ECIH_B_051-060

=051==

Your company has faced a significant SQL injection attack on its web application.

你的公司面臨了對其網頁應用程式的重大SQL注入攻擊。

As an incident handler using the dotDefender tool, you notice that despite the SQL injection attack, the tool has not registered any events in its log viewer.

作為使用dotDefender工具的事件處理人員，你注意到儘管發生了SQL注入攻擊，但該工具在其日誌查看器中沒有註冊任何事件。

Which of the following is the most plausible reason for this situation?

以下哪一種是此情況最可能的原因？

Ⓐ The dotDefender tool was not properly configured to detect SQL injection attacks. dotDefender工具未正確配置以檢測SQL注入攻擊。

Ⓑ The attacker used a zero-day attack technique not recognized by the dotDefender tool. 攻擊者使用了dotDefender工具無法識別的零日攻擊技術。

Ⓒ The dotDefender tool does not have the ability to detect SQL injection attacks. dotDefender工具不具備檢測SQL注入攻擊的能力。

Ⓓ The dotDefender tool does not register any attacks that are successfully mitigated. dotDefender工具不會註冊任何成功緩解的攻擊。

=052==

An EC-Council Certified Incident Handler is assigned to handle an incident involving a complex cyberattack on a large corporation’s cloud-based system.

一名EC-Council認證的事件處理人員被指派處理涉及對大型公司雲端系統的複雜網路攻擊事件。

The attack has resulted in a significant data breach.

此次攻擊導致了重大數據洩露。

Which action should the ECI take to best ensure the successful handling of this incident?

ECI應採取哪項行動來最好地確保成功處理此事件？

Ⓐ Block the suspected IP addresses involved in the breach to cut off further access. 封鎖涉嫌參與洩露的IP地址以切斷進一步訪問。

Ⓑ Notify the corporation’s clients about the data breach and potential compromise of their data. 通知公司的客戶有關數據洩露及其數據可能被破壞的情況。

Ⓒ Document the state of the system, including system logs, network configurations, and any anomalous activities. 記錄系統狀態，包括系統日誌、網路配置及任何異常活動。

Ⓓ Initiate a full system shutdown to halt all operations and prevent additional data loss. 啟動完整的系統關閉以停止所有操作並防止額外的數據丟失。

=053==

A global financial institution is reassessing its security posture after a targeted Advanced Persistent Threat (APT) attack.

一家全球金融機構在針對性高級持續威脅（APT）攻擊後重新評估其安全狀態。

Post-analysis reveals that the APT group exploited a previously unknown vulnerability.

事後分析顯示APT組織利用了一個以前未知的漏洞。

Which of the following is the most likely reason why the existing security strategy should be strengthened to better guard against such sophisticated threats?

以下哪一項是最有可能的原因，說明為何應加強現有的安全策略以更好地防禦這些複雜的威脅？

Ⓐ Conduct biweekly system and image rollbacks to known good positions. 每兩週進行系統和映像回滾到已知的良好位置。

Ⓑ Regularly back up all systems and store in a cold storage environment. 定期備份所有系統並存儲在冷存儲環境中。

Ⓒ Adopt a defense-in-depth strategy incorporating multiple security layers. 採用包含多層安全防護的深度防禦策略。

Ⓓ Frequently update antivirus and IDS/IPS signatures. 經常更新防病毒軟體和IDS/IPS特徵碼。

=054==

An employee accidentally emails confidential customer information to a personal email address.

一名員工不小心將機密客戶信息發送到個人電子郵件地址。

What is the biggest challenge faced by the incident response team in this scenario?

事件響應團隊在此情況下面臨的最大挑戰是什麼？

Ⓐ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度

Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡對利益相關者的保密需求和透明度

Ⓒ Determining the intent of the employee 確定員工的意圖

Ⓓ Identifying the source of the email server used to send the email 確定用於發送電子郵件的電子郵件伺服器的來源

=055==

As an Incident Handler, you are overseeing a large organization that heavily relies on email communication.

作為事件處理人員，你正在監督一個高度依賴電子郵件通信的大型組織。

Recent studies have revealed a substantial increase in phishing and malicious email attachment attacks, leading to heightened concerns over email security.

最近的研究顯示，網絡釣魚和惡意電子郵件附件攻擊大幅增加，導致對電子郵件安全的擔憂加劇。

Which of the following approaches would provide the most comprehensive protection against these emerging email security threats?

以下哪種方法將提供對這些新興電子郵件安全威脅最全面的保護？

Ⓐ Ensuring secure email communication by implementing Pretty Good Privacy. 通過實施Pretty Good Privacy來確保安全的電子郵件通信。

Ⓑ Using the Netcraft Toolbar to detect phishing sites and warn users about them. 使用Netcraft工具欄檢測釣魚網站並警告用戶。

Ⓒ Employing email header analysts to trace the origin of suspicious emails. 僱用電子郵件標頭分析師來追踪可疑電子郵件的來源。

Ⓓ Developing a layered defense mechanism that combines phishing attack prevention, email header analysis, and secure email communication through PGP. 開發一種分層防禦機制，結合釣魚攻擊防範、電子郵件標頭分析和通過PGP進行安全的電子郵件通信。

=056==

During a web application security incident, the incident response team discovers that the attacker has compromised a web server and is using it to launch further attacks against other systems on the network.

在一次網頁應用程式安全事件中，事件響應團隊發現攻擊者已經入侵了一個網頁伺服器，並利用它對網絡上的其他系統發動進一步攻擊。

What is the best course of action for the incident response team during the containment phase?

在控制階段，事件響應團隊的最佳行動方案是什麼？

Ⓐ Shut down the compromised web server to prevent further attacks 關閉被入侵的網頁伺服器以防止進一步攻擊

Ⓑ Install additional security measures on the compromised web server to prevent further attacks 在被入侵的網頁伺服器上安裝額外的安全措施以防止進一步攻擊

Ⓒ Allow the attacker to continue the attacks to gather more information about their methods 允許攻擊者繼續攻擊以收集更多有關其方法的信息

Ⓓ Isolate the compromised web server from the rest of the network to prevent further attacks 將被入侵的網頁伺服器與網絡的其餘部分隔離以防止進一步攻擊

=057==

A company’s network experiences a distributed denial-of-service (DDoS) attack, disrupting its online services.

一家公司網絡遭遇分佈式拒絕服務（DDoS）攻擊，導致其在線服務中斷。

What is the best course of action for the incident response team in this scenario?

在此情況下，事件響應團隊的最佳行動方案是什麼？

Ⓐ Implement additional network security controls to prevent future DDoS attacks 實施額外的網絡安全控制措施以防止未來的DDoS攻擊

Ⓑ Divert the network traffic through a DDoS mitigation service 通過DDoS緩解服務分流網絡流量

Ⓒ Notify senior management and other relevant stakeholders about the ongoing attack 通知高級管理層和其他相關利益相關者有關持續攻擊的情況

Ⓓ Identify the source of the DDoS attack and take legal action against the attackers 確定DDoS攻擊的來源並對攻擊者採取法律行動

=058==

An employee in the finance department accesses confidential financial data outside of their job duties.

財務部門的一名員工在工作職責範圍之外訪問機密財務數據。

What is the most effective way to prevent this type of insider threat?

防止此類內部威脅的最有效方法是什麼？

Ⓐ Implement role-based access controls and limit access to sensitive data 實施基於角色的訪問控制並限制對敏感數據的訪問

Ⓑ Conduct regular monitoring and audits of user activities 定期監控和審計用戶活動

Ⓒ Encrypt all sensitive financial data 加密所有敏感財務數據

Ⓓ Educate employees on the consequences of violating company policies 教育員工了解違反公司政策的後果

=059==

You are the network security manager for a large organization.

你是一家大型組織的網絡安全經理。

As part of your preparation for handling network security incidents, which of the following actions is MOST important to perform?

作為處理網絡安全事件準備工作的一部分，以下哪一項是最重要的？

Ⓐ Develop an incident response plan and regularly conduct tabletop exercises. 制定事件響應計劃並定期進行桌面演練。

Ⓑ Regularly update and patch network devices and systems. 定期更新和修補網絡設備和系統。

Ⓒ Conduct regular vulnerability assessments and penetration tests. 定期進行漏洞評估和滲透測試。

Ⓓ Implement intrusion detection and prevention systems (IDPS). 實施入侵檢測和防禦系統（IDPS）。

=060==

An EC-Council Certified Incident Handler (ECIH) is dealing with a significant cyberattack on a multinational corporation’s cloud infrastructure.

一名EC-Council認證事件處理人員（ECIH）正在處理一次對跨國公司雲基礎設施的重大網絡攻擊。

During the initial investigation, the handler discovered a piece of malware embedded in a virtual machine.

在初步調查中，處理人員發現了一個嵌入虛擬機器中的惡意軟體。

Which of the following should be the ECIH’s first step in preserving, packaging, and transporting digital evidence?

以下哪一項應是ECIH在保存、包裝和運輸數字證據時的第一步？

Ⓐ Immediately delete the virtual machine to protect other systems from potential infection. 立即刪除虛擬機器以保護其他系統免受潛在感染。

Ⓑ Migrate the infected virtual machine to a sandbox environment for detailed analysis. 將受感染的虛擬機器遷移到沙盒環境進行詳細分析。

Ⓒ Power off the infected virtual machine to avoid the further spreading of the malware. 關閉受感染的虛擬機器以避免惡意軟體進一步傳播。

Ⓓ Create a binary copy of the infected virtual machine and store it in a secure location. 創建受感染虛擬機器的二進制副本並將其存儲在安全位置。

A C C A D D B A A D