Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.
Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.
In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)
A. Hire more computer security monitoring personnel to monitor computer systems and networks.
B. Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.
C. Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.
D. Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.
正解:C
質問 2:
In order to tailor your tests during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:
80/tcp open http-proxy Apache Server 7.1.6
what Information-gathering technique does this best describe?
A. Brute forcing
B. Dictionary attack
C. Banner grabbing
D. WhOiS lookup
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?
A. Netstumbler
B. Abel
C. Nessus
D. Kismet
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may Bypass authentication and allow attackers to access and/or modify data attached to a web application.
Which of the following SQLI types leverages a database server's ability to make DNS requests to pass data to an attacker?
A. Out-of-band SQLI
B. Time-based blind SQLI
C. ln-band SQLI
D. Union-based SQLI
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?
A. Unix
B. OS X
C. Windows
D. Linux
正解:C
質問 6:
What hacking attack is challenge/response authentication used to prevent?
A. Replay attacks
B. Session hijacking attacks
C. Scanning attacks
D. Password cracking attacks
正解:A
質問 7:
"........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there." Fill in the blank with appropriate choice.
A. Signal Jamming Attack
B. Evil Twin Attack
C. Collision Attack
D. Sinkhole Attack
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization?
A. DNS cache poisoning
B. DNS SEC zone walking
C. DNS zone walking
D. DNS cache snooping
正解:D
質問 9:
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to
"www.MyPersonalBank.com", the user is directed to a phishing site.
Which file does the attacker need to modify?
A. Networks
B. Sudoers
C. Hosts
D. Boot.ini
正解:C
岩间** -
312-50v12試験の概要もちゃんとあり、基礎的な内容から書かれています。
試験問題と解説があるので、実際どのような問題が出るのかも分かりやすい。