312-50v12 시험 - EC-Council실제시험문제와 답 - 503문항

Question No : 1

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

A.USER, NICK
B.LOGIN, NICK
C.USER, PASS
D.LOGIN, USER

정답:

Question No : 2

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

A.Public
B.Private
C.Shared
D.Root

정답:

Question No : 3

Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

A.Overloading Port Address Translation
B.Dynamic Port Address Translation
C.Dynamic Network Address Translation
D.Static Network Address Translation

정답:

Question No : 4

Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%.
Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

A.Accept the risk
B.Introduce more controls to bring risk to 0%
C.Mitigate the risk
D.Avoid the risk

정답:
Explanation:
Risk Mitigation
Risk mitigation can be defined as taking steps to reduce adverse effects. There are four types of risk mitigation strategies that hold unique to Business Continuity and Disaster Recovery. When mitigating risk, it’s important to develop a strategy that closely relates to and matches your company’s profile.

A picture containing diagram
Description automatically generated
Risk Acceptance
Risk acceptance does not reduce any effects; however, it is still considered a strategy. This strategy is a common option when the cost of other risk management options such as avoidance or limitation may outweigh the cost of the risk itself. A company that doesn’t want to spend a lot of money on avoiding risks that do not have a high possibility of occurring will use the risk acceptance strategy.
Risk Avoidance
Risk avoidance is the opposite of risk acceptance. It is the action that avoids any exposure
to the risk whatsoever. It’s important to note that risk avoidance is usually the most expensive of all risk mitigation options.
Risk Limitation
Risk limitation is the most common risk management strategy used by businesses. This strategy limits a company’s exposure by taking some action. It is a strategy employing a bit of risk acceptance and a bit of risk avoidance or an average of both. An example of risk limitation would be a company accepting that a disk drive may fail and avoiding a long period of failure by having backups.
Risk Transference
Risk transference is the involvement of handing risk off to a willing third party. For example, numerous companies outsource certain operations such as customer service, payroll services, etc. This can be beneficial for a company if a transferred risk is not a core competency of that company. It can also be used so a company can focus more on its core competencies.

Question No : 5

env x=’(){ :;};echo exploit’ bash Cc ‘cat/etc/passwd’
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

A.Removes the passwd file
B.Changes all passwords in passwd
C.Add new user to the passwd file
D.Display passwd content to prompt

정답:

Question No : 6

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:
From: [email protected]
To: [email protected] Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ’s email gateway doesn’t prevent what?

A.Email Masquerading
B.Email Harvesting
C.Email Phishing
D.Email Spoofing

정답:
Explanation:
Email spoofing is the fabrication of an email header in the hopes of duping the recipient into thinking the email originated from someone or somewhere other than the intended source. Because core email protocols do not have a built-in method of authentication, it is common for spam and phishing emails to use said spoofing to trick the recipient into trusting the origin of the message.
The ultimate goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation. Although the spoofed messages are usually just a nuisance requiring little action besides removal, the more malicious varieties can cause significant problems and sometimes pose a real security threat.

Question No : 7

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet.
What is the recommended architecture in terms of server placement?

A.All three servers need to be placed internally
B.A web server facing the Internet, an application server on the internal network, a database server on the internal network
C.A web server and the database server facing the Internet, an application server on the internal network
D.All three servers need to face the Internet so that they can communicate between themselves

정답:

Question No : 8

The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it.
Which of the following options can be useful to ensure the integrity of the data?

A.The CFO can use a hash algorithm in the document once he approved the financial statements
B.The CFO can use an excel file with a password
C.The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document
D.The document can be sent to the accountant using an exclusive USB for that document

정답:

Question No : 9

What two conditions must a digital signature meet?

A.Has to be the same number of characters as a physical signature and must be unique.
B.Has to be unforgeable, and has to be authentic.
C.Must be unique and have special characters.
D.Has to be legible and neat.

정답:

Question No : 10

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.
What testing method did you use?

A.Social engineering
B.Piggybacking
C.Tailgating
D.Eavesdropping

정답:
Explanation:
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
Social engineering attacks typically involve some form of psychological manipulation, fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data. Commonly, social engineering involves email or other communication that invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file. Because social engineering involves a human element, preventing these attacks can be tricky for enterprises.

Question No : 11

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

A.symmetric algorithms
B.asymmetric algorithms
C.hashing algorithms
D.integrity algorithms

정답:

Question No : 12

Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the
Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]”.
Which
statement below is true?

A.This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
B.This is a scam because Bob does not know Scott.
C.Bob should write to [email protected] to verify the identity of Scott.
D.This is probably a legitimate message as it comes from a respectable organization.

정답:

Question No : 13

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

A.Residual risk
B.Impact risk
C.Deferred risk
D.Inherent risk

정답:
Explanation:
https://en.wikipedia.org/wiki/Residual_risk
The residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures); in other words, the amount of risk left over after natural or inherent risks have been reduced by risk controls.
・ Residual risk = (Inherent risk) C (impact of risk controls)

Question No : 14

Which type of security feature stops vehicles from crashing through the doors of a building?

A.Bollards
B.Receptionist
C.Mantrap
D.Turnstile

정답:

Question No : 15

Peter is surfing the internet looking for information about DX Company.
Which hacking process is Peter doing?

A.Scanning
B.Footprinting
C.Enumeration
D.System Hacking

정답:

EC-Council 312-50v12 시험