跳到主要內容

ECIH_B_011-020

 =011==

PetroMax, an energy conglomerate, recently identified multiple employees receiving emails with malicious attachments.

能源集團 PetroMax 最近發現多名員工收到帶有惡意附件的電子郵件。

Initial analysis pointed towards a targeted spear-phishing campaign.

初步分析指向一場有針對性的魚叉式網絡釣魚活動。

In such a scenario, what immediate step should PetroMax take to contain the threat?

在這種情況下,PetroMax 應該採取什麼立即措施來遏制威脅?

·Shut down the corporate email server temporarily.暫時關閉公司電子郵件伺服器。

·Format and reinstall systems of users who opened the malicious attachment.格式化並重新安裝打開惡意附件的用戶系統。

·Roll out a security awareness campaign to educate employees.推廣安全意識活動以教育員工。

·Block the sending email addresses and domains associated with the campaign.阻止與此活動相關的發送電子郵件地址和域名。

=012==

As a Certified Incident Handler, you have been tasked with performing web application vulnerability scanning for your organization’s website.

作為一名認證事件處理員,您被指派對您組織的網站進行 Web 應用程式漏洞掃描。

During the scanning process with Acunetix Web Vulnerability Scanner (WVS), a vulnerability titled "Possible database backup vulnerability" was identified.

在使用 Acunetix Web Vulnerability Scanner (WVS) 進行掃描的過程中,發現了一個標題為「可能的資料庫備份漏洞」的漏洞。

After analyzing the details, which of the following steps should be your immediate action to mitigate the risk of this identified vulnerability?

在分析細節後,以下哪個步驟應該是您立即採取的行動,以減輕這個已識別漏洞的風險?

·Implement the recommendations provided by the Acunetix WVS to fix the vulnerability.實施 Acunetix WVS 提供的建議來修復漏洞。

·Download the report in PDF format and review the complete report before taking any action. PDF 格式下載報告並在採取任何行動前審查完整報告。

·Proceed with the scanning of other potential vulnerabilities without taking any action on the identified vulnerability.繼續掃描其他潛在漏洞,而不對已識別的漏洞採取任何行動。

·Run the HTTP Fuzzer tool to validate the potential vulnerability.運行 HTTP Fuzzer 工具以驗證潛在漏洞。

=013==

ABC Inc. recently transitioned to AWS cloud infrastructure, but soon after the shift, the company experienced an intrusion resulting in unauthorized data access.

ABC 公司最近轉換到 AWS 雲基礎設施,但在轉換後不久,公司經歷了一次入侵,導致未經授權的數據訪問。

As an EC-Council Certified Incident Handler, you're assigned to strengthen their incident response capabilities against potential future security incidents.

作為 EC-Council 認證事件處理員,您被指派加強他們針對潛在未來安全事件的事件響應能力。

What would be the most effective method to implement?

最有效的實施方法是什麼?

·Configure the AWS WAF and associate it with an Amazon Cloud Front distribution.配置 AWS WAF 並將其與 Amazon Cloud Front 發佈關聯。

·Implement the AWS Network Firewall to block unwanted traffic.實施 AWS 網絡防火牆以阻止不需要的流量。

·Encrypt all data at rest in AWS S3 buckets. AWS S3 存儲桶中的所有靜態數據進行加密。

·Enable Amazon CloudWatch for log monitoring and anomaly detection.啟用 Amazon CloudWatch 進行日誌監控和異常檢測。

=014==

Sarah, an employee at a company, feels frustrated and resentful due to a hostile work environment and perceived unfair treatment.

Sarah 是公司的一名員工,因為敵對的工作環境和被認為的不公平待遇感到沮喪和怨恨。

She decides to attack the organization’s systems as a means of retaliation.

她決定攻擊組織的系統以進行報復。

What is the driving force behind Sarah's insider attack?

推動 Sarah 內部攻擊的動機是什麼?

·Work-related Grievance.與工作有關的申訴

·Chanlenge挑戰

·Hacktivism駭客行動主義

·Corporate Espionage企業間諜活動

=015==

You are the Azure security incident response lead for a multinational organization.

您是跨國組織的 Azure 安全事件響應負責人。

Your team has detected suspicious activity in one of the Azure subscriptions.

您的團隊在其中一個 Azure 訂閱中檢測到可疑活動。

Upon investigation, you find that an unauthorized user has gained access to a virtual machine (VM) running a critical application.

經調查,您發現未經授權的用戶已獲得運行關鍵應用程式的虛擬機(VM)的訪問權限。

What is the MOST appropriate immediate action to take?

最合適的立即採取行動是什麼?

·Disconnect the compromised VM from the network to prevent further unauthorized access.將受損的虛擬機從網絡中斷開,以防止進一步的未經授權訪問。

·Preserve the volatile memory of the compromised VM for forensic analysis.保存受損虛擬機的易失性記憶體以進行法證分析。

·Notify Azure support and request assistance in containing and investigating the incident.通知 Azure 支援並請求協助遏制和調查事件。

·Change the credentials of all user accounts associated with the Azure subscription.更改與該 Azure 訂閱相關的所有用戶帳戶的憑證。

=016==

In the aftermath of a cybersecurity incident at TechGuard Ltd, the response team identified a USB drive suspected of containing malicious code.

TechGuard Ltd 發生網絡安全事件後,響應團隊發現了一個懷疑包含惡意代碼的 USB 驅動器。

To preserve its integrity for forensic analysis, what should the team do?

為了保持其完整性以進行法證分析,團隊應該做什麼?

·Connect it to a sandboxed environment to check its contents.將其連接到沙箱環境以檢查其內容。

·Store it in an anti-static bag, ensuring its well-labeled and sealed.將其存放在防靜電袋中,確保標籤清晰且密封良好。

·Copy the contents to a secure server for backup.將內容複製到安全伺服器進行備份。

·Format the USB drive to remove any malware.格式化 USB 驅動器以刪除任何惡意軟件。

=017==

An organization's network has just suffered a significant breach.

一個組織的網絡剛剛遭受了重大漏洞。

As an EC-Council Certified Incident Handler, you have been called in to secure and document the crime scene.

作為 EC-Council 認證事件處理員,您被召來確保並記錄犯罪現場。

Which of the following actions would be your primary focus to avoid contaminating the digital evidence?

以下哪一項行動應該是您避免污染數字證據的主要重點?

·Install the latest patches and update the antivirus on all affected systems.在所有受影響的系統上安裝最新補丁並更新防病毒軟件。

·Document the original state of the system before shutting it down for analysis.在關閉系統進行分析之前記錄系統的原始狀態。

·Disconnect all compromised machines from the network immediately.立即斷開所有受損機器的網絡連接。

·Notify all employees in the organization about the breach for transparency.通知組織中的所有員工有關漏洞的透明度。

=018==

An incident handler is performing security scanning on an Ubuntu Linux system using buck-security to identify potential vulnerabilities.

一名事件處理員正在使用 buck-security Ubuntu Linux 系統進行安全掃描,以識別潛在漏洞。

The handler runs the command "/buck-security" and receives a list of warning messages.

處理員運行命令 "/buck-security" 並收到一系列警告消息。

Among the warnings, the handler finds an issue under the [3] CHECK firewall: Check firewall policies section.

在這些警告中,處理員在 [3] 檢查防火牆:檢查防火牆策略部分發現了一個問題。

Considering the handler's main objective is to validate and classify the security incident, what should be their next course of action?

考慮到處理員的主要目的是驗證和分類安全事件,他們下一步應該採取什麼行動?

·The handler should immediately start fixing the identified firewall policy issues.處理員應立即開始修復已識別的防火牆策略問題。

·The handler should ignore the warnings as the issue pertains only to firewall policies.處理員應忽略這些警告,因為問題僅與防火牆策略有關。

·The handler should document the findings and correlate them with other indicators for incident validation.處理員應記錄發現並將其與其他指標相關聯以進行事件驗證。

·The handler should perform further analysis of the logs from the Syslog derver.處理員應對來自Syslog伺服器的日誌進行進一步分析。

=019==

You are the Azure security incident response lead for a large organization.

您是一家大型組織的 Azure 安全事件響應負責人。

Your team has identified a potential security incident in one of the Azure subscriptions.

您的團隊在其中一個 Azure 訂閱中發現了潛在的安全事件。

Upon investigation, you find that an unauthorized user has gained access to an Azure Storage account containing sensitive data.

經調查,您發現未經授權的用戶已獲得包含敏感數據的 Azure 存儲帳戶的訪問權限。

What is the MOST appropriate immediate action to take?

最合適的立即採取行動是什麼?

·Notify the organizations data protection officer (DPO) and initiate a data breach assessment.通知組織的數據保護官 (DPO) 並啟動數據洩露評估。

·Enable Azure Security Center to enhance monitoring and threat detection.啟用 Azure 安全中心以加強監控和威脅檢測。

·Disable access keys for the compromised Azure Storage account.禁用受損 Azure 存儲帳戶的訪問密鑰。

·Create a backup of the compromised Azure Storage account for forensic analysis.為受損的 Azure 存儲帳戶創建備份以進行法證分析。

=020==

During a routine security assessment at SoftTech, a major software development company, a series of suspicious email transmissions were flagged from a senior executive's account to an external domain.

SoftTech 這家主要軟件開發公司進行例行安全評估期間,發現從高級主管帳戶發送到外部域的一系列可疑電子郵件。

Preliminary investigations suggest that the emails contained critical IP details.

初步調查顯示這些電子郵件包含關鍵的知識產權細節。

To identify the cause and extent of this compromise, what should be the primary action?

為了確定此次泄露的原因和範圍,應採取什麼主要行動?

·Coordinate with the external domain to retrieve the sent emails.與外部域協調以檢索已發送的電子郵件。

·Enforce immediate password resets for all senior executive accounts.立即強制重置所有高級主管帳戶的密碼。

·Conduct a forensic examination of the affected email account's recent activities.對受影響的電子郵件帳戶的最近活動進行法證檢查。

·Send an alert to all staff members about potential phishing threats.向所有員工發出有關潛在網絡釣魚威脅的警報。                                                                                                                                                    

 

 

 

 

 

 

 

 

DDDAA BBCCC

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容