312-50v10試験無料問題集（745題）「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10) 認定」

出題：1

How do employers protect assets with security policies pertaining to employee surveillance activities?

A. Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

B. Employers use informal verbal communication channels to explain employee monitoring activities to employees.

C. Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

D. Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

正解：A 解答を投票する

出題：2

A hacker named Jack is trying to compromise a bank's computer system. He needs to know the operating system of that computer to launch further attacks.
What process would help him?

A. SSDP Scanning

B. IDLE/IPID Scanning

C. UDP Scanning

D. Banner Grabbing

正解：D 解答を投票する

出題：3

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?

A. The operator knows that attacks and down time are inevitable and should have a backup site.

B. As long as the physical access to the network elements is restricted, there is no need for additional measures.

C. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.

D. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.

正解：C 解答を投票する

出題：4

Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

A. Use security policies and procedures to define and implement proper security settings

B. Verify access right before allowing access to protected information and UI controls

C. Validate and escape all information sent to a server

D. Use digital certificates to authenticate a server prior to sending data

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which of the following examples best represents a logical or technical control?

A. Corporate security policy

B. Heating and air conditioning

C. Security tokens

D. Smoke and fire alarms

正解：C 解答を投票する

出題：6

What hacking attack is challenge/response authentication used to prevent?

A. Password cracking attacks

B. Replay attacks

C. Session hijacking attacks

D. Scanning attacks

正解：B 解答を投票する

出題：7

Which element of Public Key Infrastructure (PKI) verifies the applicant?

A. Validation authority

B. Registration authority

C. Certificate authority

D. Verification authority

正解：B 解答を投票する

出題：8

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL's _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

A. Simple, Complex

B. Relational, Hierarchical

C. Hierarchical, Relational

D. Strict, Abstract

正解：C 解答を投票する

出題：9

Which of these options is the most secure procedure for storing backup tapes?

A. Inside the data center for faster retrieval in a fireproof safe

B. In a climate controlled facility offsite

C. In a cool dry environment

D. On a different floor in the same building

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

A. Access control list reviews

B. Social engineering

C. Penetration testing

D. Vulnerability scanning

正解：C 解答を投票する

出題：11

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it.
What should you do?

A. Forward the message to your supervisor and ask for her opinion on how to handle the situation

B. Reply to the sender and ask them for more information about the message contents.

C. Forward the message to your company's security response team and permanently delete the message from your computer.

D. Delete the email and pretend nothing happened

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called?

A. Fuzzy-testing the code

B. String validating the code

C. Third party running the code

D. Sandboxing the code

正解：A 解答を投票する

出題：13

An NMAP scan of a server shows port 69 is open. What risk could this pose?

A. Weak SSL version

B. Unauthenticated access

C. Web portal data leak

D. Cleartext login

正解：B 解答を投票する

出題：14

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?

A. Missing patches

B. Cross-site scripting

C. SQL injection

D. CRLF injection

正解：A 解答を投票する

出題：15

Which of the following problems can be solved by using Wireshark?

A. Resetting the administrator password on multiple systems

B. Checking creation dates on all webpages on a server

C. Troubleshooting communication resets between two systems

D. Tracking version changes of source code

正解：C 解答を投票する

出題：16

What is the code written for?

A. Buffer Overflow

B. Encryption

C. Bruteforce

D. Denial-of-service (Dos)

正解：A 解答を投票する

312-50v10試験無料問題集「EC-COUNCIL Certified Ethical Hacker Exam (CEH v10) 認定」