=081==
Which of the following techniques prevent
or mislead incident-handling processes and may also affect the collection,
preservation, and identification phases of the forensic investigation process?
以下哪種技術會阻止或誤導事件處理過程,並可能影響法證調查過程中的收集、保存和識別階段?
A. Enumeration 列舉
B. Footprinting 足跡
C. Scanning 掃描
D. Anti-forensics 反取證
=082==
He must present this evidence in a clear
and comprehensible manner to the members of jury so that the evidence explains
the facts clearly and further helps him obtain an expert opinion on the same to
confirm the investigation process.
他必須以清晰易懂的方式向陪審團成員展示這些證據,以便證據能清楚地解釋事實,並進一步幫助他獲得專家意見以確認調查過程。
In the above scenario, what is the
characteristic of the digital evidence Stanley tried to preserve?
在上述情況中,Stanley試圖保存的數位證據具有什麼特性?
A. Believable 可信
B. Complete 完整
C. Authentic 真實
D. Admissible 可接受
=083==
Which of the following tools helps incident
responders effectively contain a potential cloud security incident and gather
required forensic evidence?
以下哪種工具可以幫助事件應對者有效地遏制潛在的雲安全事件並收集所需的法證證據?
A. Alert Logic 警報邏輯
B. CloudPassage Gravitas CloudPassage
Gravitas
C. CloudPassage Halo CloudPassage Halo
D. Qualys Cloud Platform Qualys雲平台
=084==
In which of the following stages of the
incident handling and response (IH&R) process do the incident handlers try
to find the root cause of the incident along with the threat actors behind the
incidents, threat vectors, etc.?
在事件處理和響應(IH&R)過程中的哪個階段,事件處理者會試圖找到事件的根本原因以及事件背後的威脅行為者、威脅向量等?
A. Incident recording and assignment 事件記錄和分配
B. Incident triage 事件分類
C. Post-incident activities 事後活動
D. Evidence gathering and forensics
analysis 證據收集和法證分析
=085==
Which of the following techniques helps
incident handlers detect man-in-the-middle attacks by finding the new APs and
trying to connect an already established channel, even if the spoofed AP
consists of similar IP and MAC addresses as the original AP?
以下哪種技術可以幫助事件處理者通過找到新的AP並嘗試連接已建立的通道來檢測中間人攻擊,即使偽造的AP包含與原始AP相似的IP和MAC地址?
A. Network traffic monitoring 網絡流量監控
B. Access point monitoring 訪問點監控
C. General wireless traffic monitoring 一般無線流量監控
D. Wireless client monitoring 無線客戶端監控
=086==
James is a professional hacker and is
employed by an organization to exploit their cloud services.
James是一名專業駭客,受僱於一家組織利用其雲服務。
In order to achieve his ends, James created
anonymous access to the cloud services to carry out various attacks of his
choice.
為了達到他的目的,James創建了匿名訪問雲服務,以進行他選擇的各種攻擊。
Which of the following threats is he posing
to the cloud platform?
他對雲平台構成了以下哪種威脅?
A. Insecure interface and APIs 不安全的介面和API
B. Insufficient due diligence 盡職調查不足
C. Abuse and nefarious use of cloud
services 濫用和惡意使用雲服務
D. Data breach/loss 數據洩露/丟失
=087==
An organization implemented an encoding
technique to eradicate SQL injection attacks.
某組織實施了一種編碼技術來消除SQL注入攻擊。
In this technique, if a user submits a
request using single-quote and some values, the encoding technique will convert
it into numeric digits and letters ranging from “a” to “T”.
在這種技術中,如果用戶使用單引號和一些值提交請求,則編碼技術會將其轉換為從“a”到“T”的數字和字母。
This prevents the user request from
performing a SQL injection attempt on the web application.
這防止了用戶請求在Web應用程序上執行SQL注入嘗試。
Identify the encoding technique used by the
organization.
識別該組織使用的編碼技術。
A. Hex encoding 十六進制編碼
B. Base64 encoding Base64編碼
C. URL encoding URL編碼
D. Unicode encoding Unicode編碼
=088==
Elizabeth, an incident responder for OBC
organization as an incident responder, is assessing the risks facing the organizational
security.
作為事件應對者的Elizabeth,是OBC組織的一名事件應對者,她正在評估組織安全面臨的風險。
During her risk assessment process, she
calculates the probability of a threat source exploiting an existing system
vulnerability.
在風險評估過程中,她計算了威脅來源利用現有系統漏洞的概率。
In which of the following risk assessment
steps is Elizabeth is currently in?
Elizabeth目前處於以下哪個風險評估步驟中?
A. Threat identification 威脅識別
B. Vulnerability identification 漏洞識別
C. Impact analysis 影響分析
D. Risk quantification 風險量化
=089==
Which of the following is not a
countermeasure to eradicate inappropriate usage incidents?
以下哪項不是消除不當使用事件的對策?
A. Installing firewall and IDS/IPS to block
services that violate the organization’s policy 安裝防火牆和IDS/IPS以阻止違反組織政策的服務
B. Always storing the sensitive data in far
located servers and restricting its access 始終將敏感數據存儲在遠程服務器中並限制其訪問
C. Registering user activity logs and keep
monitoring them regularly 註冊用戶活動日誌並定期監控
D. Avoiding VPN and other secure network
channels 避免VPN和其他安全網絡通道
=090==
Mr. Smith is a lead incident responder of a
small financial enterprise, which has a few branches in Australia.
Smith先生是一家小型金融企業的首席事件應對者,該企業在澳大利亞有幾個分支機構。
Recently, the company suffered a massive
attack losing $5MM through an inter-banking system.
最近,公司遭受了一次大規模攻擊,通過銀行間系統損失了500萬美元。
By the end of an investigation, it was
found that the incident occurred because 6 months ago the attackers performed a
phishing attack, followed by another vulnerability being exploited and obtained
the credentials of an employee.
調查結束時,發現事件發生是因為6個月前攻擊者進行了釣魚攻擊,隨後利用了另一個漏洞,獲得了員工的憑證。
They then tried to lift the users'
fingerprinting and performed a lateral movement to the computer of a user with
privileged access to the inter-banking system.
然後,他們試圖提升用戶的指紋,並橫向移動到擁有銀行間系統特權訪問權限的用戶的計算機上。
The attackers finally gained access and
performed the fraud.
攻擊者最終獲得了訪問權限並進行了欺詐。
In the above scenario, identify the most
accurate kind of attack.
在上述情況中,識別最準確的攻擊類型。
A. Phishing 網絡釣魚
B. Ransomware attack 勒索軟體攻擊
C. Denial-of-service attack 拒絕服務攻擊
D. APT attack 高級持續性威脅攻擊
DACDB CADDD
留言
張貼留言