EC-COUNCIL 312-50v10 問題集

質問 1：
You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?
A. Event logs on the PC
B. Event logs on domain controller
C. IDS log
D. Internet Firewall/Proxy log
正解：D

質問 2：
A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?
A. Acceptable-use policy
B. Firewall-management policy
C. Remote-access policy
D. Permissive policy
正解：C

質問 3：
What is the main security service a cryptographic hash provides?
A. Integrity and computational in-feasibility
B. Integrity and collision resistance
C. Integrity and ease of computation
D. Message authentication and collision resistance
正解：A

質問 4：
Which set of access control solutions implements two-factor authentication?
A. USB token and PIN
B. Fingerprint scanner and retina scanner
C. Password and PIN
D. Account and password
正解：A

質問 5：
When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.
How would an attacker exploit this design by launching TCP SYN attack?
A. Attacker generates TCP SYN packets with random destination addresses towards a victim host
B. Attacker generates TCP ACK packets with random source addresses towards a victim host
C. Attacker floods TCP SYN packets with random source addresses towards a victim host
D. Attacker generates TCP RST packets with random source addresses towards a victim host
正解：C

質問 6：
Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious Java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical Java script. What is the name of this technique to hide the code and extend analysis time?
A. Obfuscation
B. Encryption
C. Steganography
D. Code encoding
正解：B

質問 7：
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
A. Cross-site Request Forgery vulnerability
B. SQL injection vulnerability
C. Web site defacement vulnerability
D. Cross-site scripting vulnerability
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 8：
Which of the following problems can be solved by using Wireshark?
A. Resetting the administrator password on multiple systems
B. Checking creation dates on all webpages on a server
C. Tracking version changes of source code
D. Troubleshooting communication resets between two systems
正解：D