跳到主要內容

ECIH_B_061-070

 =061==

An employee reports that their company-issued smartphone was stolen, which contained sensitive company data.

一位員工報告其公司配發的智能手機被盜,裡面含有敏感的公司數據。

What is the first step in the incident response process for handling this mobile-based security incident?

處理此基於手機的安全事件的事件響應流程中的第一步是什麼?

Notify the affected employee's supervisor and senior management 通知受影響員工的主管和高級管理層

Remotely wipe the data from the stolen smartphone 遠程清除被盜手機上的數據

Change the affected employee's login credentials and passwords 更改受影響員工的登錄憑證和密碼

Locate the stolen smartphone using its GPS tracking feature 使用GPS追蹤功能定位被盜手機

=062==

FinServ, a financial services firm, experienced a significant malware attack.

一家金融服務公司FinServ遭受了一次重大惡意軟件攻擊。

Once the immediate threat was contained, a massive cleanup ensued.

在立即威脅被遏制後,隨即展開了大規模清理工作。

A board meeting was convened to determine the final steps to ensure system integrity.

召開了一次董事會會議以確定確保系統完整性的最後步驟。

Among the proposed solutions, which ensures a thorough eradication of malware?

在提出的解決方案中,哪一項確保了徹底根除惡意軟件?

Implementing stricter firewall policies and access controls 實施更嚴格的防火牆策略和訪問控制

Conducting a comprehensive cybersecurity firm for an in-depth system analysis 與綜合網絡安全公司合作進行深入的系統分析

Reinstalling the OS on affected machines and restoring data from trusted backups 在受影響的機器上重新安裝操作系統並從可信備份中恢復數據

Relying on a combination of multiple antivirus solutions for enhanced detection 依靠多種防病毒解決方案的組合來增強檢測

=063==

During the initial setup of an incident response team at a medium-sized organization, the newly hired incident handler is tasked with defining an effective process for managing security incidents.

在一家中型組織中建立事件響應小組的初期,新聘請的事件處理人員負責定義一個有效的安全事件管理流程。

Considering the broad range of possible incidents, from common threats to advanced persistent threats (APTS), which of the following is the MOST appropriate approach for this task?

考慮到從常見威脅到高級持續性威脅(APTS)的廣泛事件,以下哪一項是此任務的最佳方法?

Implement policies using the Group Policy Management Console (GPMC) and work with incident tickets in OSSIM 使用群組策略管理控制台(GPMC)實施策略並處理OSSIM中的事件票據

Concentrate on detecting missing security patches using MBSA on Windows, along with performing security checks using lynis-security on Linux 使用MBSA檢測Windows上遺漏的安全補丁,並使用lynis-security檢查Linux上的安全性

Prioritize actions based on the severity of potential damage caused by the incidents and use Splunk Universal Forwarder for remote log capture 根據事件可能造成的潛在損害的嚴重性來確定優先順序,並使用Splunk Universal Forwarder進行遠程日誌捕獲

Develop a comprehensive incident response process, including policies, incident response teams, and an audit of organizational assets, then get management approval for implementation 制定全面的事件響應流程,包括政策、事件響應小組和組織資產審計,然後獲得管理層批准實施

=064==

During the eradication phase of a web application security incident at a major online retail platform, the incident response team discovers that the application was compromised through a previously unknown zero-day vulnerability.

在某主要在線零售平台的網頁應用程序安全事件的根除階段,事件響應小組發現應用程序通過先前未知的零日漏洞被入侵。

This vulnerability allowed the attacker to access user credit card information.

該漏洞使攻擊者能夠訪問用戶的信用卡信息。

The incident has severe financial and reputational implications.

該事件具有嚴重的財務和聲譽影響。

In this highly sensitive scenario, what is the best course of action for the incident response team?

在這種高度敏感的情況下,事件響應小組的最佳行動方案是什麼?

Conceal the incident to protect the company's reputation 隱瞞事件以保護公司的聲譽

Patch the vulnerability, remove all traces of the attacker, inform affected users, and coordinate with relevant authorities 修補漏洞,移除所有攻擊者的痕跡,通知受影響的用戶,並與相關部門協調

Immediately go public with the details of the zero-day vulnerability 立即公開零日漏洞的細節

Focus solely on tracking the attacker without addressing the vulnerability 只專注於追踪攻擊者而不解決漏洞

=065==

A company has recently migrated its critical applications and data to the cloud environment to take advantage of scalability and cost savings.

一家公司最近將其關鍵應用程序和數據遷移到雲環境中,以利用可擴展性和成本節約。

However, they are facing challenges in effectively handling and responding to security incidents in the cloud.

然而,他們在有效處理和應對雲中的安全事件方面面臨挑戰。

What is one of the key challenges in cloud incident handling and response?

雲事件處理和響應的主要挑戰之一是什麼?

Limited control over incident response processes and procedures 對事件響應流程和程序的控制有限

Inadequate visibility and monitoring capabilities across multiple cloud service providers 跨多個雲服務提供商的可見性和監控能力不足

Inconsistencies between cloud and on-premises security tools 雲和本地安全工具之間的不一致性

Difficulty in establishing a chain of custody for evidence in a shared cloud environment 在共享的雲環境中難以建立證據的保管鏈

=066==

You are an incident handler for a large corporation and have identified suspicious network activity involving repeated ICMP ECHO requests from an unknown IP.

您是一家大型公司的事件處理人員,已經發現涉及來自未知IP的重複ICMP ECHO請求的可疑網絡活動。

Utilizing your knowledge of network reconnaissance techniques, you suspect a ping sweep attack is in progress.

利用您對網絡偵察技術的知識,您懷疑正在進行ping掃描攻擊。

What should be your next course of action to validate your suspicions using the tools and techniques mentioned in the lab scenario?

應使用實驗室場景中提到的工具和技術,您的下一步行動應該是什麼?

Start a new packet capture in Wireshark and apply the filter tcp.flags.syn==1 to observe the SYN scan attack Wireshark中啟動新的數據包捕獲並應用過濾器tcp.flags.syn==1以觀察SYN掃描攻擊

Monitor VSFTPD logs to identify suspicious file transfers 監控VSFTPD日誌以識別可疑的文件傳輸

Execute the command nmap -sP 10.10.10.1/24 on the Ubuntu machine to identify active hosts Ubuntu機器上執行命令nmap -sP 10.10.10.1/24以識別活動主機

Apply the filter icmp.type==8 or icmp.type==0 in Wireshark to detect the ping sweep attempts Wireshark中應用過濾器icmp.type==8icmp.type==0以檢測ping掃描嘗試

=067==

A company's mobile device management (MDM) solution alerts the incident response team to a malware infection on an enterprise smartphone.

公司的移動設備管理(MDM)解決方案提醒事件響應小組企業智能手機上的惡意軟件感染。

What is the best course of action for the incident response team in this scenario?

在這種情況下,事件響應小組的最佳行動方案是什麼?

Collect and analyze logs from the MDM solution to identify the source of the infection MDM解決方案中收集並分析日誌以識別感染源

Initiate a full system scan on the smartphone to identify the extent of the infection 在智能手機上啟動全面系統掃描以確定感染範圍

Notify the affected employee and instruct them to uninstall the malware 通知受影響的員工並指示他們卸載惡意軟件

Block access to the compromised network and quarantine the infected smartphone 阻止訪問受感染的網絡並隔離受感染的智能手機

=068==

A company’s endpoint security solution detects suspicious activity on multiple endpoints, indicating a potential coordinated attack.

公司的端點安全解決方案檢測到多個端點上的可疑活動,表明可能發生協同攻擊。

What is the best course of action for the incident response team in this scenario?

在這種情況下,事件響應小組的最佳行動方案是什麼?

Collect and analyze logs from the endpoint security solution to identify the source of the attack 收集並分析端點安全解決方案中的日誌以識別攻擊源

Notify senior management and other stakeholders about the potential attack 通知高級管理層和其他利益相關者有關潛在攻擊的信息

Conduct a full system scan on all affected endpoints to identify the extent of the attack 對所有受影響的端點進行全面系統掃描以確定攻擊範圍

Disconnect all affected endpoints from the network and isolate them for further analysis 將所有受影響的端點從網絡斷開並隔離以進行進一步分析

=069==

Your team, while performing regular log analysis, discovered a sudden surge in failed login attempts on multiple workstations.

您的團隊在進行定期日誌分析時發現多個工作站上的登錄失敗嘗試突然激增。

Following the EC-Council Certified Incident Handler (ECIH) guidelines, you are analyzing this endpoint security incident.

根據EC-Council認證事件處理人員(ECIH)的指南,您正在分析此端點安全事件。

What should be your next step?

您的下一步應該是什麼?

Notify senior management about the incident without any further investigation 未經進一步調查即通知高級管理層有關事件的信息

Format the affected systems and restore from the latest backup 格式化受影響的系統並從最新備份中恢復

Immediately disconnect the affected workstations from the network 立即將受影響的工作站從網絡斷開

Investigate if this is a false positive by cross-verifying with other detection systems 通過與其他檢測系統交叉驗證來調查這是否是誤報

=070==

In the aftermath of a malware incident involving malicious startup programs on a Windows 10 machine, an incident handler is tasked with the recovery process using the WinPatrol tool.

在涉及Windows 10機器上惡意啟動程序的惡意軟件事件之後,事件處理人員被指派使用WinPatrol工具進行恢復過程。

Which of the following sequences of actions taken by the incident handler indicates the correct approach?

以下哪一個事件處理人員採取的行動順序表明了正確的方法?

Install WinPatrol, disable trivial startup programs, remove non-required IE helpers, view installed services, disable trivial services, view file types, and end non-essential active tasks 安裝WinPatrol,禁用瑣碎的啟動程序,移除不需要的IE助手,查看已安裝的服務,禁用瑣碎的服務,查看文件類型並結束非必要的活動任務

Install WinPatrol, enable all startup programs, add necessary IE helpers, view installed services, enable all services, view file types, and start all active tasks 安裝WinPatrol,啟用所有啟動程序,添加必要的IE助手,查看已安裝的服務,啟用所有服務,查看文件類型並啟動所有活動任務

Install WinPatrol, disable all startup programs, remove all IE helpers, view installed services, disable all services, view file types, and end all active tasks 安裝WinPatrol,禁用所有啟動程序,移除所有IE助手,查看已安裝的服務,禁用所有服務,查看文件類型並結束所有活動任務

Install WinPatrol, disable trivial startup programs, add necessary IE helpers, view installed services, enable trivial services, view file types, and start non-essential active tasks 安裝WinPatrol,禁用瑣碎的啟動程序,添加必要的IE助手,查看已安裝的服務,啟用瑣碎的服務,查看文件類型並啟動非必要的活動任務

BCDBB DDDDA

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容