大鐵的資安筆記

 ＝61＝ In a simulated lab environment, an incident handler uses the CurrPorts tool to monitor TCP/IP connections in the wake of a malware incident. 在模擬實驗室環境中，事件處理員使用 CurrPorts 工具來監控 TCP/IP 連接，應對惡意軟體事件。 The malware, a trojan called njRAT," has been executed on a Windows Server 2016 virtual machine. 惡意軟體，一種名為 njRAT" 的木馬，已在 Windows Server 2016 虛擬機上執行。 After executing the trojan, the handler observes a connection established by the njRAT client on the Windows 10 virtual machine. 執行木馬後，處理員觀察到 Windows 10 虛擬機上 njRAT 客戶端建立的連接。 Using CurrPorts on the infected Windows Server 2016, what course of action should the handler take next? 使用 CurrPorts 在受感染的 Windows Server 2016 上，處理員接下來應該採取什麼行動？ A. Run a full antivirus scan on the Windows 10 virtual machine. 在 Windows 10 虛擬機上運行全面的防病毒掃描。 B. Restart Windows Server 2016 to remove the trojan. 重新啟動 Windows Server 2016 以刪除木馬。 C. Immediately disconnect Windows Server 2016 from the network. 立即將 Windows Server 2016 從網絡中斷開。 D. Perform port monitoring to ...

＝41＝ A company's IoT network is experiencing a DDoS attack, disrupting critical operations. 一家公司物聯網網絡正遭受DDoS攻擊，干擾了關鍵操作。 What is the best course of action for the incident response team in this scenario? 在這種情況下，事件響應團隊應採取的最佳行動是什麼？ A. Block all incoming traffic to the IoT network 封鎖所有進入物聯網網絡的流量 B. Notify senior management and other stakeholders 通知高級管理層和其他相關方 C. Disconnect the affected IoT devices from the network 將受影響的物聯網設備斷開網絡 D. Increase bandwidth to the IoT network to handle the attack 增加物聯網網絡的帶寬以應對攻擊 ＝42＝ At NeoTech, after a suspected insider threat incident, a smartphone believed to be a key piece of evidence was secured. 在NeoTech，經歷了一次懷疑內部威脅事件後，一部被認為是關鍵證據的智能手機被保全了。 While waiting for forensic experts, what should the incident handler do to maintain the phone's data integrity? 在等待法醫專家的同時，事件處理人員應該如何維護手機的數據完整性？ A. Take photos of all opened apps and active screens for documentation 拍攝所有已打開的應用程序和活動屏幕以作記錄 B. Place the phone in a Faraday bag to prevent remote wiping or communication...

=21== After a significant software upgrade at ZetaCorp, the IT department noticed an abnormal surge in network traffic. 在ZetaCorp進行重大軟件升級後，IT部門注意到網絡流量異常激增。 On closer inspection, the anomaly appeared to originate from a specific set of newly installed machines. 經過仔細檢查，異常似乎來自一組新安裝的機器。 IT personnel identified an unknown process transmitting large amounts of data. IT人員發現一個未知進程正在傳輸大量數據。 Realizing the potential implications, they sought immediate action. What should their primary response be? 意識到潛在的影響，他們尋求立即行動。他們的主要應對措施應該是什麼？ A. Document the process details and alert the software vendor. 記錄過程詳細信息並通知軟件供應商。 B. Seek external help from malware experts without internal intervention. 尋求惡意軟件專家的外部幫助，而不進行內部干預。 C. Run an antivirus sweep across the entire network. 在整個網絡上進行防病毒掃描。 D. Immediately isolate the affected machines from the network. 立即將受影響的機器與網絡隔離。 =22== You are an EC-Council Certified Incident Handler (ECIH) working for a company that has most of its infrastructure on the AWS cloud. 您是一位EC-Cou...

=01==B032、B018 An incident handling team has been alerted about a possible security breach on a Linux system. 某事件處理小組已被警告Linux系統可能存在安全漏洞。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為EC-Council認證的事件處理員，你決定使用名為buck-security的工具在Linux上進行事件篩選。 After conducting the security check, buck-security returns a warning message indicating a potential issue with the firewall policies. 進行安全檢查後，buck-security返回一條警告消息，指出防火牆策略可能存在問題。 Considering the above scenario, what should be the immediate next step? 考慮到上述情況，下一步應該做什麼？ A. Configure a Syslog server to review the network devices' logs. 配置Syslog伺服器以檢查網絡設備的日誌。 B. Analyze and address the vulnerabilities in the firewall policies. 分析並解決防火牆策略中的漏洞。 C. Install and configure Splunk Universal Forwarder to capture remote system logs. 安裝和配置Splunk Universal Forwarder以捕獲遠程系統日誌。 D. Run another security scan with buck-security to validate the issue. 使用buck-security再次進行安全掃描以驗證問題。 =...

  =201== Adam is an attacker who along with his team launched multiple attacks on target organization for financial benefits. Adam 是一名攻擊者，他與他的團隊針對目標組織發起多次攻擊以獲取財務利益。 Worried about getting caught, he decided to forge his identity. 擔心被抓住，他決定偽造身份。 To do so, he created a new identity by obtaining information from different victims. 為此，他通過獲取不同受害者的信息創建了一個新身份。 Identify the type of identity theft Adam has performed. 識別 Adam 所進行的身份盜竊類型。 A. Tax identity theft 稅務身份盜竊 B. Social identity theft 社會身份盜竊 C. Synthetic identity theft 合成身份盜竊 D. Medical identity theft 醫療身份盜竊   =202== Tom received a phishing email and accidentally opened its attachment. Tom 收到一封網絡釣魚郵件並不小心打開了其附件。 This resulted in redirection of all traffics to a fraudulent website. 這導致所有流量被重定向到欺詐網站。 What type of phishing attack happens? 發生了哪種類型的網絡釣魚攻擊？ A. Whaling 捕鯨 B. Spear Phishing 魚叉式網絡釣魚 C. Pharming 網絡欺騙 D. Spimming 廣告垃圾信息   =203== Malicious software programs that infect...

  =191== Which of the following are malicious software programs that infect computers and corrupt or delete the data on them? 以下哪一項是惡意軟體程式，會感染電腦並損壞或刪除其上的資料？ A. Trojans 木馬程式 B. Worms 蠕蟲 C. Spyware 間諜軟體 D. Virus 病毒   =192== Stanley works as an incident responder at a top MNC based in Singapore. Stanley 是新加坡一流跨國公司的事件響應人員。 He was asked to investigate a cybersecurity incident that recently occurred in the company. 他被要求調查公司最近發生的網絡安全事件。 While investigating the incident, he collected evidence from the victim systems. 在調查事件時，他從受害系統中收集了證據。 He must present this evidence in a clear and comprehensible manner to the members of a jury so that the evidence clarifies the facts and further helps in obtaining an expert opinion on the incident to confirm the investigation process. 他必須以清晰和易於理解的方式向陪審團成員展示這些證據，以便證據澄清事實，並進一步有助於獲得專家對事件的意見以確認調查過程。 In the above scenario, which of the following characteristics of the digital evidence did Stanley attempt to preserve? 在上...