EC-COUNCIL 412-79v10 問題集

質問 1：
The Internet is a giant database where people store some of their most private information on the cloud, trusting that the service provider can keep it all safe. Trojans, Viruses, DoS attacks, website defacement, lost computers, accidental publishing, and more have all been sources of major leaks over the last 15 years.

What is the biggest source of data leaks in organizations today?
A. Rogue employees and insider attacks
B. Vulnerabilities, risks, and threats facing Web sites
C. Weak passwords and lack of identity management
D. Insufficient IT security budget
正解：A

質問 2：
What are the security risks of running a "repair" installation for Windows XP?
A. Pressing Shift+F10 gives the user administrative rights
B. Pressing Shift+F1 gives the user administrative rights
C. Pressing Ctrl+F10 gives the user administrative rights
D. There are no security risks when running the "repair" installation for Windows XP
正解：A

質問 3：
Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of any security breach that involves personal information if it is unencrypted or if it is reasonably believed that the information has been acquired by an unauthorized person?
A. California SB 1386
B. USA Patriot Act 2001
C. Gramm-Leach-Bliley Act (GLBA)
D. Sarbanes-Oxley 2002
正解：A

質問 4：
Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?
A. Project Goal
B. Objectives
C. Success Factors
D. Assumptions
正解：D

質問 5：
Mason is footprinting an organization to gather competitive intelligence. He visits the company's website for contact information and telephone numbers but does not find any. He knows the entire staff directory was listed on their website 12 months. How can he find the directory?
A. Visit Google's search engine and view the cached copy
B. Crawl and download the entire website using the Surfoffline tool and save them to his computer
C. Use Way Back Machine in Archive.org web site to retrieve the Internet archive
D. Visit the company's partners' and customers' website for this information
正解：C

質問 6：
War Driving is the act of moving around a specific area, mapping the population of wireless access points for statistical purposes. These statistics are then used to raise awareness of the security problems associated with these types of networks.
Which one of the following is a Linux based program that exploits the weak IV (Initialization Vector) problem documented with static WEP?
A. WEPCrack
B. Airsnort
C. Airpwn
D. Aircrack
正解：B

質問 7：
Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate.
He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT.
Which firewall would be most appropriate for Harold?
A. Data link layer firewall
B. Application-level proxy firewall
C. Circuit-level proxy firewall
D. Packet filtering firewall
正解：B

質問 8：
In the context of penetration testing, what does blue teaming mean?

A. It is the most expensive and most widely used
B. A penetration test performed without the knowledge of the organization's IT staff but with permission from upper management
C. It may be conducted with or without warning
D. A penetration test performed with the knowledge and consent of the organization's IT staff
正解：D