跳到主要內容

ECIH_B_021-030

 =21==

An EC-Council Certified Incident Handler (ECIH) is dispatched to manage a cyber incident at a multinational firm where a ransomware attack has encrypted critical data.

一位EC-Council認證事件處理人員(ECIH)被派遣到一家跨國公司處理一個網絡事件,該公司遭受了勒索軟體攻擊,導致關鍵數據被加密。

While preserving the evidence, the handler discovered a suspicious email attachment on an affected system.

在保留證據的同時,處理人員在受影響的系統上發現了一個可疑的電子郵件附件。

What should be the handler's next step?

處理人員接下來應該怎麼做?

Reply to the suspicious email to negotiate with the attackers.

回覆可疑的電子郵件與攻擊者談判。

Open the attachment on the affected system for instant analysis.

在受影響的系統上打開附件以進行即時分析。

Delete the email and its attachments from the affected system.

從受影響的系統中刪除電子郵件及其附件。

Transfer the suspicious email and attachments to a digital forensics' lab.

將可疑的電子郵件和附件轉移到數位鑑識實驗室。

=22==

A company's HR department receives a tip that an employee is planning to steal confidential information and sell it to a competitor.

一家公司的人力資源部門收到一個提示,稱有員工計劃竊取機密信息並將其出售給競爭對手。

What is the best course of action for the company's incident response team to mitigate the risk of an insider threat in this scenario?

在這種情況下,公司事件響應團隊應該採取什麼最佳行動來減輕內部威脅的風險?

Restrict the employee’s access to confidential information and systems.

限制該員工對機密信息和系統的訪問權限。

Conduct a thorough investigation of the employee and their potential motives.

對該員工及其潛在動機進行全面調查。

Immediately terminate the employee’s employment to prevent any further risk.

立即終止該員工的僱用以防止進一步風險。

Select the employee’s network threats and communications to detect any suspicious behavior.

選擇該員工的網絡威脅和通信以檢測任何可疑行為。

=23==

The security team at a multinational company has noticed a few unusual activities on their web applications and suspects potential SQL injection and XSS attacks.

一家跨國公司的安全團隊注意到其網絡應用程序上有一些異常活動,懷疑可能存在SQL注入和XSS攻擊。

The incident handler is tasked with identifying and analyzing these incidents.

事件處理人員的任務是識別和分析這些事件。

Which of the following options would best enable the incident handler to detect and analyze the suspected attacks in this scenario?

在這種情況下,下列哪一選項能最好地幫助事件處理人員檢測和分析可疑攻擊?

Manual review of IIS server logs for SQL injection and XSS attack patterns.

手動審查IIS服務器日誌以檢查SQL注入和XSS攻擊模式。

Use of a network-based intrusion detection system (IDS) to detect any anomalies in network traffic.

使用基於網絡的入侵檢測系統(IDS)來檢測網絡流量中的任何異常。

Running a vulnerability scan on the web application to detect any potential weak points that could be exploited by an attacker.

對網絡應用程序進行漏洞掃描以檢測任何可能被攻擊者利用的潛在弱點。

Deployment of a Web Application Firewall (WAF) such as dotDefender to detect, block, and log SQL injection and XSS attacks.

部署網絡應用防火牆(WAF),如dotDefender,以檢測、阻止和記錄SQL注入和XSS攻擊。

=24==

A financial institution has recently suffered a major security incident.

一家金融機構最近遭受了重大安全事件。

The incident was traced back to a malicious mobile application installed on the personal device of a senior executive, which was used for accessing corporate resources.

事件追溯到安裝在一位高級管理人員的個人設備上的惡意移動應用程序,該應用程序被用來訪問企業資源。

As a certified incident handler, your immediate task is to mitigate such threats in the future.

作為認證的事件處理人員,您立即的任務是減輕未來此類威脅。

What step would you prioritize?

您會優先考慮哪一步?

Encourage all executives to only use corporate-owned devices for work purposes.

鼓勵所有管理人員僅使用公司擁有的設備進行工作。

Install an advanced mobile device management solution on all personal devices accessing corporate resources.

在所有訪問公司資源的個人設備上安裝先進的移動設備管理解決方案。

Implement strict rules disallowing the use of personal devices to access corporate resources.

實施嚴格規定,不允許使用個人設備訪問公司資源。

Mandate the use of antivirus solutions on all personal devices accessing corporate resources.

強制要求所有訪問公司資源的個人設備使用防病毒解決方案。

=25==

As an EC-Council Certified Incident Handler (ECIH), you have been assigned to handle a malware incident in a large organization.

作為一名EC-Council認證事件處理人員(ECIH),您被指派處理一家大公司的惡意軟體事件。

You have noticed that the malware initiates at system bootup and runs in the background without the user’s knowledge.

您注意到該惡意軟體在系統啟動時啟動,並在用戶不知情的情況下在背景運行。

You have access to tools like WinPatrol and Driver Booster.

您可以使用WinPatrolDriver Booster等工具。

What should be your immediate course of action?

您應該採取的立即措施是什麼?

Use WinPatrol to analyze running tasks and end any suspicious tasks.

使用WinPatrol分析運行的任務並結束任何可疑的任務。

Use Driver Booster to scan for outdated drivers and update them immediately.

使用Driver Booster掃描過時的驅動程序並立即更新。

Use WinPatrol to monitor startup programs and control the execution of potentially malicious programs.

使用WinPatrol監控啟動程序並控制潛在惡意程序的執行。

Monitor the system device drivers using Driver Booster to detect any malicious activities.

使用Driver Booster監控系統設備驅動程序以檢測任何惡意活動。

=26==

As an incident handler, you received an email that appeared suspicious.

作為事件處理人員,您收到一封看起來可疑的電子郵件。

You performed an email header analysis using the online tool xToolbox.

您使用在線工具xToolbox進行了電子郵件標頭分析。

The results showed "SPF Authenticated as Failed," "DKIM Authenticated as Failed," "SPF Alignment as Pass," and "DKIM Alignment as Pass."

結果顯示“SPF身份驗證失敗”,“DKIM身份驗證失敗”,“SPF對齊通過”,和“DKIM對齊通過”。

According to these results, which of the following conclusions is most accurate?

根據這些結果,下列哪一結論最準確?

The email is likely safe because SPF alignment passed, even though DKIM authentication failed.

該電子郵件可能是安全的,因為SPF對齊通過,儘管DKIM身份驗證失敗。

The email is likely malicious because SPF and DKIM authentications both failed.

該電子郵件可能是惡意的,因為SPFDKIM身份驗證都失敗。

The email is likely malicious because SPF authentication failed but safe because DKIM alignment passed.

該電子郵件可能是惡意的,因為SPF身份驗證失敗,但由於DKIM對齊通過,因此是安全的。

The email is safe and legitimate because the SPF and DKIM alignments both passed.

該電子郵件是安全且合法的,因為SPFDKIM對齊都通過。

=27==

A leading manufacturing company with an extensive IoT network detects suspicious activity that appears to be an unauthorized access attempt.

一家領先的製造公司擁有廣泛的物聯網網絡,檢測到看似未經授權的訪問嘗試。

This incident could potentially disrupt manufacturing processes, lead to intellectual property theft, and have far-reaching financial impacts.

此事件可能會中斷製造過程,導致知識產權盜竊,並產生深遠的財務影響。

In this intricate and highly interconnected environment of this IoT-based security incident, what is the first step in the incident response process for handling this situation?

在這個複雜且高度互聯的物聯網基礎安全事件環境中,處理這種情況的事件響應過程中的第一步是什麼?

Immediately terminate all employees suspected of involvement.

立即終止所有涉嫌參與的員工。

Notify law enforcement to warn competitors.

通知執法部門警告競爭對手。

Begin with a detailed incident investigation, prioritization, and forming an appropriate response strategy.

從詳細的事件調查、優先級排序開始,並制定適當的應對策略。

Sell off the compromised IoT devices to minimize financial loss.

出售受損的物聯網設備以減少財務損失。

=28==

Your organization uses the Google Cloud Platform for its operations.

您的組織使用Google雲端平台進行操作。

You, as an EC-Council Certified Incident Handler, have been alerted of potential security incident involving unauthorized access to sensitive data.

作為EC-Council認證事件處理人員,您已被警告可能涉及未經授權訪問敏感數據的安全事件。

Which of the following should be your first step in handling this incident?

處理此事件的第一步應該是什麼?

Perform an initial analysis of the GCP audit logs.

進行GCP審計日誌的初步分析。

Disable all user accounts on GCP.

禁用GCP上的所有用戶帳戶。

Shut down all instances on GCP.

關閉GCP上的所有實例。

Initiate an immediate backup of all data.

立即啟動所有數據的備份。

=29==

As part of the incident handling team in a large organization, you are tasked to configure Suricata IDS for network security monitoring in a virtual environment.

作為一家大組織中事件處理團隊的一員,您負責配置Suricata IDS以在虛擬環境中進行網絡安全監控。

You’ve set up the system correctly, but it does not detect ICMP activity from the Windows 10 virtual machine.

您已正確設置系統,但它未能檢測到來自Windows 10虛擬機的ICMP活動。

Which of the following is the most likely reason for this issue?

以下哪一個最可能是此問題的原因?

The ICMP rule was not properly defined in the suricata.rules file.

ICMP規則未在suricata.rules文件中正確定義。

The rule file suricata.rules was not correctly added in the suricata.yaml configuration file.

規則文件suricata.rules未正確添加到suricata.yaml配置文件中。

The Windows 10 machine was not pinged after starting the Suricata engine.

在啟動Suricata引擎後未ping Windows 10機器。

The HOME_NET parameter in suricata.yaml is not properly defined.

suricata.yaml中的HOME_NET參數未正確定義。

=30==

Following a ransomware attack, CyberTech Inc. initiated a full-scale risk assessment.

在勒索軟體攻擊之後,CyberTech公司啟動了全面的風險評估。

They found multiple potential vulnerabilities and realized the need to prioritize them for remediation.

他們發現多個潛在漏洞,並意識到需要優先處理它們。

Which criteria should CyberTech primarily use to prioritize these vulnerabilities?

CyberTech應主要使用哪些標準來優先處理這些漏洞?

Time since the vulnerability was discovered.

自漏洞發現以來的時間。

The cost associated with the mitigation of each vulnerability.

每個漏洞緩解的相關成本。

Popularity of the vulnerability in the hacker community.

漏洞在黑客社區的受歡迎程度。

The potential business impact of a successful exploitation of the vulnerability.

成功利用該漏洞的潛在業務影響。

 DADBC BCABD

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容