312-50v11練習試験と学習ガイドは厳密検証されたFast2test最新な525問題
2023年最新のな厳密検証された合格させる312-50v11学習ガイドベズトお試しセット
CEH v11 認定試験は、情報セキュリティ業界でスキルと知識を向上させたいプロフェッショナルを対象としています。この試験は、エシカルハッキングとサイバーセキュリティの分野に転換したい人々にも適しています。認定試験は、エシカルハッキングの分野での個人の知識とスキルを総合的に評価するよう設計されています。
EC-COUNCIL 312-50v11 認定倫理的ハッカー試験(CEH v11)は、サイバーセキュリティの分野で最も広く認知され尊重されている資格の1つです。倫理的ハッカーまたはサイバーセキュリティ専門家になりたいと考えているプロフェッショナルのスキルと知識をテストするために設計されています。最新の業界基準とベストプラクティスに基づいており、候補者が最新の知識とスキルを備えていることを保証します。
質問 # 33
Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney's account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney's account.
What is the attack performed by Boney in the above scenario?
- A. Session fixation attack
- B. Forbidden attack
- C. CRIME attack
- D. Session donation attack
正解:A
質問 # 34
Why should the security analyst disable/remove unnecessary ISAPI filters?
- A. To defend against jailbreaking
- B. To defend against webserver attacks
- C. To defend against wireless attacks
- D. To defend against social engineering attacks
正解:B
質問 # 35
You have successfully comprised a server having an IP address of 10.10.0.5.
You would like to enumerate all machines in the same network quickly.
What is the best Nmap command you will use?
- A. nmap -T4 -q 10.10.0.0/24
- B. nmap -T4 -r 10.10.1.0/24
- C. nmap -T4 -O 10.10.0.0/24
- D. nmap -T4 -F 10.10.0.0/24
正解:D
質問 # 36
Study the following log extract and identify the attack.
- A. Unicode Directory Traversal Attack
- B. Cross Site Scripting
- C. Hexcode Attack
- D. Multiple Domain Traversal Attack
正解:A
質問 # 37
What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?
- A. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
- B. Symmetric encryption allows the server to securely transmit the session keys out-of-band.
- C. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
- D. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.
正解:A
質問 # 38
Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials.
He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?
- A. Password reuse
- B. Reverse engineering
- C. Social engineering
- D. insider threat
正解:C
解説:
Explanation
Just like any other service that accepts usernames and passwords for logging in, AWS users are vulnerable to social engineering attacks from attackers. fake emails, calls, or any other method of social engineering, may find yourself with an AWS users' credentials within the hands of an attacker.
If a user only uses API keys for accessing AWS, general phishing techniques could still use to gain access to other accounts or their pc itself, where the attacker may then pull the API keys for aforementioned AWS user.
With basic opensource intelligence (OSINT), it's usually simple to collect a list of workers of an organization that use AWS on a regular basis. This list will then be targeted with spear phishing to do and gather credentials. an easy technique may include an email that says your bill has spiked 500th within the past 24 hours, "click here for additional information", and when they click the link, they're forwarded to a malicious copy of the AWS login page designed to steal their credentials.
An example of such an email will be seen within the screenshot below. it's exactly like an email that AWS would send to you if you were to exceed the free tier limits, except for a few little changes. If you clicked on any of the highlighted regions within the screenshot, you'd not be taken to the official AWS web site and you'd instead be forwarded to a pretend login page setup to steal your credentials.
These emails will get even more specific by playing a touch bit additional OSINT before causing them out. If an attacker was ready to discover your AWS account ID on-line somewhere, they could use methods we at rhino have free previously to enumerate what users and roles exist in your account with none logs contact on your side. they could use this list to more refine their target list, further as their emails to reference services they will know that you often use.
For reference, the journal post for using AWS account IDs for role enumeration will be found here and the journal post for using AWS account IDs for user enumeration will be found here.
During engagements at rhino, we find that phishing is one in all the fastest ways for us to achieve access to an AWS environment.
質問 # 39
jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?
- A. Website defacement
A mirror site may be a website or set of files on a computer server that has been copied to a different computer server in order that the location or files are available from quite one place. A mirror site has its own URL, but is otherwise just like the principal site. Load-balancing devices allow high-volume sites to scale easily, dividing the work between multiple mirror sites. A mirror site is typically updated frequently to make sure it reflects the contents of the first site. In some cases, the first site may arrange for a mirror site at a bigger location with a better speed connection and, perhaps, a better proximity to an outsized audience. If the first site generates an excessive amount of traffic, a mirror site can ensure better availability of the web site or files. For websites that provide copies or updates of widely used software, a mirror site allows the location to handle larger demands and enables the downloaded files to arrive more quickly. Microsoft, Sun Microsystems and other companies have mirror sites from which their browser software are often downloaded. Mirror sites are wont to make site access faster when the first site could also be geographically distant from those accessing it. A mirrored web server is usually located on a special continent from the principal site, allowing users on the brink of the mirror site to urge faster and more reliable access. Mirroring an internet site also can be done to make sure that information are often made available to places where access could also be unreliable or censored. In 2013, when Chinese authorities blocked access to foreign media outlets just like the Wall Street Journal and Reuters, site mirroring was wont to restore access and circumvent government censorship. - B. Web cache poisoning
- C. website mirroring
- D. Session hijacking
正解:C
質問 # 40
Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network.
Which of the following host discovery techniques must he use to perform the given task?
- A. arp ping scan
- B. ACK flag probe scan
- C. TCP Maimon scan
- D. UDP scan
正解:A
解説:
One of the most common Nmap usage scenarios is scanning an Ethernet LAN. Most LANs, especially those that use the private address range granted by RFC 1918, do not always use the overwhelming majority of IP addresses. When Nmap attempts to send a raw IP packet, such as an ICMP echo request, the OS must determine a destination hardware (ARP) address, such as the target IP, so that the Ethernet frame can be properly addressed. .. This is required to issue a series of ARP requests. This is best illustrated by an example where a ping scan is attempted against an Area Ethernet host. The -send-ip option tells Nmap to send IP-level packets (rather than raw Ethernet), even on area networks. The Wireshark output of the three ARP requests and their timing have been pasted into the session.
Raw IP ping scan example for offline targets
This example took quite a couple of seconds to finish because the (Linux) OS sent three ARP requests at 1 second intervals before abandoning the host. Waiting for a few seconds is excessive, as long as the ARP response usually arrives within a few milliseconds. Reducing this timeout period is not a priority for OS vendors, as the overwhelming majority of packets are sent to the host that actually exists. Nmap, on the other hand, needs to send packets to 16 million IP s given a target like 10.0.0.0/8. Many targets are pinged in parallel, but waiting 2 seconds each is very delayed.
There is another problem with raw IP ping scans on the LAN. If the destination host turns out to be unresponsive, as in the previous example, the source host usually adds an incomplete entry for that destination IP to the kernel ARP table. ARP tablespaces are finite and some operating systems become unresponsive when full. If Nmap is used in rawIP mode (-send-ip), Nmap may have to wait a few minutes for the ARP cache entry to expire before continuing host discovery.
ARP scans solve both problems by giving Nmap the highest priority. Nmap issues raw ARP requests and handles retransmissions and timeout periods in its sole discretion. The system ARP cache is bypassed. The example shows the difference. This ARP scan takes just over a tenth of the time it takes for an equivalent IP.
Example b ARP ping scan of offline target
In example b, neither the -PR option nor the -send-eth option has any effect. This is often because ARP has a default scan type on the Area Ethernet network when scanning Ethernet hosts that Nmap discovers. This includes traditional wired Ethernet as 802.11 wireless networks. As mentioned above, ARP scanning is not only more efficient, but also more accurate. Hosts frequently block IP-based ping packets, but usually cannot block ARP requests or responses and communicate over the network.Nmap uses ARP instead of all targets on equivalent targets, even if different ping types (such as -PE and -PS) are specified. LAN.. If you do not need to attempt an ARP scan at all, specify -send-ip as shown in Example a "Raw IP Ping Scan for Offline Targets".
If you give Nmap control to send raw Ethernet frames, Nmap can also adjust the source MAC address. If you have the only PowerBook in your security conference room and a large ARP scan is initiated from an Apple-registered MAC address, your head may turn to you. Use the -spoof-mac option to spoof the MAC address as described in the MAC Address Spoofing section.
質問 # 41
Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script.
After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives.
What is the tool employed by Mason in the above scenario?
- A. WebBrowserPassView
- B. NetPass.exe
- C. Credential enumerator
- D. Outlook scraper
正解:C
質問 # 42
Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?
- A. Botnet
- B. Intrusion detection system
- C. Honeypot
- D. Firewall
正解:C
質問 # 43
Which command can be used to show the current TCP/IP connections?
- A. Netstat
- B. Netsh
- C. Net use connection
- D. Net use
正解:B
質問 # 44
Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?
- A. integrity algorithms
- B. hashing algorithms
- C. symmetric algorithms
- D. asymmetric algorithms
正解:B
質問 # 45
A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.
what tests would you perform to determine whether his computer Is Infected?
- A. Use netstat and check for outgoing connections to strange IP addresses or domains.
- B. You do not check; rather, you immediately restore a previous snapshot of the operating system.
- C. Upload the file to VirusTotal.
- D. Use ExifTool and check for malicious content.
正解:D
質問 # 46
What is not a PCI compliance recommendation?
- A. Rotate employees handling credit card transactions on a yearly basis to different departments.
- B. Use encryption to protect all transmission of card holder data over any public network.
- C. Limit access to card holder data to as few individuals as possible.
- D. Use a firewall between the public network and the payment card data.
正解:A
質問 # 47
Heather's company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring.
Which of the following is this type of solution?
- A. Saas
- B. Caas
- C. Iaas
- D. PaaS
正解:A
質問 # 48
ViruXine.W32 virus hides their presence by changing the underlying executable code.
This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.
Here is a section of the Virus code:
What is this technique called?
- A. Metamorphic Virus
- B. Dravidic Virus
- C. Stealth Virus
- D. Polymorphic Virus
正解:D
質問 # 49
Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company.
The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?
- A. Investigation
- B. Exploration
- C. Enumeration
- D. Reconnaissance
正解:D
質問 # 50
The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?
- A. Promiscuous mode
- B. WEM
- C. Port forwarding
- D. Multi-cast mode
正解:A
質問 # 51
To hide the file on a Linux system, you have to start the filename with a specific character. What is the character?
- A. Tilde H
- B. Exclamation mark (!)
- C. Period (.)
- D. Underscore (_)
正解:C
質問 # 52
An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?
- A. Tree-based assessment
- B. inference-based assessment
- C. Product-based solutions
- D. Service-based solutions
正解:D
解説:
As systems approaches to the event of biological models become more mature, attention is increasingly that specialize in the matter of inferring parameter values within those models from experimental data. However, particularly for nonlinear models, it's not obvious, either from inspection of the model or from the experimental data, that the inverse problem of parameter fitting will have a singular solution, or maybe a non-unique solution that constrains the parameters to lie within a plausible physiological range. Where parameters can't be constrained they're termed 'unidentifiable'. We specialise in gaining insight into the causes of unidentifiability using inference-based methods, and compare a recently developed measure-theoretic approach to inverse sensitivity analysis to the favored Markov chain Monte Carlo and approximate Bayesian computation techniques for Bayesian inference. All three approaches map the uncertainty in quantities of interest within the output space to the probability of sets of parameters within the input space. The geometry of those sets demonstrates how unidentifiability are often caused by parameter compensation and provides an intuitive approach to inference-based experimental design.
質問 # 53
Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system.
Which TCP and UDP ports must you filter to check null sessions on your network?
- A. 137 and 139
- B. 139 and 443
- C. 137 and 443
- D. 139 and 445
正解:D
質問 # 54
Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?
- A. Wardriving
- B. jamming signal attack
- C. aLTEr attack
- D. KRACK attack
正解:C
解説:
aLTEr attacks are usually performed on LTE devices Attacker installs a virtual (fake) communication tower between two authentic endpoints intending to mislead the victim This virtual tower is used to interrupt the data transmission between the user and real tower attempting to hijack the active session.
質問 # 55
Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario?
- A. SMS phishing attack
- B. Agent Smith attack
- C. SIM card attack
- D. Clickjacking
正解:D
解説:
Explanation
Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. this will cause users to unwittingly download malware, visit malicious sites , provide credentials or sensitive information, transfer money, or purchase products online.Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they're clicking the visible page but actually they're clicking an invisible element within the additional page transposed on top of it.The invisible page might be a malicious page, or a legitimate page the user didn't shall visit - for instance , a page on the user's banking site that authorizes the transfer of cash .There are several variations of the clickjacking attack, such as:* Likejacking - a way during which the Facebook "Like" button is manipulated, causing users to "like" a page they really didn't shall like.* Cursorjacking - a UI redressing technique that changes the cursor for the position the user perceives to a different position. Cursorjacking relies on vulnerabilities in Flash and therefore the Firefox browser, which have now been fixed.
Clickjacking attack example1. The attacker creates a beautiful page which promises to offer the user a free trip to Tahiti.2. within the background the attacker checks if the user is logged into his banking site and if so, loads the screen that permits transfer of funds, using query parameters to insert the attacker's bank details into the shape .3. The bank transfer page is displayed in an invisible iframe above the free gift page, with the "Confirm Transfer" button exactly aligned over the "Receive Gift" button visible to the user.4. The user visits the page and clicks the "Book My Free Trip" button.5. actually the user is clicking on the invisible iframe, and has clicked the "Confirm Transfer" button. Funds are transferred to the attacker.6. The user is redirected to a page with information about the free gift (not knowing what happened within the background).
This example illustrates that, during a clickjacking attack, the malicious action (on the bank website, during this case) can't be traced back to the attacker because the user performed it while being legitimately signed into their own account.
Clickjacking mitigationThere are two general ways to defend against clickjacking:* Client-side methods - the foremost common is named Frame Busting. Client-side methods are often effective in some cases, but are considered to not be a best practice, because they will be easily bypassed.* Server-side methods - the foremost common is X-Frame-Options. Server-side methods are recommended by security experts as an efficient thanks to defend against clickjacking.
質問 # 56
Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?
- A. Email footprinting
- B. VPN footprinting
- C. Whois footprinting
- D. VoIP footprinting
正解:C
解説:
WHOIS (pronounced because the phrase who is) may be a query and response protocol and whois footprinting may be a method for glance information about ownership of a website name as following: * name details * Contact details contain phone no. and email address of the owner * Registration date for the name * Expire date for the name * name servers
質問 # 57
Ricardo has discovered the username for an application in his targets environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application, what type of attack is Ricardo performing?
- A. Dictionary
- B. Brute force
- C. Known plaintext
- D. Password spraying
正解:B
解説:
Explanation
A dictionary Attack as an attack vector utilized by the attacker to break in a very system, that is password protected, by golf shot technically each word in a very dictionary as a variety of password for that system. This attack vector could be a variety of Brute Force Attack.
The lexicon will contain words from an English dictionary and conjointly some leaked list of commonly used passwords and once combined with common character substitution with numbers, will generally be terribly effective and quick.
How is it done?
Basically, it's attempting each single word that's already ready. it's done victimization machine-controlled tools that strive all the possible words within the dictionary.
Some password Cracking Software:
* John the ripper
* L0phtCrack
* Aircrack-ng
質問 # 58
......
CEH v11試験は、倫理的なハッキングのコンセプト、ネットワークスキャンと列挙、システムハッキング、ソーシャルエンジニアリング、暗号化、マルウェア解析など、ネットワークセキュリティに関連する幅広いトピックをカバーしています。試験は、複数のセクションに分かれており、それぞれが特定のネットワークセキュリティの領域に焦点を当てています。候補者は、一連の多肢選択問題に回答し、実践演習を完了することで、各セクションの理解を示す必要があります。
究極のガイドは312-50v11最新時間限定今すぐダウンロード!:https://jp.fast2test.com/312-50v11-premium-file.html
2023年最新のな厳密検証された合格できる312-50v11試験にはリアル問題と解答:https://drive.google.com/open?id=1dxJiUakNv0VegSB0AW2sR9WAe70DxHyc