ECIH_A_031-040

 =031==

John is performing a memory dump analysis in order to find traces of malware.

John 正在執行記憶體轉儲分析，以尋找惡意軟體的痕跡。

He has employed Volatility tool in order to achieve his objective.

他使用了 Volatility 工具來達成他的目標。

Which of the following volatility framework commands he will use in order to analyze the running process from the memory dump?

他將使用以下哪個 Volatility 框架命令來分析記憶體轉儲中的運行過程？

Ⓐ python vol.py hivelist --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem

Ⓑ python vol.py pslist --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem

Ⓒ python vol.py imageinfo -f /root/Desktop/memdump.mem

Ⓓ python vol.py svcsan --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem | more

 

=032==

Which of the following processes is referred to as an approach to respond to the security incidents that occur in an organization and enables the response team by ensuring that they know exactly what process to follow in case of security incidents?

以下哪一個流程是指針對組織中發生的安全事件做出回應的方法，並確保響應團隊在發生安全事件時知道確切的處理流程？

Ⓐ Vulnerability management 弱點管理

Ⓑ Risk assessment 風險評估

Ⓒ Incident management 事件管理

Ⓓ Threat assessment 威脅評估

 

=033==

Which of the following is the correct flow of the stages in an incident handling and response (IH&R) process?

以下哪一項是事件處理與響應 (IH&R) 流程中階段的正確順序？

Ⓐ Preparation Incident recording Incident triage Containment Eradication Recovery Post-incident activities

準備 事件記錄 事件分流 控制 根除 恢復 事件後活動

Ⓑ Containment Incident recording Incident triage Preparation Recovery Eradication Post-incident activities

控制 事件記錄 事件分流 準備 恢復 根除 事件後活動

Ⓒ Containment Incident recording Incident triage Eradication Incident recording Preparation Recovery Post-incident activities

控制 事件記錄 事件分流 根除 事件記錄 準備 恢復 事件後活動

Ⓓ Incident triage Eradication Containment Incident recording Preparation Recovery Post-incident activities

事件分流 根除 控制 事件記錄 準備 恢復 事件後活動

 

=034==

Which stage of the incident response and handling process involves auditing the system and network log files?

事件響應和處理過程中的哪一個階段涉及審核系統和網絡日誌文件？

Ⓐ Containment 控制

Ⓑ Incident disclosure 事件披露

Ⓒ Incident eradication 事件根除

Ⓓ Incident triage 事件分流

 

=035==

Stanley is an incident handler working for Texa Corp., a United States based organization.

Stanley 是一名在 Texa Corp.（一家位於美國的組織）工作的事件處理人員。

With the growing concern of increasing emails from outside the organization, Stanley was asked to take appropriate actions to keep the security of the organization intact.

隨著來自組織外部的電子郵件不斷增加的擔憂，Stanley 被要求採取適當的行動以保持組織的安全。

In the process of detecting and cleaning malicious emails, Stanley asked to check the validity of the emails received by employees.

在檢測和清理惡意電子郵件的過程中，Stanley 被要求檢查員工接收的電子郵件的有效性。

Identify the tool Stanley can use to accomplish this task.

請確定 Stanley 可以用來完成此任務的工具。

Ⓐ Email Dossier 電子郵件檔案

Ⓑ PointMail 點郵件

Ⓒ PoliteMail 禮貌郵件

Ⓓ EventLog Analyzer 事件日誌分析器

 

 

=036==

Which of the following is not the responsibility of first responders?

以下哪一項不是第一響應者的責任？

Ⓐ Packaging and transporting the electronic evidence 包裝和運送電子證據

Ⓑ Protecting the crime scene 保護犯罪現場

Ⓒ Preserving temporary and fragile evidence and then shut down or reboot the victim's computer 保護臨時和易碎的證據，然後關閉或重新啟動受害者的計算機

Ⓓ Identifying the crime scene 確認犯罪現場

 

=037==

Identify the network security incident where intended or authorized users are prevented from using system, network, or applications by flooding the network with a high volume of traffic that consumes all existing network resources.

識別以下哪一種網絡安全事件，即通過大量流量淹沒網絡，消耗所有現有的網絡資源，從而阻止預期或授權用戶使用系統、網絡或應用程序。

Ⓐ SQL injection SQL 注入

Ⓑ URL manipulation URL 操作

Ⓒ XSS attack XSS 攻擊

Ⓓ Denial-of-service 拒絕服務

 

=038==

Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

多組件事件包括系統中兩種或更多種攻擊的組合。以下哪一項不是多組件事件？

Ⓐ An attacker infecting a machine to launch a DDoS attack 攻擊者感染一台機器以發動 DDoS 攻擊

Ⓑ An insider intentionally deleting files from a workstation 內部人員故意從工作站刪除文件

Ⓒ An attacker redirecting user to a malicious website and infects his system with Trojan 攻擊者將用戶重定向到惡意網站並用木馬感染他的系統

Ⓓ An attacker using email with malicious code to infect internal workstation 攻擊者使用帶有惡意代碼的電子郵件感染內部工作站

 

=039==

Otis is an incident handler working in the Delmont organization.

Otis 是在 Delmont 組織工作的事件處理人員。

Recently, the organization is facing several attacks because of the threat they perceived by its revenues are going up.

最近，由於他們認為收入增加所帶來的威脅，該組織面臨多次攻擊。

Otis was asked to take charge and look into the matter.

Otis 被要求負責並調查此事。

While auditing the enterprise security, he found the traces of an attack where proprietary information was stolen from the enterprise network and shared on their competitors.

在審核企業安全時，他發現了攻擊的痕跡，其中專有信息被從企業網絡中盜取並共享給競爭對手。

Which of the following information security incidents did the Delmont organization face?

Delmont 組織面臨以下哪種信息安全事件？

Ⓐ Unauthorized access 未經授權的訪問

Ⓑ Network and resource abuses 網絡和資源濫用

Ⓒ Email-based abuse 基於電子郵件的濫用

Ⓓ Espionage 間諜活動

 

=040==

Which of the following methods help incident responders to reduce the falsepositive alert rates and further provide benefits of focusing on top priority issues, thereby reducing potential risk and corporate liabilities?

以下哪種方法有助於事件響應者減少誤報率，並進一步提供專注於優先事項的好處，從而減少潛在風險和公司責任？

Ⓐ Threat contextualization 威脅情境化

Ⓑ Threat profiling 威脅描述

Ⓒ Threat attribution 威脅歸因

Ⓓ Threat correlation 威脅關聯

 

BCADB CDBDD