816 お客様のコメント
質問 1:
A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the following. Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again. Which of the following actions should the security administrator take?
A. Log the event as suspicious activity, call a manager, and report this as soon as possible.
B. Run an anti-virus scan because it is likely the system is infected by malware.
C. Log the event as suspicious activity and report this behavior to the incident response team immediately.
D. Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.
正解:D
質問 2:
An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be traced back to the source of the problem?
A. Setup a backdoor
B. Install patches
C. Cover your tracks
D. Install a zombie for DDOS
正解:C
質問 3:
Which definition among those given below best describes a covert channel?
A. A server program using a port that is not well known.
B. It is the multiplexing taking place on a communication link.
C. It is one of the weak channels used by WEP which makes it insecure.
D. Making use of a protocol in a way it is not intended to be used.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
What are the default passwords used by SNMP? (Choose two.)
A. Administrator
B. Public
C. Password
D. Blank
E. SA
F. Private
正解:B,F
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
LAN Manager Passwords are concatenated to 14 bytes, and split in half. The two halves are hashed individually. If the password is 7 characters or less, than the second half of the hash is always:
A. 0xAAD3B435B51404BB
B. 0xAAD3B435B51404AA
C. 0xAAD3B435B51404EE
D. 0xAAD3B435B51404CC
正解:C
質問 6:
Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?
A. HAVAL
B. MD4
C. SHA-1
D. MD5
正解:C
質問 7:
You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state. What should be the next logical step that should be performed?
A. Perform a SYN scan on port 21 to identify any additional systems that might be up.
B. Rescan every computer to verify the results.
C. Connect to open ports to discover applications.
D. Perform a ping sweep to identify any additional systems that might be up.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces?
A. Snow
B. Image Hide
C. NiceText
D. Gif-It-Up
正解:A
質問 9:
LM authentication is not as strong as Windows NT authentication so you may want to disable its use, because an attacker eavesdropping on network traffic will attack the weaker protocol. A successful attack can compromise the user's password. How do you disable LM authentication in Windows XP?
A. Disable LSASS service in Windows XP
B. Download and install LMSHUT.EXE tool from Microsoft website
C. Stop the LM service in Windows XP
D. Disable LM authentication in the registry
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the following. Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again. Which of the following actions should the security administrator take?
A. Log the event as suspicious activity, call a manager, and report this as soon as possible.
B. Run an anti-virus scan because it is likely the system is infected by malware.
C. Log the event as suspicious activity and report this behavior to the incident response team immediately.
D. Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.
正解:D
質問 2:
An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be traced back to the source of the problem?
A. Setup a backdoor
B. Install patches
C. Cover your tracks
D. Install a zombie for DDOS
正解:C
質問 3:
Which definition among those given below best describes a covert channel?
A. A server program using a port that is not well known.
B. It is the multiplexing taking place on a communication link.
C. It is one of the weak channels used by WEP which makes it insecure.
D. Making use of a protocol in a way it is not intended to be used.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
What are the default passwords used by SNMP? (Choose two.)
A. Administrator
B. Public
C. Password
D. Blank
E. SA
F. Private
正解:B,F
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
LAN Manager Passwords are concatenated to 14 bytes, and split in half. The two halves are hashed individually. If the password is 7 characters or less, than the second half of the hash is always:
A. 0xAAD3B435B51404BB
B. 0xAAD3B435B51404AA
C. 0xAAD3B435B51404EE
D. 0xAAD3B435B51404CC
正解:C
質問 6:
Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?
A. HAVAL
B. MD4
C. SHA-1
D. MD5
正解:C
質問 7:
You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state. What should be the next logical step that should be performed?
A. Perform a SYN scan on port 21 to identify any additional systems that might be up.
B. Rescan every computer to verify the results.
C. Connect to open ports to discover applications.
D. Perform a ping sweep to identify any additional systems that might be up.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces?
A. Snow
B. Image Hide
C. NiceText
D. Gif-It-Up
正解:A
質問 9:
LM authentication is not as strong as Windows NT authentication so you may want to disable its use, because an attacker eavesdropping on network traffic will attack the weaker protocol. A successful attack can compromise the user's password. How do you disable LM authentication in Windows XP?
A. Disable LSASS service in Windows XP
B. Download and install LMSHUT.EXE tool from Microsoft website
C. Stop the LM service in Windows XP
D. Disable LM authentication in the registry
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
Kitakaze -
焦っている人におすすめ CPEH-001試験直前の決定版だね!効率よくポイントを絞った勉強をすることができます。