This method is used to determine the Operating system and version running on a remote target system. What is it called?
A. OS Fingerprinting
B. Manual Target System
C. Service Degradation
D. Identification Scanning
正解:A
質問 2:
Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?
A. Finger
B. Samba
C. FTP
D. SMB
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Joe the Hacker breaks into XYZ's Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode.
What can Joe do to hide the wiretap program from being detected by ifconfig command?
A. Run the wiretap program in stealth mode from being detected by the ifconfig command.
B. You cannot disable Promiscuous mode detection on Linux systems.
C. Block output to the console whenever the user runs ifconfig command by running screen capture utiliyu
D. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
A very useful resource for passively gathering information about a target company is:
A. Whois search
B. Host scanning
C. Traceroute
D. Ping sweep
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Rebecca has noted multiple entries in her logs about users attempting to connect on ports that are either not opened or ports that are not for public usage. How can she restrict this type of abuse by limiting access to only specific IP addresses that are trusted by using one of the built-in Linux Operating System tools?
A. Install an intrusion detection system on her computer such as Snort.
B. Ensure all files have at least a 755 or more restrictive permissions.
C. Configure and enable portsentry on his server.
D. Configure rules using ipchains.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
What is War Dialing?
A. War dialing is a vulnerability scanning technique that penetrates Firewalls
B. War dialing involves the use of a program in conjunction with a modem to penetrate the modem/PBX-based systems
C. It is a social engineering technique that uses Phone calls to trick victims
D. Involves IDS Scanning Fragments to bypass Internet filters and stateful Firewalls
正解:B
質問 7:
You receive an email with the following message:
Hello Steve,
We are having technical difficulty in restoring user database record after the recent blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com and change your password.
http://[email protected]/support/logon.htm
If you do not reset your password within 7 days, your account will be permanently disabled locking you out from our e-mail services.
Sincerely,
Technical Support
SuperEmailServices
From this e-mail you suspect that this message was sent by some hacker since you have been using their e-mail services for the last 2 years and they have never sent out an e-mail such as this. You also observe the URL in the message and confirm your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers. You immediately enter the following at Windows 2000 command prompt:
Ping 0xde.0xad.0xbe.0xef
You get a response with a valid IP address.
What is the obstructed IP address in the e-mail URL?
A. 222.173.190.239
B. 54.23.56.55
C. 199.223.23.45
D. 233.34.45.64
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster's office site in order to find relevant information. What would you call this kind of activity?
A. Dumpster Diving
B. Garbage Scooping
C. CI Gathering
D. Scanning
正解:A
質問 9:
Harold is the senior security analyst for a small state agency in New York. He has no other security professionals that work under him, so he has to do all the security-related tasks for the agency. Coming from a computer hardware background, Harold does not have a lot of experience with security methodologies and technologies, but he was the only one who applied for the position. Harold is currently trying to run a Sniffer on the agency's network to get an idea of what kind of traffic is being passed around, but the program he is using does not seem to be capturing anything. He pours through the Sniffer's manual, but cannot find anything that directly relates to his problem. Harold decides to ask the network administrator if he has any thoughts on the problem. Harold is told that the Sniffer was not working because the agency's network is a switched network, which cannot be sniffed by some programs without some tweaking. What technique could Harold use to sniff his agency's switched network?
A. Flood the switch with ICMP packets
B. Launch smurf attack against the switch
C. ARP spoof the default gateway
D. Conduct MiTM against the switch
正解:C
Honjou -
GAQMのCPEH-001の問題集を習得して本場試験に合格した。しかも高得点。次はPPM-001に挑戦したいと思います!