312-50v9試験無料問題集（125題）「EC-COUNCIL Certified Ethical Hacker v9 認定」

出題：1

Your team has won a contract to infiltrate an organization. The company wants to have the attack be a realistic as possible; therefore, they did not provide any information besides the company name.
What should be thefirst step in security testing the client?

A. Reconnaissance

B. Scanning

C. Escalation

D. Enumeration

正解：A 解答を投票する

出題：2

It is a short-range wireless communication technology intended to replace the cables connecting portables of fixed deviceswhile maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short-range wireless connection.
Which of the following terms best matches the definition?

A. InfraRed

B. Bluetooth

C. Radio-Frequency Identification

D. WLAN

正解：B 解答を投票する

出題：3

The "Black box testing" methodology enforces which kind of restriction?

A. Only the internal operation of a system is known to the tester.

B. The internal operation of a system is completely known to the tester.

C. Only the external operation of a systemis accessible to the tester

D. The internal operation of a system is only partly accessible to the tester.

正解：C 解答を投票する

出題：4

You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notifications when an attack is occurring. Which tool would allow you to accomplish this goal?

A. Firewall

B. Proxy

C. Host-based IDS

D. Network-Based IDS

正解：D 解答を投票する

出題：5

You have successfully gained access to your client's internal network and successfully comprised a linux server which is part of the internal IP network. You want to know which Microsoft Windows workstation have the sharing enabled.
Which port would you see listeningon these Windows machines in the network?

A. 3389

B. 445

C. 161

D. 1443

正解：B 解答を投票する

出題：6

What is the process of logging, recording, and resolving events that take place in an organization?

A. Metrics

B. Internal Procedure

C. Security Policy

D. Incident Management Process

正解：D 解答を投票する

出題：7

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?

A. Randomizing

B. Mutating

C. Bounding

D. Puzzing

正解：D 解答を投票する

出題：8

Which regulationdefines security and privacy controls for Federal information systems and organizations?

A. NIST-800-53

B. EU Safe Harbor

C. HIPAA

D. PCI-DSS

正解：A 解答を投票する

出題：9

When you are collecting information to perform a dataanalysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation.
What command will help you to search files using Google as a search engine?

A. inurl: target.com filename:xls username password email

B. site: target.com filetype:xls username password email

C. site:target.com file:xls username password email

D. domain: target.com archive:xls username password email

正解：B 解答を投票する

出題：10

You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from the server will not be caught by a Network Based Intrusion Detection System (NIDS).
Which is the best way to evade the NIDS?

A. Out of band signaling

B. Protocol Isolation

C. Encryption

D. Alternate Data Streams

正解：C 解答を投票する

312-50v9試験無料問題集「EC-COUNCIL Certified Ethical Hacker v9 認定」