最新なECCouncil 312-50v12問題集（573題）、真実試験の問題を全部にカバー！

質問 1：
Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?
A. Rootkit
B. Adware
C. Trojan
D. Worm
正解：D

質問 2：
You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at
192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?
A. is-d abccorp.local
B. list server=192.168.10.2 type=all
C. Iserver 192.168.10.2-t all
D. List domain=Abccorp.local type=zone
正解：A

質問 3：
Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?
A. Docker registries
B. Docker daemon
C. Docker client
D. Docker objects
正解：B
解説: (Pass4Test メンバーにのみ表示されます)

質問 4：
Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:
Username: attack' or 1=1 -
Password: 123456
Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?
A. select * from Users where UserName = 'attack or 1=1 -- and UserPassword = '123456'
B. select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'
C. select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456'
D. select * from Users where UserName = 'attack'' or 1=1 -- and UserPassword = '123456'
正解：C

質問 5：
Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization?
A. DNS cache poisoning
B. DNS SEC zone walking
C. DNS zone walking
D. DNS cache snooping
正解：D

質問 6：
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT.
POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?
A. RESTful API
B. REST API
C. JSON-RPC
D. SOAP API
正解：A
解説: (Pass4Test メンバーにのみ表示されます)

質問 7：
Which command can be used to show the current TCP/IP connections?
A. Netstat
B. Netsh
C. Net use
D. Net use connection
正解：B

質問 8：
On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.
What is the name of the process by which you can determine those critical businesses?
A. Disaster Recovery Planning (DRP)
B. Business Impact Analysis (BIA)
C. Emergency Plan Response (EPR)
D. Risk Mitigation
正解：B

質問 9：
An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?
A. Tcpdump
B. Ettercap
C. Wireshark
D. Aircrack-ng
正解：B