312-50v9試験無料問題集「EC-COUNCIL Certified Ethical Hacker v9 認定」

ページ: 1 / 13
トータル 125 問
完全版を入手する
Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website byinserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known toincorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.
What type of attack is outlined in the scenario?

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best nmap command you will use?

It is a vulnerability in GNU's bash shell, discovered in September of 2004, that gives attackers access to run remote commands on a vulnerable system. The malicious software can take control of an infected machine, launch denial-of service attacks to disrupt websites, and scan for other vulnerable devices (including routers).
Which of the following vulnerabilities is being described?

An attacker changes the profile information of a particular user on a target website (the victim). The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.
<frame src=http://www/vulnweb.com/updataif.php Style="display:none"></iframe>
What is this type of attack (that can use either HTTP GET or HRRP POST) called?

What is the most common method to exploit the "Bash Bug" or ShellShock" vulnerability?

As a Certified Ethical hacker, you were contracted by aprivate firm to conduct an external security assessment through penetration testing.
What document describes the specified of the testing, the associated violations, and essentially protects both the organization's interest and your li abilities as a tester?

env x= '(){ :;};echo exploit ' bash -c 'cat/etc/passwd
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?

Which of the following statements is TRUE?

The "Gray box testing" methodology enforces what kind of restriction?

You've gained physical access to a Windows 2008 R2 server which has as accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD.Which Linux tool has the ability to change any user's password or to activate disabled Windows Accounts?

ページ: 1 / 13
トータル 125 問