検証済み312-50v11問題集PDF資料 [2024]
最新の312-50v11実際の無料試験問題更新された525問あります
EC-COUNCIL 312-50v11 Certified Ethical Hacker Exam(CEH v11)は、ネットワークセキュリティとイーサルハッキングの分野における候補者の知識とスキルをテストする包括的な認定試験です。この試験は、サイバーセキュリティ産業で高く評価され、世界中の主要な組織によって認められています。CEH v11試験に備えて学習し、合格することで、候補者はサイバー脅威を特定し、予防するための専門知識を証明し、サイバーセキュリティの成功したキャリアの道を切り拓くことができます。
EC-COUNCIL 312-50v11 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
質問 # 66
Your company performs penetration tests and security assessments for small and medium-sized business in the local are a. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?
- A. Ignore the data and continue the assessment until completed as agreed.
- B. Immediately stop work and contact the proper legal authorities.
- C. Copy the data to removable media and keep it in case you need it.
- D. Confront the client in a respectful manner and ask her about the data.
正解:B
質問 # 67
Alice needs to send a confidential document to her coworker, Bryan. Their company has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice uses
_______________ to encrypt the message, and Bryan uses _______________ to confirm the digital signature.
- A. Bryan's public key; Bryan's public key
- B. Bryan's public key; Alice's public key
- C. Alice's public key; Alice's public key
- D. Bryan's private key; Alice's public key
正解:C
質問 # 68
The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?
- A. SYN
- B. RST
- C. ACK
- D. SYN-ACK
正解:A
質問 # 69
Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server. Which of the following tools is used by Jack to perform vulnerability scanning?
- A. WebCopier Pro
- B. Infoga
- C. NCollector Studio
- D. Netsparker
正解:D
質問 # 70
Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?
- A. Hootsuite
- B. VisualRoute
- C. HULK
- D. ophcrack
正解:A
解説:
Hootsuite may be a social media management platform that covers virtually each side of a social media manager's role.
With only one platform users area unit ready to do the easy stuff like reverend cool content and schedule posts on social media in all the high to managing team members and measure ROI.
There area unit many totally different plans to decide on from, from one user set up up to a bespoken enterprise account that's appropriate for much larger organizations.
質問 # 71
What would you enter if you wanted to perform a stealth scan using Nmap?
- A. nmap -sT
- B. nmap -sS
- C. nmap -sU
- D. nmap -sM
正解:B
質問 # 72
Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan?
- A. nmap -sn -pp < target ip address >
- B. nmap -sn -PO < target IP address >
- C. nmap -sn -PA < target IP address >
- D. nmap -sn -PS < target IP address >
正解:D
解説:
https://hub.packtpub.com/discovering-network-hosts-with-tcp-syn-and-tcp-ack-ping-scans-in-nmaptutorial/
質問 # 73
While testing a web application in development, you notice that the web server does not properly ignore the
"dot dot slash" (../) character string and instead returns the file listing of a folder structure of the server.
What kind of attack is possible in this scenario?
- A. Denial of service
- B. Directory traversal
- C. SQL injection
- D. Cross-site scripting
正解:B
解説:
Explanation
Appropriately controlling admittance to web content is significant for running a safe web worker. Index crossing or Path Traversal is a HTTP assault which permits aggressors to get to limited catalogs and execute orders outside of the web worker's root registry.
Web workers give two primary degrees of security instruments
* Access Control Lists (ACLs)
* Root index
An Access Control List is utilized in the approval cycle. It is a rundown which the web worker's manager uses to show which clients or gatherings can get to, change or execute specific records on the worker, just as other access rights.
The root registry is a particular index on the worker record framework in which the clients are kept. Clients can't get to anything over this root.
For instance: the default root registry of IIS on Windows is C:\Inetpub\wwwroot and with this arrangement, a client doesn't approach C:\Windows yet approaches C:\Inetpub\wwwroot\news and some other indexes and documents under the root catalog (given that the client is confirmed by means of the ACLs).
The root index keeps clients from getting to any documents on the worker, for example, C:\WINDOWS/system32/win.ini on Windows stages and the/and so on/passwd record on Linux/UNIX stages.
This weakness can exist either in the web worker programming itself or in the web application code.
To play out a registry crossing assault, all an assailant requires is an internet browser and some information on where to aimlessly discover any default documents and registries on the framework.
What an assailant can do if your site is defenselessWith a framework defenseless against index crossing, an aggressor can utilize this weakness to venture out of the root catalog and access different pieces of the record framework. This may enable the assailant to see confined documents, which could give the aggressor more data needed to additional trade off the framework.
Contingent upon how the site access is set up, the aggressor will execute orders by mimicking himself as the client which is related with "the site". Along these lines everything relies upon what the site client has been offered admittance to in the framework.
Illustration of a Directory Traversal assault by means of web application codeIn web applications with dynamic pages, input is generally gotten from programs through GET or POST solicitation techniques. Here is an illustration of a HTTP GET demand URL GET
http://test.webarticles.com/show.asp?view=o
ldarchive.html HTTP/1.1
Host: test.webarticles.com
With this URL, the browser requests the dynamic page show.asp from the server and with it also sends the parameter view with the value of oldarchive.html. When this request is executed on the web server, show.asp retrieves the file oldarchive.html from the server's file system, renders it and then sends it back to the browser which displays it to the user. The attacker would assume that show.asp can retrieve files from the file system and sends the following custom URL.
GET
http://test.webarticles.com/show.asp?view=../../../../../Windows/system.ini HTTP/1.1 Host: test.webarticles.com This will cause the dynamic page to retrieve the file system.ini from the file system and display it to the user.
The expression ../ instructs the system to go one directory up which is commonly used as an operating system directive. The attacker has to guess how many directories he has to go up to find the Windows folder on the system, but this is easily done by trial and error.
Example of a Directory Traversal attack via web serverApart from vulnerabilities in the code, even the web server itself can be open to directory traversal attacks. The problem can either be incorporated into the web server software or inside some sample script files left available on the server.
The vulnerability has been fixed in the latest versions of web server software, but there are web servers online which are still using older versions of IIS and Apache which might be open to directory traversal attacks. Even though you might be using a web server software version that has fixed this vulnerability, you might still have some sensitive default script directories exposed which are well known to hackers.
For example, a URL request which makes use of the scripts directory of IIS to traverse directories and execute a command can be GET
http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:\ HTTP/1.1 Host: server.com The request would return to the user a list of all files in the C:\ directory by executing the cmd.exe command shell file and run the command dir c:\ in the shell. The %5c expression that is in the URL request is a web server escape code which is used to represent normal characters. In this case %5c represents the character \.
Newer versions of modern web server software check for these escape codes and do not let them through.
Some older versions however, do not filter out these codes in the root directory enforcer and will let the attackers execute such commands.
質問 # 74
#!/usr/bin/python import socket buffer=[""A""] counter=50 while len(buffer)<=100: buffer.append (""A""*counter) counter=counter+50 commands= [""HELP"",""STATS ."",""RTIME ."",""LTIME. "",""SRUN ."',""TRUN ."",""GMON
."",""GDOG ."",""KSTET .",""GTER ."",""HTER ."", ""LTER .",""KSTAN .""] for command in commands: for buffstring in buffer: print ""Exploiting"" +command +"":""+str(len(buffstring)) s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('127.0.0.1', 9999)) s.recv(50) s.send(command+buffstring) s.close() What is the code written for?
- A. Bruteforce
- B. Buffer Overflow
- C. Denial-of-service (DOS)
- D. Encryption
正解:B
質問 # 75
This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-2S6. MMAC-SHA384, and ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol?
- A. WPA2-Enterprise
- B. WPA3-Personal
- C. WPA3-Enterprise
- D. WPA2 Personal
正解:C
解説:
Enterprise, governments, and financial institutions have greater security with WPA3-Enterprise. WPA3-Enterprise builds upon WPA2 and ensures the consistent application of security protocol across the network. WPA3-Enterprise also offers an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to raised protect sensitive data: * Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256) * Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384) * Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) employing a 384-bit elliptic curve * Robust management frame protection: 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256) The 192-bit security mode offered by WPA3-Enterprise ensures the proper combination of cryptographic tools are used and sets a uniform baseline of security within a WPA3 network.
質問 # 76
Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.
In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?
- A. Switch then acts as hub by broadcasting packets to all machines on the network
- B. Every packet is dropped and the switch sends out SNMP alerts to the IDS port
- C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
- D. The CAM overflow table will cause the switch to crash causing Denial of Service
正解:A
質問 # 77
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
- A. TCP ping
- B. Traceroute
- C. Hping
- D. Broadcast ping
正解:C
質問 # 78
Which utility will tell you in real time which ports are listening or in another state?
- A. Nmap
- B. TCPView
- C. Loki
- D. Netstat
正解:B
質問 # 79
While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?
- A. -sA
- B. -sX
- C. -sF
- D. -sT
正解:A
質問 # 80
These hackers have limited or no training and know how to use only basic techniques or tools.
What kind of hackers are we talking about?
- A. White-Hat Hackers
- B. Script Kiddies
- C. Black-Hat Hackers A
- D. Gray-Hat Hacker
正解:B
解説:
Explanation
Script Kiddies: These hackers have limited or no training and know how to use only basictechniques or tools.
Even then they may not understand any or all of what they are doing.
質問 # 81
Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?
- A. LNMIB2.MIB
- B. MIB_II.MIB
- C. WINS.MIB
- D. DHCP.MIS
正解:A
解説:
Explanation
DHCP.MIB: Monitors network traffic between DHCP servers and remote hosts HOSTMIB.MIB: Monitors and manages host resources LNMIB2.MIB: Contains object types for workstation and server services MIBJI.MIB: Manages TCP/IP-based Internet using a simple architecture and system WINS.MIB: For the Windows Internet Name Service (WINS)
質問 # 82
Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user's request, Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website.
What is the attack performed by Bobby in the above scenario?
- A. Wardriving
- B. aLTEr attack
- C. Jamming signal attack
- D. KRACK attack
正解:B
質問 # 83
......
312-50v11認定概要最新の312-50v11PDF問題集はこちら:https://jp.fast2test.com/312-50v11-premium-file.html
無料312-50v11試験ブレーン問題集認定ガイド問題と解答:https://drive.google.com/open?id=1dxJiUakNv0VegSB0AW2sR9WAe70DxHyc