최신 312-50v12 무료덤프 - ECCouncil Certified Ethical Hacker

문제1

Which command can be used to show the current TCP/IP connections?

A. Net use

B. Netsh

C. Net use connection

D. Netstat

정답: B

문제2

Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

A. Introduce more controls to bring risk to 0%

B. Accept the risk

C. Avoid the risk

D. Mitigate the risk

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

In order to tailor your tests during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:
80/tcp open http-proxy Apache Server 7.1.6
what Information-gathering technique does this best describe?

A. Dictionary attack

B. Banner grabbing

C. Brute forcing

D. WhOiS lookup

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제4

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

A. Delete the files and try to determine the source

B. Perform a trap and trace

C. Reload from known good media

D. Reload from a previous backup

E. Copy the system files from a known good system

정답: C

문제5

In Trojan terminology, what is a covert channel?

A. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

B. A legitimate communication path within a computer system or network for transfer of data

C. It is a kernel operation that hides boot processes and services to mask detection

D. A channel that transfers information within a computer system or network in a way that violates the security policy

정답: D

문제6

in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?

A. Chop chop attack

B. Evil twin

C. Wardriving

D. KRACK

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제7

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario?

A. Wireshark

B. CxSAST

C. Nmap

D. Burp Suite

정답: D

문제8

Under what conditions does a secondary name server request a zone transfer from a primary name server?

A. When a secondary SOA is higher that a primary SOA

B. When the TTL falls to zero

C. When a secondary name server has had its service restarted

D. When a primary SOA is higher that a secondary SOA

E. When a primary name server has had its service restarted

정답: D

문제9

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed.
Which security policy must the security analyst check to see if dial-out modems are allowed?

A. Firewall-management policy

B. Permissive policy

C. Remote-access policy

D. Acceptable-use policy

정답: C

문제10

Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

A. initial intrusion

B. Persistence

C. Cleanup

D. Preparation

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제11

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

A. Nikto

B. Dsniff

C. John the Ripper

D. Snort

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제12

What is the purpose of a demilitarized zone on a network?

A. To scan all traffic coming through the DMZ to the internal network

B. To provide a place to put the honeypot

C. To contain the network devices you wish to protect

D. To only provide direct access to the nodes within the DMZ and protect the network behind it

정답: D

문제13

which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?

A. intrusion detection system

B. Botnet
D Firewall

C. Honeypot

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제14

In your cybersecurity class, you are learning about common security risks associated with web servers. One topic that comes up is the risk posed by using default server settings. Why is using default settings ona web - server considered a security risk, and what would be the best initial step to mitigate this risk?

A. Default settings reveal server software type; change these settings

B. Default settings cause server malfunctions; simplify the settings

C. Default settings enable auto-updates; disable and manually patch

D. Default settings allow unlimited login attempts; setup account lockout

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제15

What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

A. Performing content enumeration using the bruteforce mode and 10 threads

B. Shipping SSL certificate verification

C. Performing content enumeration using the bruteforce mode and random file extensions

D. Performing content enumeration using a wordlist

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제16

When discussing passwords, what is considered a brute force attack?

A. You wait until the password expires

B. You attempt every single possibility until you exhaust all possible combinations or discover the password

C. You load a dictionary of words into your cracking program

D. You threaten to use the rubber hose on someone unless they reveal their password

E. You create hashes of a large number of words and compare it with the encrypted passwords

정답: B

최신 312-50v12 무료덤프 - ECCouncil Certified Ethical Hacker

우리와 연락하기

유용한 링크

최신 업데이트