最新なEC-COUNCIL ECSAv10問題集（205題）、真実試験の問題を全部にカバー！

質問 1：
Which of the following equipment could a pen tester use to perform shoulder surfing?
A. Binoculars
B. Microphone
C. All the above
D. Painted ultraviolet material
正解：A

質問 2：
You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities:
<script>alert("This is a test.")</script>
When you type this and click on search, you receive a pop-up window that says:
"This is a test."
What is the result of this test?
A. Your website is vulnerable to web bugs
B. Your website is vulnerable to SQL injection
C. Your website is not vulnerable
D. Your website is vulnerable to XSS
正解：D

質問 3：
Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?
A. Location/Data Examined Tools
B. Active/Passive Tools
C. Application-layer Vulnerability Assessment Tools
D. Scope Assessment Tools
正解：D

質問 4：
DNS information records provide important data about:
A. Location and Type of Servers
B. Agents Providing Service to Company Staff
C. New Customer
D. Phone and Fax Numbers
正解：A

質問 5：
Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.
A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?
A. Host-based Assessment
B. External Assessment
C. Application Assessment
D. Passive Assessment
正解：C

質問 6：
A firewall's decision to forward or reject traffic in network filtering is dependent upon which of the following?
A. Port numbers
B. Source address
C. Protocol used
D. Destination address
正解：C

質問 7：
Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM.
NTLM and LM authentication protocols are used to securely store a user's password in the SAM database using different hashing methods.

The SAM file in Windows Server 2008 is located in which of the following locations?
A. c:\windows\system32\Boot\SAM
B. c:\windows\system32\drivers\SAM
C. c:\windows\system32\Setup\SAM
D. c:\windows\system32\config\SAM
正解：A

質問 8：
A framework for security analysis is composed of a set of instructions, assumptions, and limitations to analyze and solve security concerns and develop threat free applications.
Which of the following frameworks helps an organization in the evaluation of the company's information security with that of the industrial standards?
A. Microsoft Internet Security Framework
B. The IBM Security Framework
C. Nortell's Unified Security Framework
D. Information System Security Assessment Framework
正解：D

質問 9：
A penetration test consists of three phases: pre-attack phase, attack phase, and post-attack phase.

Active reconnaissance which includes activities such as network mapping, web profiling, and perimeter mapping is a part which phase(s)?
A. Post-attack phase
B. Pre-attack phase
C. Pre-attack phase and attack phase
D. Attack phase
正解：B