Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?
A. Liability Insurance
B. Rules of Behavior Agreement
C. Non-Disclosure Agreement
D. Penetration Testing Agreement
正解:C
質問 2:
Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search.
link:www.ghttech.net
What will this search produce?
A. All sites that link to ghttech.net
B. All search engines that link to .net domains
C. All sites that ghttech.net links to
D. Sites that contain the code: link:www.ghttech.net
正解:A
質問 3:
The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc.
Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations.
Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.
What is the best way to protect web applications from parameter tampering attacks?
A. Using an easily guessable hashing algorithm
B. Minimizing the allowable length of parameters
C. Validating some parameters of the web application
D. Applying effective input field filtering parameters
正解:D
質問 4:
Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set.
What is Terri trying to accomplish by sending this IP packet?
A. Crash the switch with a DoS attack since switches cannot send ACK bits
B. Enable tunneling feature on the switch
C. Poison the switch's MAC address table by flooding it with ACK bits
D. Trick the switch into thinking it already has a session with Terri's computer
正解:D
質問 5:
Identify the type of firewall represented in the diagram below:
A. Circuit level gateway
B. Packet filter
C. Application level gateway
D. Stateful multilayer inspection firewall
正解:D
質問 6:
Variables are used to define parameters for detection, specifically those of your local network and/or specific servers or ports for inclusion or exclusion in rules. These are simple substitution variables set with the var keyword.
Which one of the following operator is used to define meta-variables?
A. "$"
B. "*"
C. "#"
D. "?"
正解:A
質問 7:
Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?
A. ip.src==10.0.0.7
B. ip.port==10.0.0.7
C. ip.dst==10.0.0.7
D. ip.dstport==10.0.0.7
正解:A
質問 8:
After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet.
Why is that?
A. IPSEC does not work with packet filtering firewalls
B. NAT does not work with statefull firewalls
C. NAT does not work with IPSEC
D. Statefull firewalls do not work with packet filtering firewalls
正解:C
質問 9:
How many possible sequence number combinations are there in TCP/IP protocol?
A. 320 billion
B. 4 billion
C. 1 billion
D. 32 million
正解:B
Goto -
PCでもスマホでも出来るようなので、このECSAv10テキストもやる気がわいてくるような気がします。