최신 312-50v9 무료덤프 - EC-COUNCIL Certified Ethical Hacker v9

문제1

A new wireless client is configured to join a 802.11 network. Thisclient uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client.
What is a possible source of this problem?

A. The WAP does not recognize the client's MAC address

B. The client cannot see the SSID of the wireless network

C. The wireless client is not configured to use DHCP

D. Client isconfigured for the wrong channel

정답: A

문제2

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal Network.
What is this type of DNS configuration commonly called?

A. Split DNS

B. DNS Scheme

C. DynDNS

D. DNSSEC

정답: A

문제3

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGI's?

A. Nikto

B. Dsniff

C. John the Ripper

D. Snort

정답: A

문제4

You just set up a security system in your network. In what kind of system would you find thefollowing string of characters used as a rule within its configuration?
alert tcp any any ->192.168.100.0/24 21 (msg: "FTP on the network!";)

A. A Router IPTable

B. A firewall IPTable

C. An Intrusion Detection System

D. FTP Server rule

정답: C

문제5

An attacker changes the profile information of a particular user on a target website (the victim). The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.
<frame src=http://www/vulnweb.com/updataif.php Style="display:none"></iframe>
What is this type of attack (that can use either HTTP GET or HRRP POST) called?

A. Cross-Site Request Forgery

B. Browser Hacking

C. SQL Injection

D. Cross-Site Scripting

정답: A

문제6

Your team has won a contract to infiltrate an organization. The company wants to have the attack be a realistic as possible; therefore, they did not provide any information besides the company name.
What should be thefirst step in security testing the client?

A. Escalation

B. Scanning

C. Enumeration

D. Reconnaissance

정답: D

문제7

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

A. TCP

B. UPX

C. ICMP

D. UDP

정답: A

문제8

Which of the following is the successor of SSL?

A. IPSec

B. GRE

C. RSA

D. TLS

정답: D

문제9

A company's security states that all web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

A. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

C. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

D. Attempts by attacks to access the user and password information stores in the company's SQL database.

정답: B

문제10

Which of the followingtypes of firewalls ensures that the packets are part of the established session?

A. Switch-level firewall

B. Application-level firewall

C. Stateful inspection firewall

D. Circuit-level firewall

정답: C

최신 312-50v9 무료덤프 - EC-COUNCIL Certified Ethical Hacker v9

우리와 연락하기

유용한 링크

최신 업데이트