ECIH_A_001-010

 =001==

Patrick is doing a cyber forensic investigation.

Patrick 正在進行網路鑑識調查。

He is in the process of collecting physical evidence at the crime scene.

他正在犯罪現場收集實體證據。

Which of the following elements must he consider while collecting physical evidence?

在收集實體證據時，他必須考慮以下哪些因素？

Ⓐ Published name servers and web application source code, 公開的名稱伺服器和網頁應用程式源代碼

Ⓑ DNS information including domain and subdomains, DNS 資訊，包括域名和子域名

Ⓒ Removable media, cable, and publications, 可移動媒介、電纜和出版物

Ⓓ Open ports, services, and operating system (OS) vulnerabilities, 開放的端口、服務和作業系統（OS）漏洞

 

=002==

Eric works as a system administrator at ABC organization

Eric 是 ABC 組織的系統管理員

and previously granted several users with access privileges to the organization's systems with unlimited permissions.

先前授予多名使用者無限許可權來訪問該組織的系統。

These privileged users could prospectively misuse their rights unintentionally, maliciously, or could be deceived by attackers that could allow them to perform malicious activities.

這些擁有特權的使用者可能會無意間、惡意地或被攻擊者欺騙而濫用其權利，從而執行惡意活動。

Which of the following guidelines would help incident handlers eradicate insider attacks by privileged users?

以下哪項指南將幫助事件處理人員根除特權使用者的內部攻擊？

Ⓐ Do not allow administrators to use unique accounts during the installation process, 不允許管理員在安裝過程中使用唯一帳戶

Ⓑ Use the encryption methods to prevent administrators and privileged users from accessing backup tapes and disks, 使用加密方法防止管理員和特權使用者訪問備份磁帶和磁碟

Ⓒ Do not change the access to the administrators and privileged users, 不要更改對管理員和特權使用者的訪問權限

Ⓓ Do not use default administrative accounts to ensure accountability, 不要使用預設的管理帳戶以確保問責制

 

=003==

Which of the following email security tools can be used by an incident handler to prevent the organization against evolving email threats?

以下哪種電子郵件安全工具可供事件處理人員使用，以防止組織面臨不斷發展的電子郵件威脅？

Ⓐ MxToolbox, MxToolbox

Ⓑ G Suite Toolbox, G Suite Toolbox

Ⓒ Email Header Analyzer, Email Header Analyzer

Ⓓ Gpg4win, Gpg4win

 

=004==

Racheal is an incident handler working at an organization called InceptionTech.

Racheal 是一家名為 InceptionTech 的組織的事件處理人員。

Recently, numerous employees have been complaining about receiving emails from unknown senders.

最近，許多員工抱怨收到來自未知發件人的電子郵件。

In order to prevent employees from spoofing emails and keeping security in mind, Racheal was asked to take appropriate actions in this matter.

為了防止員工欺騙電子郵件並考慮到安全性，Racheal 被要求採取適當的行動。

As a part of her assignment, she needs to analyze the email headers to check the authenticity of received emails.

作為任務的一部分，她需要分析電子郵件標頭以檢查收到的電子郵件的真實性。

Which of the following protocol/authentication standards she must check in email header to analyze the email authenticity?

她必須檢查電子郵件標頭中的哪些協定/驗證標準以分析電子郵件的真實性？

Ⓐ POP, POP

Ⓑ SNMP, SNMP

Ⓒ DKIM, DKIM

Ⓓ ARP, ARP

 

=005==

Bonney's system has been compromised by a gruesome malware.

Bonney 的系統已被可怕的惡意軟體攻擊。

What is the primary step that is necessary to perform in order to contain the malware incident from spreading?

為了防止惡意軟體事件擴散，必須採取的主要步驟是什麼？

What is the cause of this issue?

這個問題的原因是什麼？

Ⓐ Complaint to police in a formal way regarding the incident, 正式向警方投訴該事件

Ⓑ Turn off the infected machine, 關閉受感染的機器

Ⓒ Leave it to network administrators to handle, 交由網路管理員處理

Ⓓ Call the legal department in the organization and inform about the incident, 通知組織內的法律部門並告知事件

 

=006==

Worried about getting caught, he decided to forge his identity.

擔心被抓，他決定偽造身份。

To do so, he created a new identity by obtaining information from different victims.

為此，他通過獲取不同受害者的資訊創建了一個新身份。

Identify the type of identity theft Adam has performed.

確定 Adam 執行的身份盜用類型。

Ⓐ Medical identity theft, 醫療身份盜用

Ⓑ Social identity theft, 社會身份盜用

Ⓒ Synthetic identity theft, 合成身份盜用

Ⓓ Tax identity theft, 稅務身份盜用

 

=007==

Rinni is an incident handler and she is performing memory dump analysis.

Rinni 是事件處理人員，她正在執行記憶體傾印分析。

Which of following tools she can use in order to perform a memory dump analysis?

她可以使用以下哪種工具來進行記憶體傾印分析？

Ⓐ NetSim, NetSim

Ⓑ OllyDbg and IDA Pro, OllyDbg 和 IDA Pro

Ⓒ Procmon and ProcessExplorer, Procmon 和 ProcessExplorer

Ⓓ Scylla and OllyDumpEx, Scylla 和 OllyDumpEx

 

=008==

Rose is an incident handler and is responsible for detecting and eliminating any kind of scanning attempts over the network by malicious threat actors.

Rose 是事件處理人員，負責檢測和消除惡意威脅行為者在網路上的任何掃描嘗試。

Rose uses Wireshark to sniff the network and detect any noise in the network by malicious threat actors.

Rose 使用 Wireshark 嗅探網路並檢測惡意威脅行為者在網路上的任何噪音。

While doing so, Rose is going through the following Wireshark filters.

在此過程中，Rose 使用以下 Wireshark 過濾器。

Which of the following Wireshark filters can be used by her to detect the Xmas scan attempt by the attacker?

她可以使用以下哪種 Wireshark 過濾器來檢測攻擊者的 Xmas 掃描嘗試？

Ⓐ tcp.flags.reset==1, tcp.flags.reset==1

Ⓑ tcp.flags==0x00, tcp.flags==0x00

Ⓒ tcp.flags==0x029, tcp.flags==0x029

Ⓓ tcp.dstport==7, tcp.dstport==7

 

=009==

Which of the following is not a countermeasure to eradicate cloud security incidents?

以下哪項不是根除雲端安全事件的對策？

Ⓐ Checking for data protection at both design and runtime, 檢查設計和運行時的資料保護

Ⓑ Disabling security options such as two-factor authentication and CAPTCHA, 停用雙因素驗證和 CAPTCHA 等安全選項

Ⓒ Patching the database vulnerabilities and improving the isolation mechanism, 修補資料庫漏洞並改進隔離機制

Ⓓ Removing the malware files and traces from the affected components, 從受影響的組件中移除惡意軟體檔案和痕跡

 

=010==

Who is mainly responsible for providing proper network services and handling network-related incidents in each cloud service model?

在每個雲端服務模型中，誰主要負責提供適當的網路服務和處理網路相關事件？

Ⓐ Cloud brokers, 雲端經紀人

Ⓑ Cloud service provider, 雲端服務提供者

Ⓒ Cloud consumer, 雲端消費者

Ⓓ Cloud auditor, 雲端審計員

 

CDDCB CBCBB