実際にある312-50v11問題集でリアルEC-COUNCIL問題集PDFを提供しています [2024年06月]
実際のFast2test 312-50v11問題集PDFで100%合格率を保証します
EC-Council 312-50V11認定倫理ハッカー試験(CEH V11)は、倫理的ハッキングのキャリアを追求することに関心のある専門家のスキルと知識を検証する国際的に認められた認定プログラムです。この認定プログラムは、ハッカーがコンピューターシステムの脆弱性を活用するために使用する最新のハッキング技術、ツール、および方法論の詳細な理解を候補者に提供するように設計されています。
質問 # 313
What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?
- A. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
- B. Symmetric encryption allows the server to security transmit the session keys out-of-band.
- C. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.
- D. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
正解:D
質問 # 314
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts?
- A. CHNTPW
- B. SET
- C. Cain & Abel
- D. John the Ripper
正解:A
質問 # 315
Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack?
- A. BetterCAP
- B. Wireshark
- C. KDerpNSpoof
- D. Gobbler
正解:A
質問 # 316
You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?
- A. 10.1.4.156
- B. 10..1.5.200
- C. 210.1.55.200
- D. 10.1.4.254
正解:B
質問 # 317
Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?
- A. Padding oracle attack
- B. DROWN attack
- C. DUHK attack
- D. Side-channel attack
正解:B
質問 # 318
Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?
- A. Password reuse
- B. Social engineering
- C. Reverse engineering
- D. insider threat
正解:B
質問 # 319
While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?
- A. Clickjacking
- B. Cross-Site Scripting
- C. Web form input validation
- D. Cross-Site Request Forgery
正解:D
解説:
Cross Site Request Forgery (XSRF) was committed against the poor individual. Fortunately the user's bank checked with the user prior to sending the funds.
If it would be Cross Site Request Forgery than transaction shouldn't be shown from foreign country. Because CSRF sends request from current user session. It seems XSS attack where attacker stolen the cookie and made a transaction using that cookie from foreign country.
質問 # 320
Bob, an attacker, has managed to access a target loT device. He employed an online tool to gather information related to the model of the loT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above Information?
- A. FCC ID search
- B. EarthExplorer
- C. Google image search
- D. search.com
正解:A
解説:
Footprinting techniques are used to collect basic information about the target IoT and OT platforms to exploit them. Information collected through footprinting techniques ncludes IP address, hostname, ISP, device location, banner of the target IoT device, FCC ID information, certification granted to the device, etc. pg. 5052 ECHv11 manual
質問 # 321
Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company.
What is the social engineering technique Steve employed in the above scenario?
- A. Diversion theft
- B. Honey trap
- C. Baiting
- D. Piggybacking
正解:C
質問 # 322
Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?
- A. Trojan
- B. A Worm
- C. Rootkit
- D. Adware
正解:B
質問 # 323
in this form of encryption algorithm, every Individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?
- A. MDS encryption algorithm
- B. AES
- C. Triple Data Encryption standard
- D. IDEA
正解:C
解説:
Explanation
Triple DES is another mode of DES operation. It takes three 64-bit keys, for an overall key length of 192 bits.
In Stealth, you merely type within the entire 192-bit (24 character) key instead of entering each of the three keys individually. The Triple DES DLL then breaks the user-provided key into three subkeys, padding the keys if necessary in order that they are each 64 bits long. The procedure for encryption is strictly an equivalent as regular DES, but it's repeated 3 times , hence the name Triple DES. the info is encrypted with the primary key, decrypted with the second key, and eventually encrypted again with the third key.Triple DES runs 3 times slower than DES, but is far safer if used properly. The procedure for decrypting something is that the same because the procedure for encryption, except it's executed in reverse. Like DES, data is encrypted and decrypted in 64-bit chunks. Although the input key for DES is 64 bits long, the particular key employed by DES is merely 56 bits long . the smallest amount significant (right-most) bit in each byte may be a parity , and will be set in order that there are always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most vital bits of every byte are used, leading to a key length of 56 bits. this suggests that the effective key strength for Triple DES is really 168 bits because each of the three keys contains 8 parity bits that aren't used during the encryption process.Triple DES ModesTriple ECB (Electronic Code Book)* This variant of Triple DES works precisely the same way because the ECB mode of DES.* this is often the foremost commonly used mode of operation.Triple CBC (Cipher Block Chaining)* This method is extremely almost like the quality DES CBC mode.* like Triple ECB, the effective key length is 168 bits and keys are utilized in an equivalent manner, as described above, but the chaining features of CBC mode also are employed.* the primary 64-bit key acts because the Initialization Vector to DES.* Triple ECB is then executed for one 64-bit block of plaintext.* The resulting ciphertext is then XORed with subsequent plaintext block to be encrypted, and therefore the procedure is repeated.* This method adds an additional layer of security to Triple DES and is therefore safer than Triple ECB, although it's not used as widely as Triple ECB.
質問 # 324
What is the algorithm used by LM for Windows2000 SAM?
- A. SHA
- B. SSL
- C. DES
- D. MD4
正解:C
質問 # 325
There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption, what encryption protocol is being used?
- A. WPA
- B. WPA3
- C. RADIUS
- D. WEP
正解:D
解説:
Explanation
Wired Equivalent Privacy (WEP) may be a security protocol, laid out in the IEEE wireless local area network (Wi-Fi) standard, 802.11b, that's designed to supply a wireless local area network (WLAN) with A level of security and privacy like what's usually expected of a wired LAN. A wired local area network (LAN) is usually protected by physical security mechanisms (controlled access to a building, for example) that are effective for a controlled physical environment, but could also be ineffective for WLANs because radio waves aren't necessarily bound by the walls containing the network. WEP seeks to determine similar protection thereto offered by the wired network's physical security measures by encrypting data transmitted over the WLAN. encoding protects the vulnerable wireless link between clients and access points; once this measure has been taken, other typical LAN security mechanisms like password protection, end-to-end encryption, virtual private networks (VPNs), and authentication are often put in situ to make sure privacy.A research group from the University of California at Berkeley recently published a report citing "major security flaws" in WEP that left WLANs using the protocol susceptible to attacks (called wireless equivalent privacy attacks).
within the course of the group's examination of the technology, they were ready to intercept and modify transmissions and gain access to restricted networks. The Wireless Ethernet Compatibility Alliance (WECA) claims that WEP - which is included in many networking products - was never intended to be the only security mechanism for a WLAN, and that, in conjunction with traditional security practices, it's very effective.
質問 # 326
Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.
A camera captures people walking and identifies the individuals using Steve's approach.
After that, people must approximate their RFID badges. Both the identifications are required to open the door.
In this case, we can say:
- A. The solution will have a high level of false positives
- B. Biological motion cannot be used to identify people
- C. The solution implements the two authentication factors: physical object and physical characteristic
- D. Although the approach has two phases, it actually implements just one authentication factor
正解:C
質問 # 327
An attacker runs netcat tool to transfer a secret file between two hosts.
He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt the information before transmitting onto the wire?
- A. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password
- B. Use cryptcat instead of netcat
- C. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234
- D. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234
正解:B
質問 # 328
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
- A. Dsniff
- B. Snort
- C. John the Ripper
- D. Nikto
正解:D
質問 # 329
Which of the following Google advanced search operators helps an attacker in gathering information about websites that are similar to a specified target URL?
- A. [related:]
- B. [site:]
- C. [info:]
- D. [inurl:]
正解:A
質問 # 330
In an attempt to increase the security of your network, you implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know it.
How do you accomplish this?
- A. Delete the wireless network
- B. Remove all passwords
- C. Disable SSID broadcasting
- D. Lock all users
正解:C
質問 # 331
......
Certified Ethical Hacker Exam(CEH v11)は、ネットワークセキュリティ、システムセキュリティ、暗号化、Webアプリケーションセキュリティ、クラウドセキュリティなど幅広いトピックをカバーしています。試験は、ネットワークやシステムの脆弱性を特定して悪用するために必要な知識とスキルを身につけたい専門家を対象としています。この認定は、IT専門家、セキュリティ専門家、監査人、サイト管理者、セキュリティ分野でキャリアを進めたい人などに最適です。CEH v11認定は、専門家にとって貴重な資産だけでなく、サイバー脅威からネットワークやシステムを保護するために必須のものでもあります。
検証済み312-50v11問題集と解答で最新312-50v11をダウンロード:https://jp.fast2test.com/312-50v11-premium-file.html
無料EC-COUNCIL 312-50v11試験問題と解答があります:https://drive.google.com/open?id=1dxJiUakNv0VegSB0AW2sR9WAe70DxHyc