1034 お客様のコメント
質問 1:
A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped.
Why is an appliance-based firewall is more secure than those implemented on top of the commercial operating system (Software based)?
A. Operating system firewalls are highly configured
B. Firewalls implemented on a hardware firewall are highly scalable
C. Appliance based firewalls cannot be upgraded
D. Hardware appliances does not suffer from security vulnerabilities associated with the underlying operating system
正解:D
質問 2:
Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a type and code field.
Which of the following ICMP messages will be generated if the destination port is not reachable?
A. ICMP Type 5 code 3
B. ICMP Type 11 code 1
C. ICMP Type 3 code 3
D. ICMP Type 3 code 2
正解:C
質問 3:
What threat categories should you use to prioritize vulnerabilities detected in the pen testing report?
A. Low, medium, high, serious, critical
B. 1, 2, 3, 4, 5
C. A, b, c, d, e
D. Urgent, dispute, action, zero, low
正解:A
質問 4:
A Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the application response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.
It is performed when an error message is not received from application while trying to exploit SQL vulnerabilities. The developer's specific message is displayed instead of an error message. So it is quite difficult to find SQL vulnerability in such cases.
A pen tester is trying to extract the database name by using a blind SQL injection. He tests the database using the below query and finally finds the database name.
http://juggyboy.com/page.aspx?id=1; IF (LEN(DB_NAME())=4) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),1,1)))=97) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),2,1)))=98) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),3,1)))=99) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),4,1)))=100) WAITFOR DELAY '00:00:10'--
What is the database name?
A. ABCD
B. EFGH
C. WXYZ
D. PQRS
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A penetration tester performs OS fingerprinting on the target server to identify the operating system used on the target server with the help of ICMP packets.
While performing ICMP scanning using Nmap tool, message received/type displays "3 - Destination Unreachable[5]" and code 3.
Which of the following is an appropriate description of this response?
A. Destination host unavailable
B. Destination port unreachable
C. Destination host unreachable
D. Destination protocol unreachable
正解:B
質問 6:
Identify the type of authentication mechanism represented below:
A. NTLMv1
B. NTLMv2
C. LAN Manager Hash
D. Kerberos
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
What are the 6 core concepts in IT security?
A. Passwords, logins, access controls, restricted domains, configurations, and tunnels
B. Authentication, authorization, confidentiality, integrity, availability, and non-repudiation
C. Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans
D. Server management, website domains, firewalls, IDS, IPS, and auditing
正解:B
A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped.
Why is an appliance-based firewall is more secure than those implemented on top of the commercial operating system (Software based)?
A. Operating system firewalls are highly configured
B. Firewalls implemented on a hardware firewall are highly scalable
C. Appliance based firewalls cannot be upgraded
D. Hardware appliances does not suffer from security vulnerabilities associated with the underlying operating system
正解:D
質問 2:
Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a type and code field.
Which of the following ICMP messages will be generated if the destination port is not reachable?
A. ICMP Type 5 code 3
B. ICMP Type 11 code 1
C. ICMP Type 3 code 3
D. ICMP Type 3 code 2
正解:C
質問 3:
What threat categories should you use to prioritize vulnerabilities detected in the pen testing report?
A. Low, medium, high, serious, critical
B. 1, 2, 3, 4, 5
C. A, b, c, d, e
D. Urgent, dispute, action, zero, low
正解:A
質問 4:
A Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the application response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.
It is performed when an error message is not received from application while trying to exploit SQL vulnerabilities. The developer's specific message is displayed instead of an error message. So it is quite difficult to find SQL vulnerability in such cases.
A pen tester is trying to extract the database name by using a blind SQL injection. He tests the database using the below query and finally finds the database name.
http://juggyboy.com/page.aspx?id=1; IF (LEN(DB_NAME())=4) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),1,1)))=97) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),2,1)))=98) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),3,1)))=99) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),4,1)))=100) WAITFOR DELAY '00:00:10'--
What is the database name?
A. ABCD
B. EFGH
C. WXYZ
D. PQRS
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A penetration tester performs OS fingerprinting on the target server to identify the operating system used on the target server with the help of ICMP packets.
While performing ICMP scanning using Nmap tool, message received/type displays "3 - Destination Unreachable[5]" and code 3.
Which of the following is an appropriate description of this response?
A. Destination host unavailable
B. Destination port unreachable
C. Destination host unreachable
D. Destination protocol unreachable
正解:B
質問 6:
Identify the type of authentication mechanism represented below:
A. NTLMv1
B. NTLMv2
C. LAN Manager Hash
D. Kerberos
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
What are the 6 core concepts in IT security?
A. Passwords, logins, access controls, restricted domains, configurations, and tunnels
B. Authentication, authorization, confidentiality, integrity, availability, and non-repudiation
C. Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans
D. Server management, website domains, firewalls, IDS, IPS, and auditing
正解:B
Minami -
合格できました。
本当に助かります。ありがとうございました。
友人にも貴社Pass4Testの商品を推奨しました。またどうぞよろしくお願いします。