最新的ECCouncil Certified Ethical Hacker Exam (CEHv13) - 312-50v13免費考試真題
At Redwood Financial Group in Boston, Massachusetts, the security leadership team is formalizing a continual security strategy composed of four coordinated activities. During implementation planning, one team is assigned responsibility for reviewing operational data across the enterprise environment to recognize irregular patterns that may indicate malicious activity.
Within this model, which activity is responsible for this responsibility?
Within this model, which activity is responsible for this responsibility?
正確答案: A
說明:(僅 Fast2test 成員可見)
During a security review for a healthcare provider in Denver, Colorado, Ava examines the header of a suspicious message to map the sender ' s outbound email infrastructure. Her goal is to identify which specific system on the sender ' s side processed the message so the team can understand where the transmission originated within that environment. Which detail from the email header should she examine to determine this?
正確答案: B
說明:(僅 Fast2test 成員可見)
During network analysis, clients are receiving incorrect gateway and DNS settings due to a rogue DHCP server. What security feature should the administrator enable to prevent this in the future?
正確答案: D
說明:(僅 Fast2test 成員可見)
A security analyst is tasked with gathering detailed information about an organization ' s network infrastructure without making any direct contact that could be logged or trigger alarms. Which method should the analyst use to obtain this information covertly?
正確答案: B
說明:(僅 Fast2test 成員可見)
Noah, a security analyst at a Seattle-based healthcare provider, is responding to a real-time data breach where attackers accessed patient records stored on a compromised server. During incident response, he must quickly secure sensitive files located on the system's primary storage to prevent further exfiltration. The data resides in a mounted partition that needs full-volume encryption, but standard file encryption isn't sufficient. Noah selects a solution that supports encrypted containers, strong key lengths like 256-bit AES, and can conceal secure volumes within standard ones to reduce detection. His goal is to ensure confidentiality while forensic operations continue without disrupting system functionality.
Which disk encryption tool should Noah deploy to meet these objectives?
Which disk encryption tool should Noah deploy to meet these objectives?
正確答案: D
說明:(僅 Fast2test 成員可見)
A municipal data center in Phoenix, Arizona, deploys a network intrusion detection system to monitor traffic entering its public records portal. During a scheduled red team exercise, authorized testers successfully exploit a vulnerable web service and gain restricted administrative access.
Post-exercise review reveals that the IDS generated a high-severity alert precisely at the time the exploit traffic reached the server. Log correlation confirms that the alert corresponded directly to the malicious activity performed during the test window.
How should this IDS outcome be classified?
Post-exercise review reveals that the IDS generated a high-severity alert precisely at the time the exploit traffic reached the server. Log correlation confirms that the alert corresponded directly to the malicious activity performed during the test window.
How should this IDS outcome be classified?
正確答案: D
說明:(僅 Fast2test 成員可見)
You are an ethical hacker at SilverRock Security, engaged by BayState Credit Union in Boston, Massachusetts, to evaluate their online loan application portal. While testing the customer dashboard, you inject crafted input into a numeric parameter. Instead of returning only the expected loan details, the response also displays sensitive employee information from another table, merged into the same page results. This behavior indicates that the attacker's input successfully combined multiple datasets into a single output.
Based on the observed behavior, which type of SQL injection attack are you exploiting?
Based on the observed behavior, which type of SQL injection attack are you exploiting?
正確答案: A
說明:(僅 Fast2test 成員可見)
A penetration tester performs a vulnerability scan on a company's web server and identifies several medium- risk vulnerabilities related to misconfigured settings. What should the tester do to verify the vulnerabilities?
正確答案: B
說明:(僅 Fast2test 成員可見)
A Windows machine shows disabled Windows Defender without admin approval. What phase is this?
正確答案: A
說明:(僅 Fast2test 成員可見)
A technology consulting firm in Denver, Colorado, recently experienced a wave of suspicious account compromise incidents. Several employees reported receiving an email that appeared identical to a legitimate cloud storage notification they had received earlier that week. The message reused the original branding, formatting, sender display name, and subject line. However, it informed recipients that the previously shared document had been "updated due to synchronization errors" and instructed them to reauthenticate using the embedded link. The link directed users to a convincing replica of the organization's authentication portal.
Investigation revealed that the attacker had reused content from a genuine prior communication and modified only the embedded hyperlink. Which type of social engineering attack does this scenario most accurately represent?
Investigation revealed that the attacker had reused content from a genuine prior communication and modified only the embedded hyperlink. Which type of social engineering attack does this scenario most accurately represent?
正確答案: B
說明:(僅 Fast2test 成員可見)
In Denver, Colorado, ethical hacker Rachel Nguyen is conducting a network security assessment for Apex Logistics, a transportation firm with a complex internal network. During her test, Rachel observes a client- server communication and injects specially crafted packets into the exchange, disrupting the client's session.
As a result, the server continues interacting with Rachel's system while the legitimate client's connection becomes unresponsive. She uses this setup in a controlled environment to demonstrate vulnerabilities to the company's IT team.
What network-level session hijacking technique is Rachel employing in this assessment?
As a result, the server continues interacting with Rachel's system while the legitimate client's connection becomes unresponsive. She uses this setup in a controlled environment to demonstrate vulnerabilities to the company's IT team.
What network-level session hijacking technique is Rachel employing in this assessment?
正確答案: B
說明:(僅 Fast2test 成員可見)
A red team operator wants to obtain credentials from a Windows machine without touching LSASS memory due to security controls and Credential Guard. They use SSPI to generate NetNTLM responses in the logged- in user context and collect those responses for offline cracking. Which attack technique is being used?
正確答案: B
說明:(僅 Fast2test 成員可見)
You are Olivia Chen, an ethical hacker at CyberGuardians Inc., hired to test the wireless network of Skyline Media, a broadcasting company in Chicago, Illinois. Your mission is to breach their WPA2-protected Wi-Fi during a late-night penetration test. Using a laptop in monitor mode, you execute a command to transmit packets that force client devices to disconnect and reconnect, enabling you to capture a four-way handshake for cracking. Based on the described action, which tool are you using?
正確答案: A
說明:(僅 Fast2test 成員可見)
An attacker performs DNS cache snooping using dig +norecurse. The DNS server returns NOERROR but no answer. What does this indicate?
正確答案: C
說明:(僅 Fast2test 成員可見)
Following a suspected data breach at a pharmaceutical research lab in Cambridge, Massachusetts, forensic examiners identified several research documents that had been removed from normal directory listings on a compromised server.
When analysts examined the physical storage sectors previously associated with those files, they found that the sector contents no longer matched the historical allocation records, and no recognizable fragments of the original material could be reconstructed. The disk structure itself remained intact, and the storage medium showed no signs of hardware-level destruction.
Which anti-forensics technique best explains the attacker's actions in this scenario?
When analysts examined the physical storage sectors previously associated with those files, they found that the sector contents no longer matched the historical allocation records, and no recognizable fragments of the original material could be reconstructed. The disk structure itself remained intact, and the storage medium showed no signs of hardware-level destruction.
Which anti-forensics technique best explains the attacker's actions in this scenario?
正確答案: C
說明:(僅 Fast2test 成員可見)