EC-COUNCIL 312-50v10 問題集

質問 1：
Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?
A. An authentication system that uses passphrases that are converted into virtual passwords.
B. A biometric system that bases authentication decisions on behavioral attributes.
C. An authentication system that creates one-time passwords that are encrypted with secret keys.
D. A biometric system that bases authentication decisions on physical attributes.
正解：C

質問 2：
Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?
A. Immediately stop work and contact the proper legal authorities.
B. Confront the client in a respectful manner and ask her about the data.
C. Copy the data to removable media and keep it in case you need it.
D. Ignore the data and continue the assessment until completed as agreed.
正解：A

質問 3：
Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain.
What do you think Tess King is trying to accomplish? Select the best answer.
A. A zone estimate
B. A zone update
C. A zone transfer
D. A zone harvesting
正解：C

質問 4：
In the field of cryptanalysis, what is meant by a "rubber-hose" attack?
A. Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.
B. Extraction of cryptographic secrets through coercion or torture.
C. A backdoor placed into a cryptographic algorithm by its creator.
D. Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.
正解：B

質問 5：
Bob received this text message on his mobile phone: ""Hello, this is Scott Smelby from the Yahoo Bank.
Kindly contact me for a vital transaction on: [email protected]"". Which statement below is true?
A. This is a scam because Bob does not know Scott.
B. This is probably a legitimate message as it comes from a respectable organization.
C. Bob should write to [email protected] to verify the identity of Scott.
D. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
正解：D

質問 6：
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to
"www.MyPersonalBank.com", that the user is directed to a phishing site.
Which file does the attacker need to modify?
A. Networks
B. Boot.ini
C. Hosts
D. Sudoers
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 7：
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
A. Cross-site Request Forgery vulnerability
B. SQL injection vulnerability
C. Web site defacement vulnerability
D. Cross-site scripting vulnerability
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 8：
Which of the following Nmap commands would be used to perform a stack fingerprinting?
A. Nmap -hU -Q<host(s.>
B. Nmap -sT -p <host(s.>
C. Nmap -sS -0p targe
D. Nmap -O -p80 <host(s.>
E. Nmap -u -o -w2 <host>
正解：A