747 お客様のコメント
質問 1:
Which one of the following components of standard Solaris Syslog is a UNIX command that is used to add single-line entries to the system log?
A. "Syslogd.conf"
B. "/etc/syslog.conf"
C. "Logger"
D. "Syslogd"
正解:C
質問 2:
Which of the following will not handle routing protocols properly?
A. "Internet-firewall-router-net architecture"
B. "Internet-firewall -net architecture"
C. "Internet-router-firewall-net architecture"
D. "Internet-firewall/router(edge device)-net architecture"
正解:A
質問 3:
Which of the following attacks is an offline attack?
A. Dumpster Diving
B. Password Guessing
C. Hash Injection Attack
D. Pre-Computed Hashes
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?
A. Gramm-Leach-Bliley Act (GLBA)
B. USA Patriot Act 2001
C. Sarbanes-Oxley 2002
D. California SB 1386
正解:C
質問 5:
Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a TYPE field. If the destination is not reachable, which one of the following are generated?
A. Type 7 ICMP codes
B. Type 12 ICMP codes
C. Type 3 ICMP codes
D. Type 8 ICMP codes
正解:C
質問 6:
Hackers today have an ever-increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.
New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.
What is the biggest threat to Web 2.0 technologies?
A. URL Tampering Attacks
B. Service Level Configuration Attacks
C. SQL Injection Attacks
D. Inside Attacks
正解:C
質問 7:
Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs. One of the plug-ins that the Nessus
Vulnerability Scanner uses is ID #11026 and is named "Access Point Detection". This plug- in uses four techniques to identify the presence of a WAP. Which one of the following techniques is mostly used for uploading new firmware images while upgrading the WAP device?
A. SNMP fingerprinting
B. HTTP fingerprinting
C. FTP fingerprinting
D. NMAP TCP/IP fingerprinting
正解:C
質問 8:
A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table:
http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY '00:00:10'-
What is the table name?
A. EMP
B. ABC
C. QRT
D. CTS
正解:A
Which one of the following components of standard Solaris Syslog is a UNIX command that is used to add single-line entries to the system log?
A. "Syslogd.conf"
B. "/etc/syslog.conf"
C. "Logger"
D. "Syslogd"
正解:C
質問 2:
Which of the following will not handle routing protocols properly?
A. "Internet-firewall-router-net architecture"
B. "Internet-firewall -net architecture"
C. "Internet-router-firewall-net architecture"
D. "Internet-firewall/router(edge device)-net architecture"
正解:A
質問 3:
Which of the following attacks is an offline attack?
A. Dumpster Diving
B. Password Guessing
C. Hash Injection Attack
D. Pre-Computed Hashes
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?
A. Gramm-Leach-Bliley Act (GLBA)
B. USA Patriot Act 2001
C. Sarbanes-Oxley 2002
D. California SB 1386
正解:C
質問 5:
Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a TYPE field. If the destination is not reachable, which one of the following are generated?
A. Type 7 ICMP codes
B. Type 12 ICMP codes
C. Type 3 ICMP codes
D. Type 8 ICMP codes
正解:C
質問 6:
Hackers today have an ever-increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.
New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.
What is the biggest threat to Web 2.0 technologies?
A. URL Tampering Attacks
B. Service Level Configuration Attacks
C. SQL Injection Attacks
D. Inside Attacks
正解:C
質問 7:
Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs. One of the plug-ins that the Nessus
Vulnerability Scanner uses is ID #11026 and is named "Access Point Detection". This plug- in uses four techniques to identify the presence of a WAP. Which one of the following techniques is mostly used for uploading new firmware images while upgrading the WAP device?
A. SNMP fingerprinting
B. HTTP fingerprinting
C. FTP fingerprinting
D. NMAP TCP/IP fingerprinting
正解:C
質問 8:
A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table:
http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY '00:00:10'-
What is the table name?
A. EMP
B. ABC
C. QRT
D. CTS
正解:A
広瀬** -
非常にありがたいです。これだけ内容が充実しているのにこの安さは正直驚きです。