ECIH_A_021-030

 =021==

Alice is an incident handler and she has been informed by her lead that the data on affected systems must be backed up so that it can be retrieved if it is damaged during the incident response process.

Alice 是事件處理人員，她的主管告訴她受影響系統上的數據必須備份，以便在事件響應過程中損壞時可以恢復。

She was also told that the system backup can also be used for further investigation of the incident.

她還被告知系統備份也可以用於進一步調查事件。

In which of the following stages of the incident handling and response (IH&R) process does Alice need to do a complete backup of the infected system?

在事件處理和響應 (IH&R) 流程的哪個階段，Alice 需要對受感染的系統進行完整備份？

Ⓐ Containment, 控制

Ⓑ Incident recording, 事件記錄

Ⓒ Incident triage, 事件分類

Ⓓ Eradication, 根除

 

=022==

Clark, a professional hacker, successfully exploited the web application of a target organization by tampering the form and parameter values.

專業駭客 Clark 成功利用目標組織的網頁應用程式，通過篡改表單和參數值。

In result, Clark gained access to the information assets of the organization.

結果，Clark 獲得了該組織的信息資產。

Identify the vulnerability in the web application exploited by the attacker.

確定攻擊者利用的網頁應用程式中的漏洞。

Ⓐ Security misconfiguration, 安全配置錯誤

Ⓑ Sensitive data exposure, 敏感數據暴露

Ⓒ SQL injection, SQL 注入

Ⓓ Broken access control, 訪問控制破損

 

=023==

Mike is investigating a cybercrime at TechSoft Solutions.

Mike 正在調查 TechSoft Solutions 的網路犯罪。

While investigating the case, he needs to collect information on various aspects such as running services, ports, IP addresses, DNS, etc.

在調查案件時，他需要收集各方面的信息，如運行的服務、端口、IP 地址、DNS 等。

Which of the following commands will help Clark to collect such information from running services?

以下哪個命令可以幫助 Clark 從運行的服務中收集這種信息？

Ⓐ netstat -ab, netstat -ab

Ⓑ lsof, lsof

Ⓒ Openfiles, Openfiles

Ⓓ Wmic, Wmic

 

=024==

Sam, an employee from a multinational company, sends e-mails to third-party organizations with a spoofed email address of his organization.

Sam 是一家跨國公司的員工，他使用其組織的假冒電子郵件地址向第三方組織發送電子郵件。

How can you categorize this type of incident?

你如何分類這類事件？

Ⓐ Inappropriate usage incident, 不當使用事件

Ⓑ Network intrusion incident, 網絡入侵事件

Ⓒ Unauthorized access incident, 未經授權的訪問事件

Ⓓ Denial-of-service incident, 拒絕服務事件

 

=025==

Bob, an incident responder at CyberTech Solutions, is investigating a cybercrime attack that occurred in his client company.

Bob 是 CyberTech Solutions 的事件響應人員，正在調查其客戶公司發生的網路犯罪攻擊。

He acquired the evidence data, preserved it, and performed analysis on the acquired evidentiary data to identify the source of the crime and the culprit behind the incident.

他獲取了證據數據，保存並分析了獲取的證據數據，以確定犯罪的源頭和事件背後的罪魁禍首。

Identify the forensic investigation phase in which Bob is currently in.

確定 Bob 目前處於鑑識調查的哪個階段。

Ⓐ Post-investigation phase, 調查後階段

Ⓑ Pre-investigation phase, 調查前階段

Ⓒ Vulnerability assessment phase, 弱點評估階段

Ⓓ Investigation phase, 調查階段

 

=026==

XYZ Inc. was affected by a malware attack and James, being the incident handling and response (IH&R) team personnel handling the incident, found out that the cause of the incident is a backdoor that had bypassed the security perimeter due to an existing vulnerability in the operating system layer.

XYZ Inc. 受到惡意軟體攻擊的影響，James 作為事件處理和響應 (IH&R) 團隊人員負責處理該事件，發現事件的原因是一個後門，由於操作系統層中的現有漏洞而繞過了安全周界。

James had contained the spread of the infection and removed the malware completely.

James 已經控制了感染的蔓延並完全刪除了惡意軟體。

Now the organization asked him to perform an incident impact assessment to identify the impact of the incident over the organization and he was also asked to prepare a detailed report of the incident.

現在，該組織要求他進行事件影響評估，以確定事件對組織的影響，並要求他準備事件的詳細報告。

Which of the following stages in IH&R process is James working on?

James 正在處理 IH&R 流程的哪個階段？

Ⓐ Notification, 通知

Ⓑ Post-incident activities, 事後活動

Ⓒ Eradication, 根除

Ⓓ Evidence gathering and forensics analysis, 證據收集和鑑識分析

 

=027==

Drake has been appointed as an incident handling and response (IH&R) team lead and was assigned to design an IH&R plan and his own team in the company.

Drake 被任命為事件處理和響應 (IH&R) 小組負責人，負責設計 IH&R 計劃和他自己的公司團隊。

Identify the IH&R process step James is currently working on.

確定 James 目前正在進行的 IH&R 流程步驟。

Ⓐ Eradication, 根除

Ⓑ Notification, 通知

Ⓒ Preparation, 準備

Ⓓ Recovery, 恢復

 

=028==

Drake is an incident handler at Dark Cloud Inc.

Drake 是 Dark Cloud Inc. 的事件處理人員。

He is tasked with performing log analysis in order to detect traces left by malicious attackers within the network infrastructure.

他的任務是執行日誌分析，以檢測惡意攻擊者在網絡基礎設施中留下的痕跡。

Which of the following tools should Drake employ in order to view logs in real time and identify malware propagation within the network?

Drake 應該使用以下哪種工具實時查看日誌並識別網絡內的惡意軟體傳播？

Ⓐ netstat, netstat

Ⓑ SPUDIK, SPUDIK

Ⓒ HULK, HULK

Ⓓ Hydra, Hydra

 

=029==

Bran is an incident handler who is assessing the network of the organization.

Bran 是一名事件處理人員，正在評估組織的網絡。

He wants to detect ping sweep attempts on the network using Wireshark.

他希望使用 Wireshark 檢測網絡上的 ping 掃描嘗試。

Which of the following Wireshark filters would Bran use to accomplish this task?

Bran 會使用以下哪種 Wireshark 過濾器來完成此任務？

Ⓐ icmp.type==8, icmp.type==8

Ⓑ icmp.redir_gw, icmp.redir_gw

Ⓒ icmp.icmp, icmp.icmp

Ⓓ icmp.seq, icmp.seq

 

=030==

Which of the following is a standard framework that provides recommendations for implementing information security controls for organizations that initiate, implement, or maintain information security management systems (ISMSs)?

以下哪項是為啟動、實施或維護信息安全管理系統 (ISMS) 的組織提供實施信息安全控制建議的標準框架？

Ⓐ ISO/IEC 27035, ISO/IEC 27035

Ⓑ RFC 2196, RFC 2196

Ⓒ PCI DSS, PCI DSS

Ⓓ ISO/IEC 27002, ISO/IEC 27002

 

 

 

 

BCDAD BCBAD