ECIH_B_001-010

 =001==

XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach.

XYZ公司最近將其基礎設施轉移到Microsoft Azure，但不久後就遭遇了意外的數據洩漏事件。

The event led to confidential data being accessed by an unauthorized user.

該事件導致機密數據被未經授權的用戶訪問。

As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future.

作為新任命的EC-Council認證事件處理人員，您被要求改進事件響應策略，以防止未來發生此類安全事件。

What is the best course of action?

最佳行動方案是什麼？

·Activate Azure disk encryption for all data stored in the cloud.啟用Azure磁碟加密，對雲端中儲存的所有數據進行加密。

·Transition all operations to Azure private network to enhance control over data.將所有操作轉移到Azure私人網路，以增強對數據的控制。

·Implement Azure network security groups to limit access to resources.實施Azure網路安全群組，限制對資源的訪問。

·Set up Azure Security Center and enable just-in-time VM access.設置Azure安全中心並啟用即時虛擬機存取。

=002==

The CEO of a leading financial institution received a blackmail email containing highly confidential financial data.

一家領先金融機構的執行長收到了一封包含高度機密財務數據的勒索電子郵件。

The incident response (IR) team, utilizing cutting-edge digital forensics, pinpointed the attacker and prepared evidence for legal action.

事件響應（IR）小組利用最先進的數位取證技術，確定了攻擊者並準備了法律行動的證據。

They also conducted a thorough analysis of the breach and the existing security measures.

他們還對洩漏事件及現有的安全措施進行了徹底分析。

Based on their extensive investigation, what specific recommendations did the IR team most likely provide to the organization?

根據他們的全面調查，IR小組最有可能向組織提供哪些具體建議？

·Increase salaries of the executive team to boost morale提高高層管理團隊的薪水以提升士氣

·Expand the company's business into new markets將公司的業務擴展到新市場

·Invest in marketing to restore the brand image投資於行銷以恢復品牌形象

·Enhance security controls, offer training on security awareness, and implement continuous monitoring加強安全控制，提供安全意識培訓並實施持續監控

=003==

Alpha Tech's CISO received an alert regarding suspicious activity on multiple endpoints.

Alpha Tech 的首席資訊安全官（CISO）收到有關多個端點出現可疑活動的警報。

The symptoms aligned with a malware incident where data appeared to be exfiltrated to an external server.

這些症狀與一個惡意軟體事件相符，數據似乎被外流到外部伺服器。

Facing a potential crisis, the security team convened.

面對潛在的危機，安全團隊召開了會議。

Which containment strategy should they deploy first?

他們應該首先部署哪種遏制策略？

·Implement multi-factor authentication across all user accounts.在所有用戶帳戶中實施多因素認證。

·Notify the legal team and prepare a public statement.通知法律團隊並準備公開聲明。

·Roll back all systems to the last known good configuration.將所有系統回滾到最後一次已知的良好配置。

·Isolate the network segments showing the suspicious activity.隔離顯示可疑活動的網路區段。

=004==

In a hypothetical scenario, you are an EC-Council Certified Incident Handler (ECIH),

在一個假設情景中，您是 EC-Council 認證事件處理員（ECIH），

and you have been called to handle an incident at a large multinational corporation where a significant data breach has been detected.

並且被召喚去處理一家大型跨國公司發生的重大數據泄露事件。

The breach involves a cloud-hosted database containing sensitive client information.

這次泄露涉及一個雲端託管的數據庫，包含敏感的客戶信息。

You need to secure and document the crime scene.

您需要保護並記錄犯罪現場。

Which of the following steps is most appropriate as your first response?

以下哪個步驟最適合作為您的首次回應？

·Document the state of the cloud environment, including system logs and configurations.記錄雲環境的狀態，包括系統日誌和配置。

·Remotely login and shut down the compromised database to prevent further access.遠程登錄並關閉受損的數據庫以防止進一步訪問。

·Begin with a comprehensive network traffic analysis to identify the source of the breach.開始進行綜合網絡流量分析以確定泄露源。

·Immediately inform all clients about the breach and the potential loss of data.立即通知所有客戶有關洩漏和潛在數據丟失的情況。

=005==

You are the cloud security incident response manager for a large organization.

您是某大型組織的雲端安全事件響應經理。

Your team has identified a potential security incident in the cloud environment.

您的團隊已經確認雲環境中發生了潛在的安全事件。

Upon investigation, you find that an unauthorized individual gained access to a critical database containing sensitive customer information.

經過調查，您發現有未經授權的個人訪問了包含敏感客戶信息的關鍵數據庫。

What is the MOST appropriate immediate action to take?

最適當的立即行動是什麼？

·Collect evidence and preserve logs for forensic analysis.收集證據並保留日誌以進行取證分析。

·Engage the organization's legal team to assess potential liability and regulatory obligations.聘請組織的法律團隊以評估潛在責任和法規義務。

·Notify affected customers and guide them on protecting their personal information.通知受影響的客戶並指導他們保護個人信息。

·Shut down the compromised database server to prevent further unauthorized access.關閉受損的數據庫伺服器以防止進一步的未授權訪問。

=006==

An employee in the finance department accesses confidential financial data outside of their job duties.

財務部門的一名員工訪問了其工作職責之外的機密財務數據。

What is the most effective way to prevent this type of insider threat?

防止這種內部威脅的最有效方法是什麼？

·Educate employees on the consequences of violating company policies.教育員工有關違反公司政策的後果。

·Conduct regular background checks on all employees.對所有員工進行定期背景調查。

·Increase monitoring and surveillance of employee activity.增加對員工活動的監控和監視。

·Implement role-based access controls and limit access to sensitive data.實施基於角色的訪問控制並限制訪問敏感數據。

=007==

A company's network experiences a distributed denial-of-service (DDoS) attack, causing significant disruption to its online services.

一家公司網絡遭受分散式阻斷服務（DDoS）攻擊，導致其在線服務嚴重中斷。

What is the best course of action for the incident response team in this scenario?

在這種情況下，最佳的事件響應措施是什麼？

·Identify the origin of the DDoS attack and pursue legal action against the attackers.確定 DDoS 攻擊的源頭並對攻擊者採取法律行動。

·Implement additional network security measures to prevent future DDoS attacks.實施額外的網絡安全措施以防止未來的 DDoS 攻擊。

·Utilize a robust DDoS mitigation solution to filter and block malicious traffic.使用強大的 DDoS 緩解解決方案來過濾和阻止惡意流量。

·Promptly inform senior management and relevant stakeholders about the ongoing attack.迅速通知高級管理層和相關利益相關者有關攻擊的最新情況。

=008==

After identifying a compromised workstation at CyberFirm Inc.,

在確認 CyberFirm Inc. 的一個工作站被攻破後，

the incident handling team needs to transport the physical evidence to a secure location.

事件處理團隊需要將實體證據運送到安全位置。

What is the primary consideration during this phase?

在這個階段主要考慮的是什麼？

·Ensure that the device is connected to the internet to monitor ongoing malicious activities.確保設備連接到互聯網以監控正在進行的惡意活動。

·Immediately start analyzing the evidence to understand the extent of the compromise.立即開始分析證據以了解妥協的範圍。

·Transport the evidence without its power source to avoid tampering.在不斷電的情況下運送證據以避免篡改。

·Label the device with its original location, handler's name, date, and time.標記設備的原始位置、處理者的姓名、日期和時間。

=009==

While handling and responding to a potential web application security incident,

在處理和應對潛在的網絡應用程序安全事件時，

you are required to conduct a vulnerability scan of your website.

您需要對您的網站進行漏洞掃描。

As an EC-Council Certified Incident Handler(ECIH),

作為 EC-Council 認證事件處理員（ECIH），

which of the following steps is NOT part of the process of performing web application vulnerability scanning using Acunetix Web Vulnerability Scanner(WVS)?

以下哪一項不是使用 Acunetix 網絡漏洞掃描器（WVS）進行網絡應用漏洞掃描過程的一部分？

·Use the built-in HTTP Editor and HTTP Fuzzer of Acunetix WVS to manually test and validate potential vulnerabilities before scanning.使用 Acunetix WVS 的內建 HTTP 編輯器和 HTTP Fuzzer 來手動測試並驗證潛在漏洞。

·After scanning, view vulnerabilities, analyze their details, and formulate a plan to fix them.掃描後，查看漏洞，分析詳情，並制定修復計劃。

·Perform a full scan, select OWASP Top 10 2017 from the report, and schedule the scan instantly.執行全面掃描，選擇報告中的 OWASP Top 10 2017，並立即安排掃描。

·Install Acunetix WVS on a Windows 10 virtual machine and log in with the provided credentials.在 Windows 10 虛擬機上安裝 Acunetix WVS 並使用提供的憑證登錄。

=010==

A leading tech firm is reassessing its incident response strategy following a series of cyber-attacks.

一家領先的技術公司正在重新評估其事件響應策略，以應對一系列的網絡攻擊。

The Incident Response Team has proposed to fine-tune the plan to better adapt to evolving threats.

事件響應團隊提出了細化計劃的建議，以更好地適應不斷演變的威脅。

The focus is on reducing response time while accurately assessing the nature and impact of various incidents.

重點是縮短響應時間，同時準確評估各種事件的性質和影響。

In this context, which of the following methods would be the MOST suitable to apply within the incident response and handling process?

在這種情況下，以下哪種方法最適合應用於事件響應和處理過程？

·Focus on implementing static rules in the Security Information and Event Management (SIEM) system and follow a rigid set of predefined response protocols, irrespective of incident complexity.專注於在安全信息和事件管理（SIEM）系統中實施靜態規則，並遵循一套預定義的響應協議，無論事件的複雜性如何。

·Integrate a robust threat intelligence system, fostering collaboration between teams, and aligning incident response to the organization's risk appetite and overall business objectives.整合強大的威脅情報系統，促進團隊之間的合作，並使事件響應與組織的風險承受能力和整體業務目標保持一致。

·Utilize automated Threat detection tools exclusively, minimizing human involvement to lower response time and apply AI-driven log analysis.專門使用自動化威脅檢測工具，將人工干預降到最低，降低響應時間並應用 AI 驅動的日誌分析。

·Prioritize the immediate containment of incidents, even before analyzing their nature, by shutting down affected systems and ignoring potential secondary consequences.優先考慮事件的立即遏制，即使在分析其性質之前，也要通過關閉受影響的系統並忽略潛在的次要後果。                                                                                                                                                DDDAD DCDAB