312-50v8試験無料問題集（880題）「EC-COUNCIL Certified Ethical Hacker v8 認定」

出題：1

Joe the Hacker breaks into XYZ's Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode.

What can Joe do to hide the wiretap program from being detected by ifconfig command?

A. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console.

B. Block output to the console whenever the user runs ifconfig command by running screen capture utiliyu

C. Run the wiretap program in stealth mode from being detected by the ifconfig command.

D. You cannot disable Promiscuous mode detection on Linux systems.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

What is the expected result of the following exploit?

A. Creates a share called "sasfile" on the target system.

B. Creates an account with a user name of Anonymous and a password of [email protected].

C. Opens up a telnet listener that requires no username or password.

D. Create a FTP server with write permissions enabled.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

A. grey box

B. red box

C. white box

D. black box

正解：D 解答を投票する

出題：4

A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?

A. Public key

B. Email server certificate

C. Modulus length

D. Private key

正解：D 解答を投票する

出題：5

Henry is an attacker and wants to gain control of a system and use it to flood a target system with requests, so as to prevent legitimate users from gaining access. What type of attack is Henry using?

A. Henry uses poorly designed input validation routines to create or alter commands to gain access to unintended data or execute commands

B. Henry is using a denial of service attack which is a valid threat used by an attacker

C. Henry is executing commands or viewing data outside the intended target path

D. Henry is taking advantage of an incorrect configuration that leads to access with higher-than-expected privilege

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

What sequence of packets is sent during the initial TCP three-way handshake?

A. SYN,ACK,SYN-ACK

B. FIN,FIN-ACK,ACK

C. SYN,URG,ACK

D. SYN,SYN-ACK,ACK

正解：D 解答を投票する

出題：7

What type of encryption does WPA2 use?

A. DES 64 bit

B. SHA 160 bit

C. AES-CCMP 128 bit

D. MD5 48 bit

正解：C 解答を投票する

出題：8

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

A. Sub7

B. Nessus

C. Truecrypt

D. Clamwin

正解：B 解答を投票する

出題：9

An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -l -p 1234 < secretfile
Machine B: netcat 192.168.3.4 > 1234
He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?

A. Machine A: netcat -l -p -s password 1234 < testfile Machine B: netcat <machine A IP> 1234

B. Use cryptcat instead of netcat

C. Machine A: netcat -l -e magickey -p 1234 < testfile Machine B: netcat <machine A IP> 1234

D. Machine A: netcat -l -p 1234 < testfile -pw password Machine B: netcat <machine A IP> 1234 -pw password

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next?

A. Determine the origin of the attack and launch a counterattack.

B. Unplug the network connection on the company's web server.

C. Record as much information as possible from the attack.

D. Perform a system restart on the company's web server.

正解：C 解答を投票する

出題：11

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

A. The key is an RSA key used to encrypt the wireless data.

B. The key entered is a symmetric key used to encrypt the wireless data.

C. The key entered is a hash that is used to prove the integrity of the wireless data.

D. The key entered is based on the Diffie-Hellman method.

正解：B 解答を投票する

出題：12

Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs. What is this attack most appropriately called?

A. Spoof attack

B. Injection attack

C. Replay attack

D. Rebound attack

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

A majority of attacks come from insiders, people who have direct access to a company's computer system as part of their job function or a business relationship. Who is considered an insider?

A. The CEO of the company because he has access to all of the computer systems

B. A competitor to the company because they can directly benefit from the publicity generated by making such an attack

C. Disgruntled employee,customers,suppliers,vendors,business partners,contractors,temps,and consultants

D. A government agency since they know the company's computer system strengths and weaknesses

正解：C 解答を投票する

出題：14

Which of the following is a hashing algorithm?

A. DES

B. MD5

C. PGP

D. ROT13

正解：B 解答を投票する

出題：15

You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address.
What can be inferred from this output?

A. An application proxy firewall

B. A host based IDS

C. A stateful inspection firewall

D. A Honeypot

正解：C 解答を投票する

312-50v8試験無料問題集「EC-COUNCIL Certified Ethical Hacker v8 認定」