920 お客様のコメント
質問 1:
Which of the following lists are valid data-gathering activities associated with a risk assessment?
A. System profile, vulnerability identification, security determination
B. Threat identification, vulnerability identification, control analysis
C. Attack profile, defense profile, loss profile
D. Threat identification, response identification, mitigation identification
正解:B
質問 2:
This packet was taken from a packet sniffer that monitors a Web server.
This packet was originally 1514 bytes long, but only the first 512 bytes are shown here. This is the standard hexdump representation of a network packet, before being decoded. A hexdump has three columns: the offset of each line, the hexadecimal data, and the ASCII equivalent. This packet contains a 14-byte Ethernet header, a 20-byte IP header, a 20-byte TCP header, an HTTP header ending in two line-feeds (0D 0A 0D 0A) and then the data. By examining the packet identify the name and version of the Web server?
A. IIS 5.0
B. Apache 1.2
C. Linux WServer 2.3
D. IIS 4.0
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?
A. BeEF
B. NMAP
C. Nessus
D. Metasploit
正解:C
質問 4:
You are the CIO for Avantes Finance International, a global finance company based in Geneva. You are responsible for network functions and logical security throughout the entire corporation. Your company has over 250 servers running Windows Server, 5000 workstations running Windows Vista, and 200 mobile users working from laptops on Windows 7. Last week, 10 of your company's laptops were stolen from salesmen while at a conference in Amsterdam. These laptops contained proprietary company information. While doing damage assessment on the possible public relations nightmare this may become, a news story leaks about the stolen laptops and also that sensitive information from those computers was posted to a blog online. What built-in Windows feature could you have implemented to protect the sensitive information on these laptops?
A. You should have utilized the built-in feature of Distributed File System (DFS) to protect the sensitive information on the laptops
B. You could have implemented Encrypted File System (EFS) to encrypt the sensitive files on the laptops
C. You should have used 3DES which is built into Windows
D. If you would have implemented Pretty Good Privacy (PGP) which is built into Windows, the sensitive information on the laptops would not have leaked out
正解:B
質問 5:
Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose three.)
A. 802.1x Port Based Authentication
B. Port Security
C. IPSec Encryption
D. Network Admission Control (NAC)
E. Intrusion Detection System (IDS)
F. 802.1q Port Based Authentication
正解:A,B,D
質問 6:
In the context of Trojans, what is the definition of a Wrapper?
A. An encryption tool to protect the Trojan
B. A tool used to bind the Trojan with a legitimate file
C. A tool used to encapsulate packets within a new header and footer
D. A tool used to calculate bandwidth and CPU cycles wasted by the Trojan
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
What happens during a SYN flood attack?
A. A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field.
B. A TCP packet is received with both the SYN and the FIN bits set in the flags field.
C. TCP connection requests floods a target machine is flooded with randomized source address & ports for the TCP ports.
D. A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host's address as both source and destination, and is using the same port on the target host as both source and destination.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input fielD.
IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox("Vulnerable");>"
When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".
Which web applications vulnerability did the analyst discover?
A. Command injection
B. Cross-site request forgery
C. Cross-site scripting
D. SQL injection
正解:C
質問 9:
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?
A. Multiple keys for non-repudiation of bulk data
B. Different keys on both ends of the transport medium
C. Bulk encryption for data transmission over fiber
D. The same key on each end of the transmission medium
正解:D
Which of the following lists are valid data-gathering activities associated with a risk assessment?
A. System profile, vulnerability identification, security determination
B. Threat identification, vulnerability identification, control analysis
C. Attack profile, defense profile, loss profile
D. Threat identification, response identification, mitigation identification
正解:B
質問 2:
This packet was taken from a packet sniffer that monitors a Web server.
This packet was originally 1514 bytes long, but only the first 512 bytes are shown here. This is the standard hexdump representation of a network packet, before being decoded. A hexdump has three columns: the offset of each line, the hexadecimal data, and the ASCII equivalent. This packet contains a 14-byte Ethernet header, a 20-byte IP header, a 20-byte TCP header, an HTTP header ending in two line-feeds (0D 0A 0D 0A) and then the data. By examining the packet identify the name and version of the Web server?
A. IIS 5.0
B. Apache 1.2
C. Linux WServer 2.3
D. IIS 4.0
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?
A. BeEF
B. NMAP
C. Nessus
D. Metasploit
正解:C
質問 4:
You are the CIO for Avantes Finance International, a global finance company based in Geneva. You are responsible for network functions and logical security throughout the entire corporation. Your company has over 250 servers running Windows Server, 5000 workstations running Windows Vista, and 200 mobile users working from laptops on Windows 7. Last week, 10 of your company's laptops were stolen from salesmen while at a conference in Amsterdam. These laptops contained proprietary company information. While doing damage assessment on the possible public relations nightmare this may become, a news story leaks about the stolen laptops and also that sensitive information from those computers was posted to a blog online. What built-in Windows feature could you have implemented to protect the sensitive information on these laptops?
A. You should have utilized the built-in feature of Distributed File System (DFS) to protect the sensitive information on the laptops
B. You could have implemented Encrypted File System (EFS) to encrypt the sensitive files on the laptops
C. You should have used 3DES which is built into Windows
D. If you would have implemented Pretty Good Privacy (PGP) which is built into Windows, the sensitive information on the laptops would not have leaked out
正解:B
質問 5:
Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose three.)
A. 802.1x Port Based Authentication
B. Port Security
C. IPSec Encryption
D. Network Admission Control (NAC)
E. Intrusion Detection System (IDS)
F. 802.1q Port Based Authentication
正解:A,B,D
質問 6:
In the context of Trojans, what is the definition of a Wrapper?
A. An encryption tool to protect the Trojan
B. A tool used to bind the Trojan with a legitimate file
C. A tool used to encapsulate packets within a new header and footer
D. A tool used to calculate bandwidth and CPU cycles wasted by the Trojan
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
What happens during a SYN flood attack?
A. A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field.
B. A TCP packet is received with both the SYN and the FIN bits set in the flags field.
C. TCP connection requests floods a target machine is flooded with randomized source address & ports for the TCP ports.
D. A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host's address as both source and destination, and is using the same port on the target host as both source and destination.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input fielD.
IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox("Vulnerable");>"
When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".
Which web applications vulnerability did the analyst discover?
A. Command injection
B. Cross-site request forgery
C. Cross-site scripting
D. SQL injection
正解:C
質問 9:
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?
A. Multiple keys for non-repudiation of bulk data
B. Different keys on both ends of the transport medium
C. Bulk encryption for data transmission over fiber
D. The same key on each end of the transmission medium
正解:D
水崎** -
CPEH-001試験に、短期間で一発合格するための試験対策本です。