698 お客様のコメント
質問 1:
A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected.
Conventionally it is achieved by comparing the MAC address of the participating wireless devices.
Which of the following attacks can be detected with the help of wireless intrusion detection system (WIDS)?
A. SQL injection
B. Parameter tampering
C. Social engineering
D. Man-in-the-middle attack
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Variables are used to define parameters for detection, specifically those of your local network and/or specific servers or ports for inclusion or exclusion in rules. These are simple substitution variables set with the var keyword. Which one of the following operator is used to define meta-variables?
A. "$"
B. "*"
C. "#"
D. "?"
正解:A
質問 3:
The amount of data stored in organizational databases has increased rapidly in recent years due to the rapid advancement of information technologies. A high percentage of these data is sensitive, private and critical to the organizations, their clients and partners.
Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitizing user inputs first.
Identify the injection attack represented in the diagram below:
A. XPath Injection Attack
B. LDAP Injection Attack
C. Frame Injection Attack
D. SOAP Injection Attack
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
By default, the TFTP server listens on UDP port 69. Which of the following utility reports the port status of target TCP and UDP ports on a local or a remote computer and is used to troubleshoot TCP/IP connectivity issues?
A. PortQry
B. Tracert
C. Telnet
D. Netstat
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Traffic on which port is unusual for both the TCP and UDP ports?
A. Port 443
B. Port21
C. Port 0
D. Port 81
正解:C
質問 6:
Rule of Engagement (ROE) is the formal permission to conduct a pen-test. It provides top- level guidance for conducting the penetration testing.
Various factors are considered while preparing the scope of ROE which clearly explain the limits associated with the security test.
Which of the following factors is NOT considered while preparing the scope of the Rules of
Engagment (ROE)?
A. Points of contact for the penetration testing team
B. Specific IP addresses/ranges to be tested
C. A list of acceptable testing techniques
D. A list of employees in the client organization
正解:D
質問 7:
Which one of the following 802.11 types has WLAN as a network support?
A. 802.11g
B. 802.11-Legacy
C. 802.11n
D. 802.11b
正解:C
質問 8:
Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?
A. Gramm-Leach-Bliley Act (GLBA)
B. USA Patriot Act 2001
C. Sarbanes-Oxley 2002
D. California SB 1386
正解:C
A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected.
Conventionally it is achieved by comparing the MAC address of the participating wireless devices.
Which of the following attacks can be detected with the help of wireless intrusion detection system (WIDS)?
A. SQL injection
B. Parameter tampering
C. Social engineering
D. Man-in-the-middle attack
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Variables are used to define parameters for detection, specifically those of your local network and/or specific servers or ports for inclusion or exclusion in rules. These are simple substitution variables set with the var keyword. Which one of the following operator is used to define meta-variables?
A. "$"
B. "*"
C. "#"
D. "?"
正解:A
質問 3:
The amount of data stored in organizational databases has increased rapidly in recent years due to the rapid advancement of information technologies. A high percentage of these data is sensitive, private and critical to the organizations, their clients and partners.
Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitizing user inputs first.
Identify the injection attack represented in the diagram below:
A. XPath Injection Attack
B. LDAP Injection Attack
C. Frame Injection Attack
D. SOAP Injection Attack
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
By default, the TFTP server listens on UDP port 69. Which of the following utility reports the port status of target TCP and UDP ports on a local or a remote computer and is used to troubleshoot TCP/IP connectivity issues?
A. PortQry
B. Tracert
C. Telnet
D. Netstat
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Traffic on which port is unusual for both the TCP and UDP ports?
A. Port 443
B. Port21
C. Port 0
D. Port 81
正解:C
質問 6:
Rule of Engagement (ROE) is the formal permission to conduct a pen-test. It provides top- level guidance for conducting the penetration testing.
Various factors are considered while preparing the scope of ROE which clearly explain the limits associated with the security test.
Which of the following factors is NOT considered while preparing the scope of the Rules of
Engagment (ROE)?
A. Points of contact for the penetration testing team
B. Specific IP addresses/ranges to be tested
C. A list of acceptable testing techniques
D. A list of employees in the client organization
正解:D
質問 7:
Which one of the following 802.11 types has WLAN as a network support?
A. 802.11g
B. 802.11-Legacy
C. 802.11n
D. 802.11b
正解:C
質問 8:
Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?
A. Gramm-Leach-Bliley Act (GLBA)
B. USA Patriot Act 2001
C. Sarbanes-Oxley 2002
D. California SB 1386
正解:C
Ishikawa -
412-79v9試験対策のテキストです。内容もしっかりしているし、通学通勤時間にも重たい本書を持ち歩かなくても勉強できる。