1352 お客様のコメント
クリック」
質問 1:
You are Michael, an ethical hacker at a New York-based e-commerce company performing a security review of their payment-signing service. While observing the signing process (without access to private keys), you note the service generates a fresh random value for each signature operation, the signature algorithm uses modular arithmetic in a subgroup defined by public domain parameters, and signatures are verified with a public verification key rather than by decrypting the message. Which asymmetric algorithm best matches the signing mechanism you observed?
A. DSA
B. RSA
C. ElGamal
D. Diffie-Hellman
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
At Pinnacle Financial Services in Chicago, Illinois, ethical hacker Sarah Thompson is conducting a penetration test to evaluate the security of the company ' s online banking portal. During her assessment, Sarah positions herself on the internal network and uses a sniffer to capture traffic between a user's browser and the banking server. She quietly collects session data, including user IDs and authentication tokens, without interfering with the ongoing communication. Later, she plans to use this information to impersonate a legitimate user in a controlled test environment to demonstrate potential risk to the bank's IT team.
What type of session hijacking is Sarah performing during this phase of her penetration test?
A. Man-in-the-browser Attack
B. Session Fixation Attack
C. Active Session Hijacking
D. Passive Session Hijacking
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A security consultant is conducting an authorized assessment for a healthcare billing provider in Phoenix, Arizona. While monitoring internal traffic, he observes an authenticated employee interacting with a sensitive web-based management portal over TCP.
During the session, the consultant carefully crafts and injects packets into the ongoing communication stream.
Shortly afterward, the legitimate user experiences irregular responses from the application, and the server begins processing commands originating from the consultant's injected traffic as though they were part of the established session.
The technique does not involve credential guessing or forcing the user to reauthenticate. Instead, it targets the communication channel already in progress.
From a network-level perspective, what type of session hijacking technique is being demonstrated?
A. RST Hijacking
B. TCP/IP Hijacking
C. Blind Hijacking
D. UDP Hijacking
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
As an Ethical Hacker, you have been asked to test an application's vulnerability to SQL injection. During testing, you discover an entry field that appears susceptible. However, the backend database is unknown, and regular SQL injection techniques have failed to produce useful information. Which advanced SQL injection technique should you apply next?
A. Time-Based Blind SQL Injection
B. Error-Based SQL Injection
C. Content-Based Blind SQL Injection
D. Union-Based SQL Injection
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Clark is a talented coder and as such has found a vulnerability in a well-known application. Unconcerned about the ethics of the situation, he has developed an exploit that can leverage this unknown vulnerability.
Based on this information, which of the following is most correct?
A. Clark has violated U.S. Code Section 1027.
B. Clark has developed a zero-day.
C. Clark is a suicide hacker.
D. Clark is a white hat hacker.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Which technique is least useful during passive reconnaissance?
A. Search engines
B. Nmap scanning
C. WHOIS lookup
D. Social media monitoring
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
A REST API uses user-provided object IDs without authorization checks. What flaw is this?
A. Mass assignment
B. BOLA
C. XSS
D. SQLi
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
A regional insurance claims platform in Sacramento, California is protected by a web application firewall that evaluates inbound requests for suspicious query structures. During an authorized assessment, a tester observes that conventional injection attempts are consistently rejected.
The tester then adjusts the format and composition of the request while preserving its intended database behavior. After this modification, the request passes through the filtering mechanism and is processed by the backend system without disruption.
Which firewall evasion technique is being demonstrated?
A. Transforming Query Structure to Evade Pattern-Based Inspection
B. Using HTTP Parameter Pollution (HPP) to Override Query Parameters
C. Splitting Payload Components Using HTTP Parameter Fragmentation (HPF)
D. Combining Multiple Evasion Methods through an Integration Approach
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
A penetration tester needs to identify open ports and services on a target network without triggering the organization ' s intrusion detection systems, which are configured to detect high-volume traffic and common scanning techniques. To achieve stealth, the tester decides to use a method that spreads out the scan over an extended period. Which scanning technique should the tester employ to minimize the risk of detection?
A. Execute a UDP scan targeting all ports simultaneously
B. Use a stealth scan by adjusting the scan timing options to be slow and random
C. Perform a TCP SYN scan using a fast scan rate
D. Conduct a TCP Xmas scan sending packets with all flags set
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
You are Michael, an ethical hacker at a New York-based e-commerce company performing a security review of their payment-signing service. While observing the signing process (without access to private keys), you note the service generates a fresh random value for each signature operation, the signature algorithm uses modular arithmetic in a subgroup defined by public domain parameters, and signatures are verified with a public verification key rather than by decrypting the message. Which asymmetric algorithm best matches the signing mechanism you observed?
A. DSA
B. RSA
C. ElGamal
D. Diffie-Hellman
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
At Pinnacle Financial Services in Chicago, Illinois, ethical hacker Sarah Thompson is conducting a penetration test to evaluate the security of the company ' s online banking portal. During her assessment, Sarah positions herself on the internal network and uses a sniffer to capture traffic between a user's browser and the banking server. She quietly collects session data, including user IDs and authentication tokens, without interfering with the ongoing communication. Later, she plans to use this information to impersonate a legitimate user in a controlled test environment to demonstrate potential risk to the bank's IT team.
What type of session hijacking is Sarah performing during this phase of her penetration test?
A. Man-in-the-browser Attack
B. Session Fixation Attack
C. Active Session Hijacking
D. Passive Session Hijacking
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A security consultant is conducting an authorized assessment for a healthcare billing provider in Phoenix, Arizona. While monitoring internal traffic, he observes an authenticated employee interacting with a sensitive web-based management portal over TCP.
During the session, the consultant carefully crafts and injects packets into the ongoing communication stream.
Shortly afterward, the legitimate user experiences irregular responses from the application, and the server begins processing commands originating from the consultant's injected traffic as though they were part of the established session.
The technique does not involve credential guessing or forcing the user to reauthenticate. Instead, it targets the communication channel already in progress.
From a network-level perspective, what type of session hijacking technique is being demonstrated?
A. RST Hijacking
B. TCP/IP Hijacking
C. Blind Hijacking
D. UDP Hijacking
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
As an Ethical Hacker, you have been asked to test an application's vulnerability to SQL injection. During testing, you discover an entry field that appears susceptible. However, the backend database is unknown, and regular SQL injection techniques have failed to produce useful information. Which advanced SQL injection technique should you apply next?
A. Time-Based Blind SQL Injection
B. Error-Based SQL Injection
C. Content-Based Blind SQL Injection
D. Union-Based SQL Injection
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Clark is a talented coder and as such has found a vulnerability in a well-known application. Unconcerned about the ethics of the situation, he has developed an exploit that can leverage this unknown vulnerability.
Based on this information, which of the following is most correct?
A. Clark has violated U.S. Code Section 1027.
B. Clark has developed a zero-day.
C. Clark is a suicide hacker.
D. Clark is a white hat hacker.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Which technique is least useful during passive reconnaissance?
A. Search engines
B. Nmap scanning
C. WHOIS lookup
D. Social media monitoring
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
A REST API uses user-provided object IDs without authorization checks. What flaw is this?
A. Mass assignment
B. BOLA
C. XSS
D. SQLi
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
A regional insurance claims platform in Sacramento, California is protected by a web application firewall that evaluates inbound requests for suspicious query structures. During an authorized assessment, a tester observes that conventional injection attempts are consistently rejected.
The tester then adjusts the format and composition of the request while preserving its intended database behavior. After this modification, the request passes through the filtering mechanism and is processed by the backend system without disruption.
Which firewall evasion technique is being demonstrated?
A. Transforming Query Structure to Evade Pattern-Based Inspection
B. Using HTTP Parameter Pollution (HPP) to Override Query Parameters
C. Splitting Payload Components Using HTTP Parameter Fragmentation (HPF)
D. Combining Multiple Evasion Methods through an Integration Approach
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
A penetration tester needs to identify open ports and services on a target network without triggering the organization ' s intrusion detection systems, which are configured to detect high-volume traffic and common scanning techniques. To achieve stealth, the tester decides to use a method that spreads out the scan over an extended period. Which scanning technique should the tester employ to minimize the risk of detection?
A. Execute a UDP scan targeting all ports simultaneously
B. Use a stealth scan by adjusting the scan timing options to be slow and random
C. Perform a TCP SYN scan using a fast scan rate
D. Conduct a TCP Xmas scan sending packets with all flags set
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
大森** -
312-50v13試験資料のおかげで、高い分数で312-50v13試験に合格しました。312-50v13試験資料の有効性に驚きました!