跳到主要內容

ECIH_A_041-050

 =041==

Which of the following types of insider threats involves an insider who is uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency?

下列哪一種類型的內部威脅涉及對潛在安全威脅不夠了解或僅僅為了滿足工作場所效率而繞過一般安全程序的內部人員?

Professional insider 專業內部人員

Malicious insider 惡意內部人員

Compromised insider 被妥協的內部人員

Negligent insider 疏忽的內部人員

 

=042==

Adam is an incident handler who intends to use DBCC LOG command to analyze a database and retrieve the active transaction log files for the specified database.

Adam 是一名事件處理員,他打算使用 DBCC LOG 命令來分析數據庫並檢索指定數據庫的活動事務日誌文件。

The syntax of DBCC LOG command is DBCC LOG(<databasename>, <type>, <output>), where the output parameter specifies the level of information an incident handler wants to retrieve.

DBCC LOG 命令的語法是 DBCC LOG(<數據庫名稱>, <類型>, <輸出>),其中輸出參數指定事件處理員希望檢索的信息級別。

If Adam wants to retrieve the full information on each operation along with the hex dump of a current transaction row, which of the following output parameters should Adam use?

如果 Adam 想檢索每個操作的全部信息以及當前交易行的十六進制轉儲,他應該使用下列哪個輸出參數?

0

1

3

4

 

=043==

Eric works as an incident handler at Eirnol software systems.

Eric Eirnol 軟體系統公司擔任事件處理員。

He was assigned a task to protect the organization from any kind of DoS/DDoS attacks.

他被指派了一項任務來保護公司免受任何形式的 DoS/DDoS 攻擊。

Which of the following tools can be used by Eric to accomplish this task?

以下哪一種工具可以用來幫助 Eric 完成這項任務?

Tcptrace

Hydra

Wireshark

IDA

 

=044==

Which of the following encoding techniques replaces unusual ASCII characters with '%' followed by the character's two-digit ASCII code expressed in hexadecimal?

下列哪一種編碼技術將不常見的 ASCII 字符替換為 '%',後跟以十六進制表示的字符的兩位 ASCII 代碼?

Unicode encoding

URL encoding

HTML encoding

Base64 encoding

 

=045==

Chandler is a professional hacker who is targeting an organization called Technote.

Chandler 是一名專業駭客,他的目標是名為 Technote 的公司。

He wants to obtain the important organizational information that is being transmitted between different hierarchies.

他想獲取在不同層級之間傳輸的重要組織信息。

He proceeds in sniffing the data packets transmitted through the network and then analyzing them to gather packet details such as network, ports, protocols, devices, issues in network transmission, and other network-related information.

他開始攔截通過網絡傳輸的數據包,然後分析它們以收集數據包的詳細信息,例如網絡、端口、協議、設備、網絡傳輸中的問題以及其他與網絡相關的信息。

Which of the following tools would Chandler employ to perform packet analysis?

Chandler 會使用以下哪種工具來執行數據包分析?

IDAPro

Omnipeek

Ettercap

Sharp

 

=046==

Eric is an incident responder and is working on developing incident-handling plans and procedures.

Eric 是一名事件響應人員,正在制定事件處理計劃和程序。

As part of this process, he is performing an analysis on the organizational network to generate a report and develop policies based on the acquired results.

作為這一過程的一部分,他正在對組織網絡進行分析,以生成報告並根據獲得的結果制定政策。

Which of the following tools will help him in analyzing his network and the related traffic?

以下哪一種工具將幫助他分析他的網絡和相關流量?

FaceNiff

Burp Suite

Wireshark

Whois

 

=047==

Zaimasoft, a prominent IT organization, was attacked by perpetrators who directly targeted the hardware and caused irreversible damage to the hardware.

Zaimasoft,一家知名 IT 公司,遭到了直接針對硬件的攻擊者的攻擊,並對硬件造成了不可逆的損害。

In result, replacing or reinstalling the hardware was the only solution.

結果,更換或重新安裝硬件是唯一的解決方案。

Identify the type of denial-of-service attack performed on Zaimasoft.

識別對 Zaimasoft 執行的拒絕服務攻擊類型。

DDoS

PRDoS

PDoS

DoS

 

=048==

A US Federal Agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks.

一家美國聯邦機構的網絡成為 DoS 攻擊的目標,這種攻擊阻止並削弱了網絡的正常授權功能。

According to the agency's reporting timeframe guidelines, this incident should be reported within 2 h of discovery/identification if the successful attack is still ongoing and the agency needs to successfully mitigate the activity.

根據該機構的報告時間框架指南,如果成功的攻擊仍在進行中,並且該機構需要成功減輕該活動,則應在發現/識別後的 2 小時內報告此事件。

In which incident category of US Federal Agencies does this incident belong to?

該事件屬於美國聯邦機構的哪一類事件?

CAT 6

CAT 5

CAT 3

CAT 1

 

=049==

Which of the following information security personnel handles incidents from management and technical point of view?

以下哪一位信息安全人員從管理和技術的角度處理事件?

Network administrators 網絡管理員

Incident manager (IM) 事件管理員 (IM)

Forensic investigators 鑑證調查員

Threat researchers 威脅研究員

 

=050==

During the vulnerability assessment phase, the incident responders perform various steps as below:

在漏洞評估階段,事件響應人員執行以下各種步驟:

1.Run vulnerability scans using tools使用工具運行漏洞掃描

2.Identify and prioritize vulnerabilities識別和優先處理漏洞

3.Examine available physical security檢查現有的物理安全

4.Perform OSINT information gathering to validate the vulnerabilities執行 OSINT 信息收集以驗證漏洞

5.Apply business and technology context to scanner results將業務和技術背景應用於掃描器結果

6.Document misconfigurations and human errors記錄錯誤配置和人為錯誤

7.Create a vulnerability scan report創建漏洞掃描報告

Identify the correct sequence of vulnerability assessment steps performed by the incident responders.識別事件響應人員執行的漏洞評估步驟的正確順序。

1243576

2154376

3142567

1324567

DDABB CCCBB

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容