112-52 시험 - EC-Council실제시험문제와 답 - 163문항

Question No : 1

Which of the following is typically identified during a vulnerability assessment?

A.Employee susceptibility to phishing
B.Outdated software versions
C.Security awareness training gaps
D.Encryption standards in use

정답:

Question No : 2

Which activity is outside the scope of an ethical hacker?

A.Identifying vulnerabilities in a client's systems
B.Exploiting vulnerabilities without intent to harm
C.Informing hardware and software vendors of identified vulnerabilities
D.Launching a DDoS attack to test system resilience

정답:

Question No : 3

What technique involves the social engineer pretending to be someone else to obtain sensitive information?

A.Phishing
B.Baiting
C.Pretexting
D.Tailgating

정답:

Question No : 4

Which term refers to an unauthorized device that connects to a wireless network?

A.Rogue access point
B.Packet sniffer
C.Evil twin
D.War driving

정답:

Question No : 5

Which is the MOST effective countermeasure against social engineering attacks?

A.Employee security awareness training
B.Strong encryption algorithms
C.Network traffic monitoring
D.Port hardening

정답:

Question No : 6

Which attack targets the configuration and administration of the web server itself?

A.Directory traversal
B.Buffer overflow
C.DNS spoofing
D.Man-in-the-middle attack

정답:

Question No : 7

In the context of information security, what does the 'CIA triad' stand for?

A.Confidentiality, Integrity, Availability
B.Certification, Identification, Authorization
C.Confidentiality, Insurance, Accountability
D.Control, Isolation, Authentication

정답:

Question No : 8

Which of the following statements about SQL injection attacks is true?

A.They can only be executed via GET requests.
B.They are only successful on outdated database systems.
C.They can reveal sensitive data from the database.
D.They require the attacker to have direct access to the database server.

정답:

Question No : 9

Containers offer a lightweight alternative to virtual machines by sharing the host OS's kernel.
What is a key security practice for containers?

A.Running containers with default settings
B.Using containers to run multiple different applications on a single host
C.Regularly scanning containers and images for vulnerabilities
D.Ensuring containers use as much host resource as possible

정답:

Question No : 10

Which tool is widely used for password recovery by trying millions of combinations per second?

A.Cain & Abel
B.John the Ripper
C.Nessus
D.Wireshark

정답:

Question No : 11

Which type of attack exploits the trust that a site has in a user's browser?

A.SQL Injection
B.Cross-Site Scripting (XSS)
C.Phishing
D.Session Hijacking

정답:

Question No : 12

Which is a security challenge unique to IoT environments?

A.Infrequent firmware updates
B.Infrequent firmware updates
C.Strong authentication mechanisms
D.Abundant computing resources

정답:

Question No : 13

What vulnerability is particularly concerning for IoT devices due to their widespread and often unattended deployment?

A.Cross-site scripting
B.Insecure default configurations
C.Buffer overflow attacks
D.Social engineering

정답:

Question No : 14

Which attack involves overwhelming a web server with traffic, making it inaccessible to legitimate users?

A.SQL Injection
B.Cross-Site Scripting (XSS)
C.Denial of Service (DoS)
D.Cross-Site Request Forgery (CSRF)

정답:

Question No : 15

What is an effective countermeasure against wireless sniffing?

A.Using strong encryption protocols like WPA3
B.Employing MAC address filtering
C.Setting up hidden SSIDs
D.Regular password changes

정답:

EC-Council 112-52 시험