跳到主要內容

ECIH_A_051-060

 =051==

In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized?

在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序?

A. Incident triage, 事件分類

B. Notification, 通知

C. Incident recording and assignment, 事件記錄和分配

D. Containment, 控制

 

=052==

Browser data can be used to access various credentials.

瀏覽器數據可以用來訪問各種憑證。

Which of the following tools is used to analyze the history data files in Microsoft Edge browser?

以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件?

A. MZHistoryView

B. BrowsingHistoryView

C. ChromeHistoryView

D. MZCacheView

 

=053==

Eve is an incident handler in ABC organization.

Eve ABC 組織的事件處理人員。

One day, she got a complaint about an email hacking incident from one of the employees of the organization.

有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。

As an incident handler, Eve follows a set of recovery steps in order to recover from the incident impact and maintain business continuity.

作為事件處理人員,Eve 遵循一系列恢復步驟,以從事件影響中恢復並維持業務連續性。

What is the first step that she must do to secure the employee's account?

她必須做的第一步是什麼,以確保員工的帳戶安全?

A. Disabling automatic file sharing between the systems, 禁用系統之間的自動文件共享

B. Audit the email access and change the password, 審核電子郵件訪問並更改密碼

C. Enable sending alerts and notifications in all the emails, 啟用所有電子郵件的警報和通知發送

D. Enable two-factor authentication, 啟用雙因素身份驗證

 

=054==

John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website which looks like the original website.

John 是一名專業駭客,他正在對目標組織進行攻擊,試圖在 IP 地址和目標伺服器之間重定向連接,這樣當用戶輸入互聯網地址時,它會將他們重定向到看起來像原始網站的流氓網站。

He tries this attack using cache poisoning technique.

他使用快取中毒技術嘗試此攻擊。

Identify the type of attack John is performing on the target organization.

確定 John 對目標組織進行的攻擊類型。

A. Pharming, 網路釣魚

B. Skimming, 偷刷

C. War driving, 駕車搜尋

D. Pretexting, 假借理由

 

=055==

Dash wants to perform a DDoS attack over 256 target URLs simultaneously.

Dash 想要同時對256個目標網址進行DDoS攻擊。

Which of the following tools can Dash employ to achieve his objective?

以下哪種工具可以幫助 Dash 實現他的目標?

A. Ollydbg

B. IDAPro

C. HOIC

D. OpenVAS

 

=056==

Andrew, an incident responder, is performing risk assessment of the client organization.

Andrew 是一名事件響應人員,正在對客戶組織進行風險評估。

As a part of the risk assessment process, he identified the boundaries of the IT systems, along with the resources and the information present in the system.

作為風險評估過程的一部分,他確定了 IT 系統的邊界以及系統中存在的資源和信息。

Identify the risk assessment step Andrew is performing.

確定 Andrew 正在進行的風險評估步驟。

A. Likelihood determination, 可能性判定

B. System characterization, 系統特徵描述

C. Control analysis, 控制分析

D. Control recommendations, 控制建議

 

=057==

Marley was asked by his incident handling and response (IH&R) team lead to collect volatile data such as system information and network information present in the registries, cache, and RAM of victim's system.

Marley 被他的事件處理和響應 (IH&R) 團隊領導要求收集揮發性數據,如受害者系統的註冊表、快取和 RAM 中存在的系統信息和網絡信息。

Identify the data acquisition method Marley must employ to collect volatile data.

確定 Marley 必須使用的數據採集方法以收集揮發性數據。

A. Live data acquisition, 即時數據採集

B. Validate data acquisition, 驗證數據採集

C. Remote data acquisition, 遠程數據採集

D. Static data acquisition, 靜態數據採集

 

=058==

The following steps describe the key activities in forensic readiness planning:

以下步驟描述了法證準備計劃中的關鍵活動:

1.Train the staff to handle the incident and preserve the evidence訓練員工處理事件和保護證據

2.Deploy processes for documenting the procedure部署文件記錄流程

3.Determine the potential evidence required for an incident確定事件所需的潛在證據

4.Establish a secure evidence storage location建立安全的證據存儲位置

5.Identify the source of the evidence involved in the investigation process確定調查過程中涉及的證據來源

6.Establish chain of custody handling建立證據鏈處理

7.Develop policy for securely handling and storing the collected evidence制定安全處理和存儲收集證據的政策

8.After a risk context determines the pathway to legally extract the evidence with minimal disruption在風險環境確定後,制定合法提取證據並最小化干擾的途徑

Identify the correct sequence of steps involved in forensic readiness planning.

確定法證準備計劃中涉及步驟的正確順序。

A. 1->2->3->4->5->6->7->8, 1->2->3->4->5->6->7->8

B. 1->3->5->7->2->6->4->8, 1->3->5->7->2->6->4->8

C. 1->4->3->5->2->8->6->7, 1->4->3->5->2->8->6->7

D. 1->5->2->3->4->6->7->8, 1->5->2->3->4->6->7->8

=059==

Jacob is an employee in Dolphin Investment firm.

Jacob Dolphin Investment 公司的員工。

While he was on his duty, he identified that his computer is facing some problems and he wanted to convey the issue to the respective authority in his organization.

在執行職務時,他發現他的電腦遇到了一些問題,他想將問題告知公司相關部門。

But currently this organization does not have a ticketing system to address such types of issues.

但目前該組織沒有用於處理此類問題的票務系統。

In the above scenario, which of the following ticketing systems can be employed by the Dolphin Investment firm to allow Jacob to raise the issue in order to let the respective team take the incident?

在上述情況下,Dolphin Investment 公司可以使用以下哪種票務系統,讓 Jacob 提出問題以便相關團隊處理事件?

A. ThreatConnect

B. IBM XForce Exchange

C. ManageEngine ServiceDesk Plus

D. MISP

 

=060==

Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user's information and system.

確定偽裝成無害程序並使攻擊者不受限制地訪問用戶信息和系統的惡意程序。

These programs may unleash dangerous payloads that may erase the unsuspecting user’s disk and send the victim’s credit card numbers and passwords to a stranger.

這些程序可能會釋放危險的有效負載,可能會刪除毫無戒心的用戶的磁碟,並將受害者的信用卡號碼和密碼發送給陌生人。

A. Bot, 機器人

B. Adware, 廣告軟體

C. Worm, 蠕蟲

D. Trojan, 木馬

ABBAC BABDD

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容