跳到主要內容

ECIH_B_041-050

 =041==

After a significant data breach at a large retail company's cloud-based Point of Sale (POS) system, you are tasked as an EC-Council Certified Incident Handler to formulate a strategy for future incidents.

在一家大型零售公司的雲端銷售點(POS)系統發生重大數據洩露後,您被指派為EC-Council認證的事件處理人員,制定未來事件的策略。

One of the main challenges you faced during the response was the ambiguity over the division of responsibility between the company and the cloud service provider.

您在應對過程中面臨的主要挑戰之一是公司與雲服務提供商之間責任劃分的模糊性。

To mitigate this issue, what should be your primary focus for future incident handling?

為了解決這個問題,未來事件處理的主要重點應該是什麼?

Develop an internal cloud security team to monitor and handle incidents autonomously. 建立內部雲安全團隊,自主監控和處理事件。

Ensure a well-defined and agreed-upon cloud service level agreement (SLA) regarding incident response. 確保有一個明確且一致同意的雲服務水平協議(SLA),以應對事件。

Implement a multi-cloud strategy to mitigate the risk posed by a single cloud service provider. 實施多雲策略,以減輕單一雲服務提供商帶來的風險。

Prioritize investments in advanced cloud security technologies, such as cloud-based IDS. 優先投資於先進的雲安全技術,如基於雲的入侵檢測系統(IDS)。

=042==

In a simulated lab environment, an incident handler uses the CurrPorts tool to monitor TCP/IP connections in the wake of a malware incident.

在模擬實驗室環境中,事件處理人員使用CurrPorts工具來監控惡意軟件事件後的TCP/IP連接。

The malware, a trojan called "njRAT," has been executed on a Windows Server 2016 virtual machine.

這個名為“njRAT”的特洛伊木馬已經在Windows Server 2016虛擬機上執行。

After executing the trojan, the handler observes a connection established by the njRAT client on the Windows 10 virtual machine.

執行特洛伊木馬後,處理人員觀察到由njRAT客戶端在Windows 10虛擬機上建立的連接。

Using CurrPorts on the infected Windows Server 2016, what course of action should the handler take next?

在受感染的Windows Server 2016上使用CurrPorts,處理人員接下來應該採取什麼行動?

Immediately disconnect Windows Server 2016 from the network. 立即將Windows Server 2016從網絡中斷開。

Perform port monitoring to identify the process running and the port on which it's running. 執行端口監控以識別運行的進程及其運行的端口。

Restart Windows Server 2016 to remove the trojan. 重啟Windows Server 2016以刪除特洛伊木馬。

Run a full antivirus scan on the Windows 10 virtual machine. Windows 10虛擬機進行全面的防病毒掃描。

=043==

A company's intrusion detection system (IDS) generates an alert indicating a potential network security incident.

一家公司的入侵檢測系統(IDS)發出警報,表明可能存在網絡安全事件。

What is the next step in the process of detecting and validating network security incidents?

在檢測和驗證網絡安全事件的過程中,下一步是什麼?

Determine the severity of the alert and its potential impact on the network. 確定警報的嚴重性及其對網絡的潛在影響。

Validate the IDS alert by cross-referencing it with other security monitoring systems. 通過與其他安全監控系統交叉參考來驗證IDS警報。

Conduct a thorough analysis of the IDS alert logs to gather additional information. 徹底分析IDS警報日誌以收集更多信息。

Perform forensic analysis on the affected systems to identify the root cause of the incident. 對受影響的系統進行取證分析,以確定事件的根本原因。

=044==

After a significant software upgrade at Zeta Corp, the IT department noticed an abnormal surge in network traffic.

Zeta公司進行重大軟件升級後,IT部門注意到網絡流量異常激增。

On closer inspection, the anomaly appeared to originate from a specific set of newly installed machines.

經過仔細檢查,異常似乎來自一組新安裝的機器。

IT personnel identified an unknown process transmitting large amounts of data.

IT人員發現了一個未知進程正在傳輸大量數據。

Realizing the potential implications, they sought immediate action.

意識到潛在的影響,他們立即採取行動。

What should their primary response be?

他們的主要應對措施應該是什麼?

Document the process details and alert the software vendor. 記錄進程細節並通知軟件供應商。

Run an antivirus sweep across the entire network. 在整個網絡上進行防病毒掃描。

Seek external help from malware experts without internal intervention. 在不進行內部干預的情況下尋求惡意軟件專家的外部幫助。

Immediately isolate the affected machines from the network. 立即將受影響的機器從網絡中隔離。

=045==

As the new CISO for a mid-sized healthcare organization, you've been tasked with fortifying the company's cyber defenses.

作為一家中型醫療機構的新任首席信息安全官(CISO),您被指派強化公司的網絡防禦。

Your predecessor mainly focused on network security, but you believe that endpoint security incident handling and response are equally vital.

您的前任主要關注網絡安全,但您認為端點安全事件處理和響應同樣重要。

What is the most compelling reason to justify the additional investment to the board of directors?

什麼是向董事會證明額外投資最有力的理由?

Increasing the number of remote workers makes the network perimeter less defined. 增加遠程工作者的數量使網絡邊界不那麼明確。

The company's competitors have invested heavily in endpoint security. 公司的競爭對手在端點安全方面投入了大量資金。

Regulatory bodies demand a greater focus on endpoint security. 監管機構要求更關注端點安全。

Endpoint security is a current trend in the cybersecurity industry. 端點安全是當前網絡安全行業的趨勢。

=046==

In the wake of an email security incident at EduTech, an educational technology provider, the response team detected that certain email accounts had been compromised.

在教育技術提供商EduTech發生電子郵件安全事件後,響應團隊發現某些電子郵件帳戶已被入侵。

These accounts had been sending out unauthorized promotional offers.

這些帳戶一直在發送未經授權的促銷優惠。

To detect similar future threats proactively, what action is most advisable?

為了主動檢測類似的未來威脅,最明智的行動是什麼?

Schedule regular IT audits to review account access logs. 安排定期IT審計以審查帳戶訪問日誌。

Invest in a more advanced spam filter. 投資於更先進的垃圾郵件過濾器。

Monitor email traffic patterns for anomalies and unusual sending behaviors. 監控電子郵件流量模式以檢測異常和不尋常的發送行為。

Limit the number of emails a single account can send in an hour. 限制單個帳戶每小時可以發送的電子郵件數量。

=047==

During the eradication phase of a web application security incident, the incident response team discovers that the web application was compromised due to a known vulnerability that had not been patched.

在網絡應用安全事件的根除階段,事件響應團隊發現網絡應用因已知漏洞未修補而遭到破壞。

What is the best course of action for the incident response team?

事件響應團隊的最佳行動方案是什麼?

Conduct a root cause analysis to identify why the vulnerability was not patched. 進行根本原因分析,以確定為什麼漏洞未被修補。

Patch the vulnerability and restore the web application to its previous state. 修補漏洞並將網絡應用恢復到先前狀態。

Monitor the web application for any further signs of compromise. 監控網絡應用是否有進一步的妥協跡象。

Conduct a penetration test to identify any other vulnerabilities. 進行滲透測試以識別其他漏洞。

=048==

After a series of email-based attacks, FinServCo, a financial services provider, wanted to establish robust defenses against potential email security incidents.

在一系列基於電子郵件的攻擊之後,金融服務提供商FinServCo希望建立針對潛在電子郵件安全事件的強大防禦措施。

While discussing preventive measures, which action emerged as a top priority to guard against email threats?

在討論預防措施時,哪個行動被認為是防範電子郵件威脅的首要任務?

Employ an email sandboxing solution to analyze email attachments in a secure environment. 使用電子郵件沙箱解決方案在安全環境中分析電子郵件附件。

Prohibit employees from accessing personal emails on corporate devices. 禁止員工在公司設備上訪問個人電子郵件。

Ensure that all email traffic is encrypted, both in transit and at rest. 確保所有電子郵件流量在傳輸和存儲過程中都被加密。

Move all email services to a reputable cloud provider for better management. 將所有電子郵件服務轉移到可信賴的雲提供商進行更好的管理。

=049==

A multinational corporation has been receiving a large number of phishing attacks lately.

一家跨國公司最近收到大量的網絡釣魚攻擊。

As the newly appointed Incident Handler, you have been tasked with improving the company's ability to detect and handle these attacks.

作為新任命的事件處理人員,您被指派提高公司檢測和處理這些攻擊的能力。

The existing infrastructure consists of several virtual machines running Windows Server 2016, Windows 10, and Ubuntu, and administrative privileges are available to install and run the required tools.

現有基礎設施包括多個運行Windows Server 2016Windows 10Ubuntu的虛擬機,並且有管理權限可安裝和運行所需的工具。

Which of the following methods should you primarily implement to enhance the company's ability to handle these email security incidents?

您應主要實施以下哪種方法來增強公司處理這些電子郵件安全事件的能力?

Installing the Netcraft Toolbar on all company systems to block phishing websites. 在所有公司系統上安裝Netcraft工具欄以阻止網絡釣魚網站。

Implementing PGP encryption for all email communications to prevent unauthorized access to email content. 為所有電子郵件通信實施PGP加密,以防止未經授權訪問電子郵件內容。

Training employees to detect phishing attacks and encouraging them to report suspicious emails. 培訓員工檢測網絡釣魚攻擊並鼓勵他們報告可疑電子郵件。

Using Phish Tank to verify and track all suspicious links in emails received by the company. 使用Phish Tank來驗證和跟踪公司收到的所有可疑鏈接。

=050==

An employee who was recently terminated still has access to company systems due to an administrative oversight.

一名最近被解雇的員工由於管理疏忽仍然可以訪問公司系統。

What is the biggest challenge in responding to this insider threat?

應對這一內部威脅的最大挑戰是什麼?

Identifying how the former employee gained unauthorized access. 確定前員工如何獲得未經授權的訪問。

Identifying the potential damage caused by the former employee. 確定前員工造成的潛在損害。

Balancing the need to revoke access with maintaining business continuity. 平衡撤銷訪問權限與維持業務連續性的需求。

Maintaining the confidentiality of the investigation. 保持調查的機密性。

BBBDA CBACB

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容