412-79v8試験無料問題集（196題）「EC-COUNCIL EC-Council Certified Security Analyst (ECSA) 認定」

出題：1

Which of the following equipment could a pen tester use to perform shoulder surfing?

A. Painted ultraviolet material

B. Microphone

C. Binoculars

D. All the above

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

You are conducting a penetration test against a company and you would like to know a personal email address of John, a crucial employee. What is the fastest, cheapest way to find out John's email address.

A. Call his wife and ask for his personal email account

B. Send an email to John stating that you cannot send him an important spreadsheet attachment file to his business email account and ask him if he has any other email accounts

C. Search in Googlefor his personal email ID

D. Call a receptionist and ask for John Stevens' personal email account

正解：B 解答を投票する

出題：3

Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions, URL characters, special instructors, encryption used, and web page behaviors?

A. Examine Hidden Fields

B. Examine E-commerce and Payment Gateways Handled by the Web Server

C. Check for Directory Consistency and Page Naming Syntax of the Web Pages

D. Examine Server Side Includes (SSI)

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which of the following appendices gives detailed lists of all the technical terms used in the report?

A. Required Work Efforts

B. Research

C. Glossary

D. References

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Identify the correct formula for Return on Investment (ROI).

A. ROI = (Expected Returns+ Cost of Investment) / Cost of Investment

B. ROI = ((Expected Returns - Cost of Investment) / Cost of Investment) * 100

C. ROI = (Expected Returns Cost of Investment) / Cost of Investment

D. ROI = ((Expected Returns + Cost of Investment) / Cost of Investment) * 100

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

A. Scope Assessment Tools

B. Application-layer Vulnerability Assessment Tools

C. Location/Data Examined Tools

D. Active/Passive Tools

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

What information can be collected by dumpster diving?

A. Sensitive documents

B. Email messages

C. Customer contact information

D. All the above

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Hackers today have an ever-increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.

New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.
What is the biggest threat to Web 2.0 technologies?

A. Service Level Configuration Attacks

B. URL Tampering Attacks

C. SQL Injection Attacks

D. Inside Attacks

正解：C 解答を投票する

出題：9

Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.
A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

A. Host-based Assessment

B. Passive Assessment

C. Application Assessment

D. External Assessment

正解：C 解答を投票する

出題：10

What is a difference between host-based intrusion detection systems (HIDS) and network-based intrusion detection systems (NIDS)?

A. Attempts to install Trojans or backdoors cannot be monitored by a HIDS whereas NIDS can monitor and stop such intrusion events.

B. NIDS are usually a more expensive solution to implement compared to HIDS.

C. HIDS requires less administration and training compared to NIDS.

D. NIDS are standalone hardware appliances that include network intrusion detection capabilities whereas HIDS consist of software agents installed on individual computers within the system.

正解：D 解答を投票する

412-79v8試験無料問題集「EC-COUNCIL EC-Council Certified Security Analyst (ECSA) 認定」