312-50v13 試験問題を無料オンラインアクセス

A penetration tester submits altered ciphertexts to a web server and pays close attention to how the server responds. When the server produces different error messages for certain inputs, the tester starts to infer which inputs result in valid internal processing. Which cryptanalytic method is being used in this scenario?

• A.Compare traffic timing to deduce the key
• B.Exploit padding error feedback to recover data
• C.Flip bits randomly to scramble the decryption
• D.Inspect randomness across multiple sessions

During an ethical hacking exercise, a security analyst is testing a web application that manages confidential information and suspects it may be vulnerable to SQL injection. Which payload would most likely reveal whether the application is vulnerable to time-based blind SQL injection?

• A.' OR ' 1 ' = ' 1 ' --
• B.UNION SELECT NULL, NULL, NULL--
• C.' OR IF(1=1,SLEEP(5),0)--
• D.AND UNION ALL SELECT ' admin ' , ' admin ' --

During a red team exercise, a Certified Ethical Hacker (CEH) is attempting to exploit a potential vulnerability in a target organization's web server. The CEH has completed the information gathering and footprinting phases and has mirrored the website for offline analysis. It has also been discovered that the server is vulnerable to session hijacking. Which of the following steps is most likely to be part of a successful attack methodology while minimizing the possibility of detection?

• A.Hijack an active session and immediately modify server configuration files.
• B.Attempt SQL injection to extract sensitive database information.
• C.Perform vulnerability scanning using automated tools to identify additional weaknesses.
• D.Launch a direct brute-force attack to crack the server's administrative password.

In the bustling tech hub of Silicon Valley, cybersecurity investigator Elena Martinez found herself deep into a late-night investigation at Horizon Tech Solutions on July 7, 2025. The company had reported sporadic network disruptions affecting their research team ' s access to critical project files. Elena, working under the cover of a maintenance window from midnight to 3 AM PDT, began monitoring the internal network, focusing on a subnet reserved for the R & D department. She noticed a pattern of failed connection attempts logged just before each disruption, with multiple hosts reporting temporary IP address conflicts. Suspecting foul play, Elena deployed a discreet test to simulate an internal threat scenario. Shortly afterward, several workstations began showing unfamiliar gateway settings and redirected users to misleading login portals during routine access attempts. Despite these anomalies, no security alerts were triggered.
What type of attack technique did Elena most likely simulate?

• A.DHCP Starvation Attack
• B.Packet Sniffing
• C.Rogue DHCP Server Attack
• D.MAC Flooding

During a covert red team engagement, a penetration tester is tasked with identifying live hosts in a target organization's internal subnet (10.0.0.0/24) without triggering intrusion detection systems (IDS). To remain undetected, the tester opts to use the command nmap -sn -PE 10.0.0.0/24, which results in several " Host is up
" responses, even though the organization's IDS is tuned to detect high-volume scans. After the engagement, the client reviews the logs and is surprised that the scan was not flagged. What allowed the scan to complete without triggering alerts?

• A.It used TCP ACK packets that were allowed through.
• B.It performed an ICMP Echo ping sweep without port probing.
• C.It used UDP packets that bypassed ICMP inspection.
• D.It scanned only the ports open in the firewall whitelist.