2025年最新の実際に出ると確認された 無料EC-COUNCIL 312-50v10試験問題
312-50v10リアル試験問題解答は無料
CEH V10認定試験は、ネットワーク管理者、システム管理者、セキュリティ担当者、ITマネージャーなど、コンピューターシステムとネットワークを保護する責任を負うITプロフェッショナルに最適です。認定試験は、倫理的ハッキングとサイバーセキュリティの原則における強力な基盤を提供するため、倫理的ハッキングでのキャリアを追求することに興味がある個人にも適しています。
EC-Council 312-50V10認定倫理ハッカー試験(CEH V10)は、倫理的ハッキングの分野で働きたい個人の知識とスキルをテストする高度なレベル認証試験です。この試験は、候補者がコンピューターシステムとネットワークの脆弱性を特定して活用できるようにし、そのような脆弱性を防ぐためのセキュリティ対策を実装できるように設計されています。産業がサイバー攻撃の絶え間ない脅威に直面し続けているため、この認証はサイバーセキュリティの分野で非常に人気のあるものになりました。
質問 # 399
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.
Which tool can be used to perform session splicing attacks?
- A. Hydra
- B. Burp
- C. Whisker
- D. tcpsplice
正解:C
解説:
Explanation
One basic technique is to split the attack payload into multiple small packets, so that the IDS must reassemble the packet stream to detect the attack. A simple way of splitting packets is by fragmenting them, but an adversary can also simply craft packets with small payloads. The 'whisker' evasion tool calls crafting packets with small payloads 'session splicing'.
References:
https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques#Fragmentation_and_small_packet
質問 # 400
While performing online banking using a Web browser, Kyle receives an email that contains an image of a well-crafted art. Upon clicking the image, a new tab on the web browser opens and shows an animated GIF of bills and coins being swallowed by a crocodile. After several days, Kyle noticed that all his funds on the bank was gone. What Web browser-based security vulnerability got exploited by the hacker?
- A. Web Form Input Validation
- B. Cross-Site Scripting
- C. Clickjacking
- D. Cross-Site Request Forgery
正解:D
質問 # 401
The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?
- A. Cross Site Scripting
- B. Cross Site Request Forgery
- C. Path disclosure
- D. Injection
正解:D
解説:
The top item of the OWASP 2013 OWASP's Top Ten Project Most Critical Web Application Security Risks is injection.
Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
References: https://www.owasp.org/index.php/Top_10_2013-Top_10
質問 # 402
Which of the following types of firewalls ensures that the packets are part of the established session?
- A. Stateful inspection firewall
- B. Switch-level firewall
- C. Circuit-level firewall
- D. Application-level firewall
正解:A
解説:
A stateful firewall is a network firewall that tracks the operating state and characteristics of network connections traversing it. The firewall is configured to distinguish legitimate packets for different types of connections. Only packets matching a known active connection (session) are allowed to pass the firewall.
References: https://en.wikipedia.org/wiki/Stateful_firewall
質問 # 403
Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.
In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?
- A. Every packet is dropped and the switch sends out SNMP alerts to the IDS port
- B. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
- C. The CAM overflow table will cause the switch to crash causing Denial of Service
- D. Switch then acts as hub by broadcasting packets to all machines on the network
正解:D
質問 # 404
The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable
organization focused on improving the security of software. What item is the primary concern on OWASP's
Top Ten Project Most Critical Web Application Security Risks?
- A. Cross Site Scripting
- B. Cross Site Request Forgery
- C. Path disclosure
- D. Injection
正解:D
質問 # 405
Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.
What is this document called?
- A. Information Audit Policy (IAP)
- B. Penetration Testing Policy (PTP)
- C. Information Security Policy (ISP)
- D. Company Compliance Policy (CCP)
正解:C
質問 # 406
A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?
- A. The consultant will ask for money on the bid because of great work.
- B. The company accepting bids will hire the consultant because of the great work performed.
- C. The consultant may expose vulnerabilities of other companies.
- D. The company accepting bids will want the same type of format of testing.
正解:C
質問 # 407
You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories:
lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?
- A. Hybrid Attack
- B. Dictionary Attack
- C. Brute Force Attack
- D. Online Attack
正解:A
質問 # 408
Which of the following Linux commands will resolve a domain name into IP address?
- A. >host-t ns hackeddomain.com
- B. >host -t soa hackeddomain.com
- C. >host -t AXFR hackeddomain.com
- D. >host-t a hackeddomain.com
正解:D
解説:
Explanation
質問 # 409
Which utility will tell you in real time which ports are listening or in another state?
- A. Netstat
- B. TCPView
- C. Nmap
- D. Loki
正解:B
質問 # 410
You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?
- A. hping2 -1 host.domain.com
- B. hping2 -set-ICMP host.domain.com
- C. hping2 host.domain.com
- D. hping2-i host.domain.com
正解:A
質問 # 411
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
- A. nmap -sT -O -T0
- B. nmap -sP -p-65535-T5
- C. nmap -A - Pn
- D. nmap -A --host-timeout 99-T1
正解:A
質問 # 412
A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?
- A. The password file does not contain the passwords themselves.
- B. He cannot read it because it is encrypted.
- C. The file reveals the passwords to the root user only.
- D. He can open it and read the user ids and corresponding passwords.
正解:A
質問 # 413
A zone file consists of which of the following Resource Records (RRs)?
- A. DNS, NS, AXFR, and MX records
- B. SOA, NS, A, and MX records
- C. DNS, NS, PTR, and MX records
- D. SOA, NS, AXFR, and MX records
正解:B
質問 # 414
A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer.
What is the consultant's obligation to the financial organization?
- A. Bring the discovery to the financial organization's human resource department.
- B. Stop work immediately and contact the authorities.
- C. Say nothing and continue with the security testing.
- D. Delete the pornography, say nothing, and continue security testing.
正解:B
質問 # 415
During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?
- A. Invoking the stored procedure xp_shell to spawn a Windows command shell
- B. Invoking the stored procedure xp_cmdshell to spawn a Windows command shell
- C. Invoking the stored procedure cmd_shell to spawn a Windows command shell
- D. Using the Metasploit psexec module setting the SA / Admin credential
正解:B
質問 # 416
Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?
- A. msfcli
- B. msfencode
- C. msfd
- D. msfpayload
正解:B
質問 # 417
As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?
- A. Project Scope
- B. Service Level Agreement
- C. Non-Disclosure Agreement
- D. Terms of Engagement
正解:D
質問 # 418
Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?
- A. Agile Process
- B. Lean Coding
- C. Service Oriented Architecture
- D. Object Oriented Architecture
正解:C
解説:
A service-oriented architecture (SOA) is an architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network.
References: https://en.wikipedia.org/wiki/Service-oriented_architecture
質問 # 419
......
試験問題集で312-50v10練習無料最新のEC-COUNCIL練習テスト:https://jp.fast2test.com/312-50v10-premium-file.html