跳到主要內容

ECIH_A_071-080

 =071==

Which of the following GPG18 and Forensic readiness planning (SPF) principles states that "organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business"?

以下哪一項GPG18和鑑識準備計劃(SPF)原則指出,“組織應採用基於情境的鑑識準備計劃方法,從業務中獲得的經驗中學習”?

A. Principle 3 原則3

B. Principle 5 原則5

C. Principle 2 原則2

D. Principle 7 原則7

=072==

An attacker uncovered websites a target individual was frequently surfing.

攻擊者發現了一個目標個體經常瀏覽的網站。

The attacker then tested those particular websites to identify possible vulnerabilities.

然後,攻擊者測試了這些特定網站以識別可能的漏洞。

After detecting vulnerabilities within a website, the attacker started injecting malicious script/code into the web application that would redirect the webpage and download the malware onto the victim’s machine.

在發現網站漏洞後,攻擊者開始向網頁應用程式注入惡意腳本/代碼,這些代碼會重定向網頁並將惡意軟體下載到受害者的機器上。

After infecting the vulnerable web application, the attacker waited for the victim to access the infected web application.

在感染了易受攻擊的網頁應用程式後,攻擊者等待受害者訪問受感染的網頁應用程式。

Identify the type of attack performed by the attacker.

識別攻擊者執行的攻擊類型。

A. Watering hole 水坑攻擊

B. Cookie/Session poisoning Cookie/會話中毒

C. Obfuscation application 混淆應用程式

D. Directory traversal 目錄遍歷

=073==

Ross is an incident manager (IM) and his team provides support to all users in the organization that are affected by the threat or attack.

Ross是一名事件經理(IM),他的團隊為組織中受威脅或攻擊影響的所有用戶提供支援。

David, who is the organizational internal auditor, is also part of the Ross’s incident response team.

David是組織內部審計師,也是Ross的事件響應團隊的一員。

Among the following duties, identify one of the responsibilities of David.

在以下職責中,確定David的一項責任。

A. Configure information security controls 配置信息安全控制

B. Coordinate incident containment activities with the information security officer (ISO) 與信息安全官員(ISO)協調事件控制活動

C. Perform the necessary action required to block the network traffic from the suspected intruder 執行必要的操作以阻止來自可疑入侵者的網絡流量

D. Identify and report security loopholes to management for necessary action 識別並向管理層報告安全漏洞以便採取必要行動

=074==

Alice is a disgruntled employee.

Alice是一名心懷不滿的員工。

She decided to acquire critical information from her organization for personal benefit.

她決定從組織獲取關鍵信息以謀取個人利益。

To accomplish this, Alice started running a virtual machine on the same physical host as her victim’s virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/pain text secrets) from the victim machine.

為此,Alice開始在與受害者的虛擬機器相同的物理主機上運行虛擬機器,並利用共享的物理資源(處理器快取)從受害者機器中竊取數據(加密密鑰/明文秘密)。

Identify the type of attack Alice is performing in the above scenario.

識別Alice在上述情況下執行的攻擊類型。

A. Service hijacking 服務劫持

B. Man-in-the-cloud attack 雲端中間人攻擊

C. SQL injection attack SQL注入攻擊

D. Side channel attack 側信道攻擊

=075==

A computer virus hoax is a message warning the recipient of a non-existent computer virus threat.

計算機病毒惡作劇是一條警告接收者關於不存在的計算機病毒威脅的消息。

The message may claim that a chain-email that tells the recipient to forward it to everyone they know.

該消息可能聲稱是一封鏈式電子郵件,要求接收者將其轉發給他們認識的所有人。

Which of the following are the two types of hoax virus message?

以下哪兩種是病毒惡作劇消息的類型?

A. The message warns to delete certain files if the user does not take appropriate action 如果用戶不採取適當行動,該消息會警告刪除某些文件

B. The message tricks the user by indicating it was caught by SPAM filters due to change in their settings 該消息通過指示它因設置變更而被SPAM過濾器捕獲來欺騙用戶

C. The message convinces the user to add the sender to his/her email contact list and gain monetary benefits 該消息說服用戶將發送者添加到其電子郵件聯繫人列表中並獲得金錢利益

D. The message prompts the user to install Anti-virus 該消息提示用戶安裝防病毒軟件

=076==

Alexis is working as an incident responder in XYZ organization.

AlexisXYZ組織中擔任事件響應者。

She was asked to identify and attribute the actors behind an attack that took place recently.

她被要求識別並歸因於最近發生的一次攻擊背後的行為者。

In order to do so, she is performing threat attribution that deals with the identification of the specific person, society, or country sponsoring a well-planned and executed intrusion or attack on its target.

為此,她正在進行威脅歸因,處理對贊助有計劃且執行良好的入侵或攻擊的特定個人、社會或國家的識別。

Which of the following types of threat attributions has Alexis performed?

Alexis執行了以下哪種類型的威脅歸因?

A. Campaign attribution 活動歸因

B. True attribution 真實歸因

C. Nation-state attribution 國家歸因

D. Intrusion-set attribution 入侵集歸因

=077==

QualTech Solutions is a leading security services enterprise.

QualTech Solutions是一家領先的安全服務企業。

Dickson works as an incident responder with them.

Dickson在該公司擔任事件響應者。

He is performing a vulnerability assessment to identify the security problems in the network, using tools to identify the hosts, services, and vulnerabilities present in the enterprise network.

他正在進行漏洞評估,以識別網絡中的安全問題,使用工具來識別企業網絡中的主機、服務和漏洞。

Based on the above scenario, identify the type of vulnerability assessment performed by Dickson.

根據上述情況,確定Dickson進行的漏洞評估類型。

A. External assessment 外部評估

B. Internal assessment 內部評估

C. Passive assessment 被動評估

D. Active assessment 主動評估

=078==

Which of the following digital evidence is temporarily stored on a digital device that requires a constant power supply and is deleted if the power supply is interrupted?

以下哪項數位證據臨時存儲在數位設備上,需要持續供電,如果電源中斷則被刪除?

A. Event logs 事件日誌

B. Process memory 處理器記憶體

C. Slack space 空閒空間

D. Swap file 交換檔案

=079==

Which of the following terms refers to an organization’s ability to make optimal use of digital evidence in a limited period of time and with minimal investigation costs?

以下哪個術語指的是組織在有限的時間內以最少的調查成本最佳利用數位證據的能力?

A. Risk assessment 風險評估

B. Data analysis 數據分析

C. Threat assessment 威脅評估

D. Forensic readiness 鑑識準備

=080==

Farheen is an incident responder at reputed IT Firm based in Florida.

Farheen是佛羅里達州一家知名IT公司的事件響應者。

Farheen was asked to investigate a recent cybercrime faced by the organization.

Farheen被要求調查公司最近遭遇的一起網絡犯罪。

As part of this process, she collected static data from a victim system.

作為該過程的一部分,她從受害者系統中收集了靜態數據。

She used dd, a commandline tool, to perform forensic duplication to obtain an NTFS image of the original disk.

她使用命令行工具dd進行鑑識複製以獲取原始磁碟的NTFS映像。

She created a sector-by-sector mirror imaging of the disk and saved the output image file as evidence.

她創建了磁碟的扇區鏡像並將輸出映像文件保存為證據。

Identify the static data collection process step performed by Farheen while collecting static data.

識別Farheen在收集靜態數據時執行的靜態數據收集過程步驟。

A. Physical presentation 物理呈現

B. Administrative consideration 行政考量

C. System preservation 系統保存

D. Comparison 比較

答案 BBDDB CBBDC

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容