大鐵的資安筆記

  =071== Which of the following GPG18 and Forensic readiness planning (SPF) principles states that "organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business"? 以下哪一項 GPG18 和鑑識準備計劃（ SPF ）原則指出，“組織應採用基於情境的鑑識準備計劃方法，從業務中獲得的經驗中學習”？ A. Principle 3 原則 3 B. Principle 5 原則 5 C. Principle 2 原則 2 D. Principle 7 原則 7 =072== An attacker uncovered websites a target individual was frequently surfing. 攻擊者發現了一個目標個體經常瀏覽的網站。 The attacker then tested those particular websites to identify possible vulnerabilities. 然後，攻擊者測試了這些特定網站以識別可能的漏洞。 After detecting vulnerabilities within a website, the attacker started injecting malicious script/code into the web application that would redirect the webpage and download the malware onto the victim’s machine. 在發現網站漏洞後，攻擊者開始向網頁應用程式注入惡意腳本 / 代碼，這些代碼會重定向網頁並將惡意軟體下載到受害者的機器上。 After infecting the vulnerable web application, the attacker waited for the victim to ac...

  =061== Which of the following types of fuzz testing strategies does new data get generated from scratch, and the amount of data generated is predefined based on the testing model? 以下哪一種模糊測試策略是從頭開始生成新數據，並且生成的數據量是根據測試模型預先定義的？   A. Log-based fuzz testing 日誌為基礎的模糊測試， B. Protocol-based fuzz testing 協議為基礎的模糊測試， C. Mutation-based fuzz testing 變異為基礎的模糊測試， D. Generation-based fuzz testing 生成為基礎的模糊測試   =062== Identify the Sarbanes–Oxley Act (SOX) Title, which consists of only one section, that includes measures designed to help restore investor confidence in the reporting of securities analysts. 識別《薩班斯 - 奧克斯利法案》（ SOX ）中僅包含一節的標題，其中包括旨在幫助恢復投資者對證券分析師報告的信心的措施。   A. Title VIII: Corporate and Criminal Fraud Accountability 第八標題：公司和刑事欺詐問責， B. Title IX: White-Collar-Crime Penalty Enhancement 第九標題：白領犯罪懲罰加重， C. Title V: Analyst Conflicts of Interest 第五標題：分析師利益衝突， D. Title VII: Studies and Reports 第七標題：研究和報告   =063== Alex is an incident handler...

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段，已識別的安全事件會被分析、驗證、分類和優先排序？ A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件？ A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天，她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...