최신 312-50v10 무료덤프 - EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)

문제1

What is the purpose of DNS AAAA record?

A. IPv6 address resolution record

B. Authorization, Authentication and Auditing record

C. Address database record

D. Address prefix record

정답: A

문제2

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

A. LOGIN, USER

B. LOGIN, NICK

C. USER, PASS

D. USER, NICK

정답: D

문제3

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

A. A senior creation approach

B. A bottom-up approach

C. A top-down approach

D. An IT assurance approach

정답: C

문제4

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?

A. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.

B. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.

C. The operator knows that attacks and down time are inevitable and should have a backup site.

D. As long as the physical access to the network elements is restricted, there is no need for additional measures.

정답: A

문제5

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place.
He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

A. Software only, they are the most effective.

B. Passwords are always best obtained using Hardware key loggers.

C. Hardware, Software, and Sniffing.

D. Hardware and Software Keyloggers.

정답: C

문제6

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

A. At least twice a year or after any significant upgrade or modification

B. At least once a year and after any significant upgrade or modification

C. At least once every two years and after any significant upgrade or modification

D. At least once every three years or after any significant upgrade or modification

정답: B

문제7

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?

A. Place a front-end web server in a demilitarized zone that only handles external web traffic

B. Issue new certificates to the web servers from the root certificate authority

C. Require all employees to change their passwords immediately

D. Move the financial data to another server on the same IP subnet

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제8

Which of the following provides a security professional with most information about the system's security posture?

A. Social engineering, company site browsing, tailgating

B. Phishing, spamming, sending trojans

C. Port scanning, banner grabbing, service identification

D. Wardriving, warchalking, social engineering

정답: C

문제9

What is the proper response for a NULL scan if the port is closed?

A. RST

B. SYN

C. FIN

D. PSH

E. No response

F. ACK

정답: A

문제10

A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0.
How can NMAP be used to scan these adjacent Class C networks?

A. NMAP -P 192.168.0.0/16

B. NMAP -P 192.168.1.0,2.0,3.0,4.0,5.0

C. NMAP -P 192.168.1/17

D. NMAP -P 192.168.1-5.

정답: D

문제11

What does the option * indicate?

A. s

B. a

C. n

D. t

정답: C

문제12

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

A. Request type=ns

B. Locate type=ns

C. Transfer type=ns

D. Set type=ns

정답: D

문제13

It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?

A. Eradication

B. Discovery

C. Containment

D. Recovery

정답: C

최신 312-50v10 무료덤프 - EC-COUNCIL Certified Ethical Hacker Exam (CEH v10)

우리와 연락하기

유용한 링크

최신 업데이트