Fast2test 312-50v11リアル試験問題解答は更新された[2022年01月07日]
お手軽に合格させる 最新EC-COUNCIL 312-50v11問題集には525問があります
EC-COUNCIL 312-50v11 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
質問 315
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses.
What is the tool used by Hailey for gathering a list of words from the target website?
- A. Orbot
- B. CeWL
- C. Psiphon
- D. Shadowsocks
正解: B
質問 316
Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place.
He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?
- A. Hardware, Software, and Sniffing.
- B. Hardware and Software Keyloggers.
- C. Passwords are always best obtained using Hardware key loggers.
- D. Software only, they are the most effective.
正解: A
質問 317
Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SVN ping scan?
- A. Anmap -sn -PS < target IP address >
- B. nmap -sn -pp < target ip address >
- C. nmap -sn -PA < target IP address >
- D. nmap -sn -PO < target IP address >
正解: A
質問 318
Which of the following Google advanced search operators helps an attacker in gathering information about websites that are similar to a specified target URL?
- A. [inurl:]
- B. [info:]
- C. [site:]
- D. [related:]
正解: D
質問 319
John the Ripper is a technical assessment tool used to test the weakness of which of the following?
- A. Passwords
- B. Usernames
- C. File permissions
- D. Firewall rulesets
正解: A
質問 320
what firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?
- A. Spoof source address scanning
- B. Packet fragmentation scanning
- C. Idle scanning
- D. Decoy scanning
正解: C
解説:
The idle scan could be a communications protocol port scan technique that consists of causing spoofed packets to a pc to seek out out what services square measure obtainable. this can be accomplished by impersonating another pc whose network traffic is extremely slow or nonexistent (that is, not transmission or receiving information). this might be associate idle pc, known as a "zombie".
This action are often done through common code network utilities like nmap and hping. The attack involves causing solid packets to a particular machine target in an attempt to seek out distinct characteristics of another zombie machine. The attack is refined as a result of there's no interaction between the offender pc and also the target: the offender interacts solely with the "zombie" pc.
This exploit functions with 2 functions, as a port scanner and a clerk of sure informatics relationships between machines. The target system interacts with the "zombie" pc and distinction in behavior are often discovered mistreatment totally different|completely different "zombies" with proof of various privileges granted by the target to different computers.
The overall intention behind the idle scan is to "check the port standing whereas remaining utterly invisible to the targeted host." The first step in execution associate idle scan is to seek out associate applicable zombie. It must assign informatics ID packets incrementally on a worldwide (rather than per-host it communicates with) basis. It ought to be idle (hence the scan name), as extraneous traffic can raise its informatics ID sequence, confusing the scan logic. The lower the latency between the offender and also the zombie, and between the zombie and also the target, the quicker the scan can proceed.
Note that once a port is open, IPIDs increment by a pair of. Following is that the sequence:
offender to focus on -> SYN, target to zombie ->SYN/ACK, Zombie to focus on -> RST (IPID increment by 1) currently offender tries to probe zombie for result. offender to Zombie ->SYN/ACK, Zombie to offender -> RST (IPID increment by 1) So, during this method IPID increments by a pair of finally.
When associate idle scan is tried, tools (for example nmap) tests the projected zombie and reports any issues with it. If one does not work, attempt another. Enough net hosts square measure vulnerable that zombie candidates are not exhausting to seek out. a standard approach is to easily execute a ping sweep of some network. selecting a network close to your supply address, or close to the target, produces higher results. you'll be able to attempt associate idle scan mistreatment every obtainable host from the ping sweep results till you discover one that works. As usual, it's best to raise permission before mistreatment someone's machines for surprising functions like idle scanning.
Simple network devices typically create nice zombies as a result of {they square measure|they're} normally each underused (idle) and designed with straightforward network stacks that are susceptible to informatics ID traffic detection.
While distinguishing an acceptable zombie takes some initial work, you'll be able to keep re-using the nice ones. as an alternative, there are some analysis on utilizing unplanned public internet services as zombie hosts to perform similar idle scans. leverage the approach a number of these services perform departing connections upon user submissions will function some quite poor's man idle scanning.
質問 321
What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?
- A. httpd.conf
- B. administration.config
- C. idq.dll
- D. php.ini
正解: D
質問 322
What is the common name for a vulnerability disclosure program opened by companies In platforms such as HackerOne?
- A. White-hat hacking program
- B. Vulnerability hunting program
- C. Bug bounty program
- D. Ethical hacking program
正解: C
解説:
Explanation
Bug bounty programs allow independent security researchers to report bugs to an companies and receive rewards or compensation. These bugs area unit sometimes security exploits and vulnerabilities, although they will additionally embody method problems, hardware flaws, and so on.
The reports area unit usually created through a program travel by associate degree freelance third party (like Bugcrowd or HackerOne). The companies can got wind of (and run) a program curated to the organization's wants.
Programs is also non-public (invite-only) wherever reports area unit unbroken confidential to the organization or public (where anyone will sign in and join). they will happen over a collection timeframe or with without stopping date (though the second possibility is a lot of common).
Who uses bug bounty programs?Many major organizations use bug bounties as an area of their security program, together with AOL, Android, Apple, Digital Ocean, and goldman Sachs. you'll read an inventory of all the programs offered by major bug bounty suppliers, Bugcrowd and HackerOne, at these links.
Why do corporations use bug bounty programs?Bug bounty programs provide corporations the flexibility to harness an outsized cluster of hackers so as to seek out bugs in their code.
This gives them access to a bigger variety of hackers or testers than they'd be able to access on a one-on-one basis. It {can also|also will|can even|may also|may} increase the probabilities that bugs area unit found and reported to them before malicious hackers can exploit them.
It may also be an honest publicity alternative for a firm. As bug bounties became a lot of common, having a bug bounty program will signal to the general public and even regulators that a corporation incorporates a mature security program.
This trend is likely to continue, as some have began to see bug bounty programs as an business normal that all companies ought to invest in.
Why do researchers and hackers participate in bug bounty programs?Finding and news bugs via a bug bounty program may end up in each money bonuses and recognition. In some cases, it will be a good thanks to show real-world expertise once you are looking for employment, or will even facilitate introduce you to parents on the protection team within an companies.
This can be full time income for a few of us, income to supplement employment, or the way to point out off your skills and find a full time job.
It may also be fun! it is a nice (legal) probability to check out your skills against huge companies and government agencies.
What area unit the disadvantages of a bug bounty program for independent researchers and hackers?A lot of hackers participate in these varieties of programs, and it will be tough to form a major quantity of cash on the platform.
In order to say the reward, the hacker has to be the primary person to submit the bug to the program. meaning that in apply, you may pay weeks searching for a bug to use, solely to be the person to report it and build no cash.
Roughly ninety seven of participants on major bug bounty platforms haven't sold-out a bug.
In fact, a 2019 report from HackerOne confirmed that out of quite three hundred,000 registered users, solely around two.5% received a bounty in their time on the platform.
Essentially, most hackers are not creating a lot of cash on these platforms, and really few square measure creating enough to switch a full time wage (plus they do not have advantages like vacation days, insurance, and retirement planning).
What square measure the disadvantages of bug bounty programs for organizations?These programs square measure solely helpful if the program ends up in the companies realizeing issues that they weren't able to find themselves (and if they'll fix those problems)!
If the companies is not mature enough to be able to quickly rectify known problems, a bug bounty program is not the right alternative for his or her companies.
Also, any bug bounty program is probably going to draw in an outsized range of submissions, several of which can not be high-quality submissions. a corporation must be ready to cope with the exaggerated volume of alerts, and also the risk of a coffee signal to noise magnitude relation (essentially that it's probably that they're going to receive quite few unhelpful reports for each useful report).
Additionally, if the program does not attract enough participants (or participants with the incorrect talent set, and so participants are not able to establish any bugs), the program is not useful for the companies.
The overwhelming majority of bug bounty participants consider web site vulnerabilities (72%, per HackerOn), whereas solely a number of (3.5%) value more highly to seek for package vulnerabilities.
This is probably because of the actual fact that hacking in operation systems (like network hardware and memory) needs a big quantity of extremely specialised experience. this implies that firms may even see vital come on investment for bug bounties on websites, and not for alternative applications, notably those that need specialised experience.
This conjointly implies that organizations which require to look at AN application or web site among a selected time-frame may not need to rely on a bug bounty as there is no guarantee of once or if they receive reports.
Finally, it are often probably risky to permit freelance researchers to try to penetrate your network. this could end in public speech act of bugs, inflicting name harm within the limelight (which could end in individuals not eager to purchase the organizations' product or service), or speech act of bugs to additional malicious third parties, United Nations agency may use this data to focus on the organization.
質問 323
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT.
POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?
- A. REST API
- B. JSON-RPC
- C. RESTful API
- D. SOAP API
正解: A
質問 324
jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes.
In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?
- A. Website defacement
- B. Session hijacking
- C. Web cache poisoning
- D. website mirroring
正解: C
解説:
Explanation
Web cache poisoning is a complicated technique whereby an attacker exploits the behavior of an internet server and cache in order that a harmful HTTP response is served to other users.Fundamentally, web cache poisoning involves two phases. First, the attacker must compute the way to elicit a response from the back-end server that inadvertently contains some quite dangerous payload. Once successful, they have to form sure that their response is cached and subsequently served to the intended victims.A poisoned web cache can potentially be a devastating means of distributing numerous different attacks, exploiting vulnerabilities like XSS, JavaScript injection, open redirection, and so on.
How does an internet cache work?To understand how web cache poisoning vulnerabilities arise, it's important to possess a basic understanding of how web caches work.If a server had to send a replacement response to each single HTTP request separately, this is able to likely overload the server, leading to latency issues and a poor user experience, especially during busy periods. Caching is primarily a way of reducing such issues.The cache sits between the server and therefore the user, where it saves (caches) the responses to particular requests, usually for a hard and fast amount of your time . If another user then sends the same request, the cache simply serves a replica of the cached response on to the user, with none interaction from the back-end.
This greatly eases the load on the server by reducing the amount of duplicate requests it's to handle.
Cache keysWhen the cache receives an HTTP request, it first has got to determine whether there's a cached response that it can serve directly, or whether it's to forward the request for handling by the back-end server.
Caches identify equivalent requests by comparing a predefined subset of the request's components, known collectively because the "cache key". Typically, this is able to contain the request line and Host header.
Components of the request that aren't included within the cache key are said to be "unkeyed".If the cache key of an incoming request matches the key of a previous request, then the cache considers them to be equivalent.
As a result, it'll serve a replica of the cached response that was generated for the first request. this is applicable to all or any subsequent requests with the matching cache key, until the cached response expires.Crucially, the opposite components of the request are ignored altogether by the cache. We'll explore the impact of this behavior in additional detail later.
What is the impact of an internet cache poisoning attack?The impact of web cache poisoning is heavily hooked in to two key factors:* What precisely the attacker can successfully get cachedAs the poisoned cache is more a way of distribution than a standalone attack, the impact of web cache poisoning is inextricably linked to how harmful the injected payload is. like most sorts of attack, web cache poisoning also can be utilized in combination with other attacks to escalate the potential impact even further.* The quantity of traffic on the affected pageThe poisoned response will only be served to users who visit the affected page while the cache is poisoned. As a result, the impact can range from non-existent to massive counting on whether the page is popular or not. If an attacker managed to poison a cached response on the house page of a serious website, for instance , the attack could affect thousands of users with none subsequent interaction from the attacker.Note that the duration of a cache entry doesn't necessarily affect the impact of web cache poisoning. An attack can usually be scripted in such how that it re-poisons the cache indefinitely.
質問 325
Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network.
Which of the following host discovery techniques must he use to perform the given task?
- A. TCP Maimon scan
- B. ACK flag probe scan
- C. UDP scan
- D. ARP ping scan
正解: D
質問 326
Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols Is used by Bella?
- A. HTTPS
- B. FTPS
- C. FTP
- D. IP
正解: A
解説:
Explanation
HTTPS is the shortening for hypertext move convention secure, or secure hypertext move convention in the event that you are not a fanatic for semantics.
How Does HTTPS Work?Dissimilar to HTTP, HTTPS utilizes a protected testament from an outsider seller to make sure about an association and confirm that the site is genuine. This safe authentication is known as a SSL Certificate (or "cert").
SSL is a truncation for "secure attachments layer". This is the thing that makes a safe, encoded association between a program and a worker, which secures the layer of correspondence between the two.
This declaration encodes an association with a degree of insurance that is assigned at your season of the acquisition of a SSL endorsement.
A SSL endorsement gives an additional layer of security for touchy information that you don't need outsider aggressors to get to. This extra security can be critical with regards to running online business sites.
A few Examples:
* When you need to make sure about the transmission of Mastercard information or other delicate data, (for example, somebody's genuine location and actual personality).
* When you run a lead age site that depends on somebody's genuine data, wherein case you need to utilize
* HTTPS to protect against malevolent assaults on the client's information.
There are numerous advantages to HTTPS that merit the slight expense. Keep in mind, if the declaration is absent, an outsider could undoubtedly check the association for delicate information.
What is TLS? How it Applies to HTTPSTLS represents transport layer security. It encodes HTTPS and can be utilized to make sure about email and different conventions. It utilizes cryptographic methods that guarantee information has not been altered since it was sent, that interchanges are with the real individual the correspondence came from, and to keep private information from being seen.
Things kick off with a TLS handshake, the cycle that commences a correspondence meeting that utilizes TLS encryption. This is the place where verification happens, and meeting keys are made. Shiny new meeting keys are produced when two gadgets impart, from the two unique keys cooperating. The consequence of this is more profound, more encoded correspondence.
A Critical Step for HTTPS - Authenticating the Web ServerThe most basic advance for a HTTPS secure association is guaranteeing that a web worker is who they say they are.
That is the reason the SSL authentication is the main piece of this arrangement; it guarantees the proprietor of the webserver is who they say the declaration says it is. It working correspondingly to how a driver's permit functions - it affirms the character of the proprietor of the worker.
A layer of assurance from specific kinds of assaults exists when you actualize HTTPS, making this an important staple of your site.
質問 327
Which of the following programs is usually targeted at Microsoft Office products?
- A. Multipart virus
- B. Stealth virus
- C. Polymorphic virus
- D. Macro virus
正解: D
質問 328
OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?
- A. openssl s_client -connect www.website.com:443
- B. openssl s_client -site www.website.com:443
- C. openssl_client -connect www.website.com:443
- D. openssl_client -site www.website.com:443
正解: A
質問 329
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?
- A. Perform a vulnerability scan of the system.
- B. Perform a cost/benefit analysis of the audit feature.
- C. Allocate funds for staffing of audit log review.
- D. Determine the impact of enabling the audit feature.
正解: D
質問 330
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?
- A. The security breach was a false positive.
- B. The network devices are not all synchronized.
- C. Proper chain of custody was not observed while collecting the logs.
- D. The attacker altered or erased events from the logs.
正解: B
質問 331
......
最新の312-50v11学習ガイド2022年最新の- 提供するのはテストエンジンとPDF:https://jp.fast2test.com/312-50v11-premium-file.html
最新版を今すぐ試そう312-50v11練習テスト問題解答:https://drive.google.com/open?id=1dxJiUakNv0VegSB0AW2sR9WAe70DxHyc