the disaster recovery procedures
- C. To monitor the execution of the disaster recovery plan and assess the results
- D. To modify and update the disaster recovery plan according to the lessons learned from previous disaster
recovery efforts
正解:A、B、C、D
解説:
The responsibilities of the disaster recovery team are as follows: To develop, deploy, and monitor the
implementation of appropriate disaster recovery plans after analysis of business objectives and threats to
organizations
To notify management, affected personnel, and third parties about the disaster
To initiate the execution of the disaster recovery procedures
To monitor the execution of the disaster recovery plan and assess the results
To return operations to normal conditions
To modify and update the disaster recovery plan according to the lessons learned from previous disaster
recovery efforts
To increase the level of the organization's disaster recovery preparedness by conducting mock drills, regular
DR systems testing, and threat analysis to create awareness among various stakeholders of the organization
by conducting training and awareness sessions
質問 # 194
Which of the following characteristics represents a normal TCP packet?
- A. FIN ACK and ACK are used in terminating the connection
- B. Source or destination port b zero
- C. SYN and FIN bits are set
- D. The destination address is a broadcast address
正解:A
質問 # 195
Adam, a malicious hacker, has just succeeded in stealing a secure cookie via a XSS attack. He is able to
replay the cookie even while the session is valid on the server. Which of the following is the most likely reason
of this cause?
- A. Encryption is performed at the application layer (single encryption key).
- B. No encryption is applied.
- C. Encryption is performed at the network layer (layer 1 encryption).
- D. Two way encryption is applied.
正解:A
解説:
Single key encryption uses a single word or phrase as the key. The same key is used by the sender to encrypt
and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from
one to the other. With TLS or SSL this would not be possible. Symmetric encryption is a type of encryption that
uses a single key to encrypt and decrypt data. Symmetric encryption algorithms are faster than public key
encryption. Therefore, it is commonly used when a message sender needs to encrypt a large amount of data.
Data Encryption Standard (DES) uses the symmetric encryption key algorithm to encrypt data.
質問 # 196
Which of the following is a management process that provides a framework to stimulate a rapid recovery, and the ability to react effectively to protect the interests of its brand, reputation and stakeholders?
- A. Business Continuity Management
- B. patch management
- C. None
- D. response systems
- E. log analysis
正解:A
質問 # 197
Which type of information security policy addresses the implementation and configuration of technology and user behavior?
- A. Acceptable use policy
- B. Issue-specific security policy
- C. System specific security policy
- D. Enterprise information security policy
正解:C
質問 # 198
Which of the following is a worldwide organization that aims to establish, refine, and promote Internet security
standards?
- A. ANSI
- B. WASC
- C. IEEE
- D. ITU
正解:B
解説:
Web Application Security Consortium (WASC) is a worldwide organization that aims to establish, refine, and
promote Internet security standards. WASC is vendor-neutral, although members may belong to corporations
involved in the research, development, design, and distribution of Web security-related products.
Answer option A is incorrect. ANSI (American National Standards Institute) is the primary organization for
fostering the development of technology standards in the United States. ANSI works with industry groups and
is the U.S. member of the International Organization for Standardization (ISO) and the International Electro-
technical Commission (IEC). Long-established computer standards from ANSI include the American Standard
Code for Information Interchange (ASCII) and the Small Computer System Interface (SCSI).
Answer option D is incorrect. The International Telecommunication Union (ITU) is an organization established
to standardize and regulate international radio and telecommunications. Its main tasks include standardization,
allocation of the radio spectrum, and organizing interconnection arrangements between different countries to
allow international phone calls. ITU sets standards for global telecom networks.
The ITU's telecommunications division (ITU-T) produces more than 200 standard recommendations each year
in the converging areas of telecommunications, information technology, consumer electronics, broadcasting
and multimedia communications. ITU was streamlined into the following three sectors:
ITU-D (Telecommunication Development)
ITU-R (Radio communication)
ITU-T (Telecommunication Standardization)
Answer option C is incorrect. The Institute of Electrical and Electronic Engineers (IEEE) is a society of technical
professionals. It promotes the development and application of electro-technology and allied sciences. IEEE
develops communications and network standards, among other activities. The organization publishes number
of journals, has many local chapters, and societies in specialized areas.
質問 # 199
......
実験された試験材料は312-38:https://jp.fast2test.com/312-38-premium-file.html
最新312-38リアル試験問題をフォローせよ!:https://drive.google.com/open?id=1FIngkazFvuLB9tucLtYxqpgNmWPAcgPA