ECIH_B_091-100

 =091==

A multinational organization recently suffered a massive data breach, resulting in the exposure of sensitive customer information.

一家跨國組織最近遭遇了一次大規模的數據洩露，導致敏感的客戶信息暴露。

As an EC-Council Certified Incident Handler (ECIH), you have been tasked with ensuring compliance with incident handling laws and acts while handling this situation.

作為EC-Council認證的事件處理人員（ECIH），您被指派在處理此情況時確保遵守事件處理法律和法規。

The company operates in multiple jurisdictions, including Europe and the United States.

該公司在包括歐洲和美國在內的多個司法管轄區運營。

What should be your primary legal consideration in this scenario?

在這種情況下，您的主要法律考慮應該是什麼？

 

Ⓐ Report the incident to the Internet Crime Complaint Center (IC3) immediately. 立即向互聯網犯罪投訴中心（IC3）報告事件。

Ⓑ Conduct an internal audit to identify potential non-compliance areas. 進行內部審計以確定潛在的違規領域。

Ⓒ Initiate a customer notification process as guided by the European Data Protection Directive. 根據歐洲數據保護指令啟動客戶通知過程。

Ⓓ Follow the mandates of the GDPR and the California Consumer Privacy Act (CCPA). 遵循GDPR和加利福尼亞州消費者隱私法案（CCPA）的規定。

 

=092==

In the lab scenario, a malicious process was detected running on the server.

在實驗室場景中，檢測到在服務器上運行的惡意進程。

An incident handler aims to prevent further exploitation of the compromised system.

事件處理人員旨在防止進一步利用受損系統。

In the context of the lab scenario and available resources, which of the following actions should the handler take immediately after detecting the malicious process?

在實驗室場景和可用資源的背景下，檢測到惡意進程後，處理人員應立即採取以下哪項行動？

 

Ⓐ Utilize Regshot to take a snapshot of the registry and compare it with previous entries to find changes. 使用Regshot對註冊表進行快照並與以前的條目進行比較以找到變更。

Ⓑ Kill the process using CurrPorts and block the corresponding port to prevent future connections. 使用CurrPorts終止該進程並阻止相應的端口以防止未來的連接。

Ⓒ Reboot the system in safe mode and use ClamWin to remove the malware from the system. 在安全模式下重新啟動系統並使用ClamWin從系統中移除惡意軟件。

Ⓓ Launch a detailed trojan and virus analysis using VirusTotal and OllyDbg before taking any actions. 在採取任何行動之前，使用VirusTotal和OllyDbg啟動詳細的特洛伊木馬和病毒分析。

 

=093==

GlobalTech recently faced a series of advanced attacks.

GlobalTech最近面臨一系列先進的攻擊。

Post-incident analysis led them to discover a malicious software disguised as an update module for their ERP system.

事後分析使他們發現了一個偽裝成ERP系統更新模塊的惡意軟件。

The malware exhibited intricate behavior, making its detection challenging.

該惡意軟件表現出複雜的行為，使其檢測變得具有挑戰性。

The security team needs to determine its functionality and potential damage.

安全團隊需要確定其功能和潛在損害。

What should be their primary approach?

他們的主要方法應該是什麼？

 

Ⓐ Notify stakeholders and clients of a potential data breach. 通知利益相關者和客戶可能發生的數據洩露。

Ⓑ Update all systems and deploy a network-wide antivirus scan. 更新所有系統並部署全網範圍的防病毒掃描。

Ⓒ Seek vendor guidance on ERP-related vulnerabilities. 尋求供應商關於ERP相關漏洞的指導。

Ⓓ Conduct a behavior analysis of the malware in an isolated, controlled environment. 在隔離和受控環境中進行惡意軟件行為分析。

 

=094==

NanoCorp, a nano-technology firm, experienced a ransomware attack originating from a malicious email link.

納米技術公司NanoCorp遭遇了來自惡意電子郵件鏈接的勒索軟件攻擊。

Post-containment, the IT team debated the best eradication strategy.

在控制後，IT團隊討論了最佳的根除策略。

Which action ensures the thorough removal of any remnants of the ransomware?

哪個行動可以確保徹底清除勒索軟件的任何殘餘？

 

Ⓐ Increase email scanning frequency and tighten security policies. 增加電子郵件掃描頻率並加強安全策略。

Ⓑ Conduct a company-wide password reset and two-factor authentication setup. 進行公司範圍的密碼重置和雙重身份驗證設置。

Ⓒ Restore affected systems from a known good backup. 從已知的良好備份中恢復受影響的系統。

Ⓓ Apply patches and updates to all company software and systems. 為公司所有軟件和系統應用補丁和更新。

 

=095==

A company's endpoint security solution detects a malware infection on an employee's laptop.

一家公司的端點安全解決方案檢測到員工筆記本電腦上的惡意軟件感染。

What is the first step in the incident response process for handling this endpoint security incident?

處理此端點安全事件的事件響應過程中的第一步是什麼？

 

Ⓐ Run a full system scan on the infected laptop. 對受感染的筆記本電腦進行全面系統掃描。

Ⓑ Disconnect the infected laptop from the network. 斷開受感染的筆記本電腦與網絡的連接。

Ⓒ Collect and analyze logs from the endpoint security solution. 收集並分析來自端點安全解決方案的日誌。

Ⓓ Notify the affected employee and their supervisor. 通知受影響的員工及其主管。

 

=096==

A company's IoT network is experiencing a DDoS attack, disrupting critical operations.

一家公司的物聯網網絡正在經歷DDoS攻擊，擾亂了關鍵運營。

What is the best course of action for the incident response team in this scenario?

在這種情況下，事件響應小組的最佳行動方案是什麼？

 

Ⓐ Increase bandwidth to the IoT network to handle the attack. 增加物聯網網絡的帶寬以應對攻擊。

Ⓑ Disconnect the affected IoT devices from the network. 斷開受影響的物聯網設備與網絡的連接。

Ⓒ Notify senior management and other stakeholders. 通知高級管理層和其他利益相關者。

Ⓓ Block all incoming traffic to the IoT network. 阻止所有進入物聯網網絡的流量。

 

=097==

A multinational firm recently encountered a severe cloud-based data breach where confidential data was accessed by unauthorized users.

一家跨國公司最近遇到了一次嚴重的基於雲的數據洩露，未經授權的用戶訪問了機密數據。

Keen to bolster its capacity to respond to such events in the future, the company must decide on the most suitable action to adopt.

為了加強未來應對此類事件的能力，公司必須決定採取最合適的行動。

What should it do?

它應該怎麼做？

 

Ⓐ Activate full-disk encryption on all cloud servers to safeguard data at rest. 在所有雲服務器上啟用全盤加密以保護靜態數據。

Ⓑ Set up an IP-based access control list to limit access to cloud resources. 設置基於IP的訪問控制列表以限制對雲資源的訪問。

Ⓒ Transition to a private cloud model to maintain full control over data. 過渡到私人雲模式以保持對數據的完全控制。

Ⓓ Set up a specialized cloud-focused incident response team and develop a corresponding plan. 建立專門的雲專注事件響應團隊並制定相應的計劃。

 

=098==

Incident handlers at Delta Corp were alerted about potential unauthorized access to a sensitive server room.

Delta Corp的事件處理人員被警告可能未經授權訪問敏感的服務器室。

Upon reaching the scene, what should be their immediate step to ensure the integrity of potential evidence?

到達現場後，他們應該採取什麼緊急措施以確保潛在證據的完整性？

 

Ⓐ Document the current state of the room, including positions of devices and opened files. 記錄房間的當前狀態，包括設備的位置和打開的文件。

Ⓑ Engage external consultants to determine the extent of the breach. 聘請外部顧問以確定漏洞的範圍。

Ⓒ Start scanning the network for signs of exfiltration activities. 開始掃描網絡以尋找數據外流活動的跡象。

Ⓓ Turn off all machines to stop further unauthorized access. 關閉所有機器以停止進一步的未經授權的訪問。

 

=099==

As a senior network security analyst at a multinational corporation, you are part of an expert team overseeing the security of a complex network.

作為一家跨國公司的高級網絡安全分析師，您是負責監督複雜網絡安全的專家團隊成員。

An alert comes through one morning, indicating potential unauthorized access through a vulnerable Wi-Fi connection in one of your global offices.

某天早上收到一個警報，表明通過您的一個全球辦公室中的易受攻擊的Wi-Fi連接進行了潛在的未經授權的訪問。

The nature of the breach suggests possible intellectual property theft.

漏洞的性質表明可能存在知識產權盜竊。

Your team is assigned to validate and respond to the incident.

您的團隊被指派驗證並響應此事件。

In this complex scenario, what is the primary goal of a network security incident response plan?

在這種複雜的情況下，網絡安全事件響應計劃的主要目標是什麼？

 

Ⓐ Identifying, containing, eradicating, and recovering from the incident. 確定、控制、根除並從事件中恢復。

Ⓑ Implementing new business strategies for the company. 為公司實施新的業務策略。

Ⓒ Minimizing costs associated with the incident response. 最小化與事件響應相關的成本。

Ⓓ Expanding the company’s global reach and market share. 擴大公司的全球影響力和市場份額。

 

=100==

A company’s HR department receives a tip that an employee is planning to steal confidential information and sell it to a competitor.

一家公司的HR部門收到消息，某員工計劃竊取機密信息並將其出售給競爭對手。

What is the best course of action for the company’s incident response team to mitigate the risk of an insider threat in this scenario?

在這種情況下，公司事件響應小組降低內部威脅風險的最佳行動方案是什麼？

 

Ⓐ Restrict the employee’s access to confidential information and systems. 限制該員工訪問機密信息和系統的權限。

Ⓑ Immediately interview the employee’s employer to prevent any further risk. 立即面談該員工以防止進一步風險。

Ⓒ Notify law enforcement to inform the employee about their potential motives. 通知執法部門以告知該員工其潛在動機。

Ⓓ Select the employee’s network threats and communications to detect any suspicious behavior. 篩選該員工的網絡威脅和通信以檢測任何可疑行為。

DBDCB DDAAC