EC0-350試験無料問題集（878題）「EC-COUNCIL Ethical hacking and countermeasures 認定」

出題：1

War dialing is a very old attack and depicted in movies that were made years ago.
Why would a modem security tester consider using such an old technique?

A. It allows circumvention of protection mechanisms by being on the internal network.

B. It is cool, and if it works in the movies it must work in real life.

C. A good security tester would not use such a derelict technique.

D. It allows circumvention of the company PBX.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

LAN Manager Passwords are concatenated to 14 bytes, and split in half. The two halves are hashed individually. If the password is 7 characters or less, than the second half of the hash is always:

A. 0xAAD3B435B51404CC

B. 0xAAD3B435B51404EE

C. 0xAAD3B435B51404AA

D. 0xAAD3B435B51404BB

正解：B 解答を投票する

出題：3

Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

A. Software keylogger

B. Stealth keylogger

C. Covert keylogger

D. Hardware keylogger

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

In which of the following should be performed first in any penetration test?

A. System identification

B. Intrusion Detection System testing

C. Passive information gathering

D. Firewall testing

正解：C 解答を投票する

出題：5

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

A. Investigate based on the order that the alerts arrived in.

B. Investigate based on the service level agreements of the systems.

C. Investigate based on the maintenance schedule of the affected systems.

D. Investigate based on the potential effect of the incident.

正解：D 解答を投票する

出題：6

Which is the right sequence of packets sent during the initial TCP three way handshake?

A. FIN, FIN-ACK, ACK

B. SYN, URG, ACK

C. SYN, SYN-ACK, ACK

D. SYN, ACK, SYN-ACK

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which one of the following instigates a SYN flood attack?

A. Inserting repetitive Internet Relay Chat (IRC) messages.

B. A large number of Internet Control Message Protocol (ICMP) traces.

C. Generating excessive broadcast packets.

D. Creating a high number of half-open connections.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Passive reconnaissance involves collecting information through which of the following?

A. Network traffic sniffing

B. Publicly accessible sources

C. Man in the middle attacks

D. Social engineering

正解：B 解答を投票する

出題：9

A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am.
Which of the following programming languages would most likely be used?

A. ASP.NET

B. Python

C. C#

D. PHP

正解：B 解答を投票する

出題：10

What hacking attack is challenge/response authentication used to prevent?

A. Password cracking attacks

B. Replay attacks

C. Session hijacking attacks

D. Scanning attacks

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

What type of session hijacking attack is shown in the exhibit?

A. SQL Injection Attack

B. Session Fixation Attack

C. Token sniffing Attack

D. Cross-site scripting Attack

正解：B 解答を投票する

出題：12

Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email [email protected]'. The application displays server error. What is wrong with the web application?

A. User input is not sanitized

B. The ISP connection is not reliable

C. The web server may be down

D. The email is not valid

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster's office site in order to find relevant information. What would you call this kind of activity?

A. CI Gathering

B. Scanning

C. Garbage Scooping

D. Dumpster Diving

正解：D 解答を投票する

EC0-350試験無料問題集「EC-COUNCIL Ethical hacking and countermeasures 認定」