=091==
An incident handler is analyzing email
headers to uncover suspicious emails.
事件處理者正在分析電子郵件標頭以揭示可疑的電子郵件。
Which of the following tools would he/she
use in order to accomplish this task?
他/她會使用以下哪種工具來完成這項任務?
A. MxToolbox MxToolbox
B. Gophish Gophish
C. Barracuda Email Security Gateway 鱷魚電子郵件安全閘道
D. SPAMfighter SPAMfighter
=092==
James is working as an incident responder
at CyberSol Inc.
James在CyberSol公司擔任事件應對者。
The management instructed James to
investigate a cybersecurity incident that recently happened in the company.
管理層指示James調查最近發生在公司的網絡安全事件。
As a part of the investigation process,
James started collecting volatile information from a system running on Windows
operating system.
作為調查過程的一部分,James開始從運行Windows操作系統的系統中收集易失性信息。
Which of the following commands helps James
in determining all the executable files for running processes?
以下哪個命令可以幫助James確定運行過程中的所有可執行文件?
A. doskey/history doskey/history
B. date & time /t date & time /t
C. dir dir
D. netstat -ab netstat -ab
=093==
Mike is an incident handler for PNP
Infosystems Inc.
Mike是PNP資訊系統公司的事件處理者。
One day, there was a ticket submitted
regarding a potential incident and Mike was assigned to handle the incident.
一天,有人提交了一張關於潛在事件的票據,Mike被指派處理該事件。
During the process of incident handling, he
started incident analysis and validation to check whether the incident is a
genuine incident.
在事件處理過程中,他開始了事件分析和驗證,以檢查事件是否是真實事件。
In which of the following incident stages
is he currently in?
他目前處於以下哪個事件階段?
A. Post-incident activities 事後活動
B. Incident disclosure 事件披露
C. Incident triage 事件分類
D. Incident recording and assignment 事件記錄和分配
=094==
An attacker after performing an attack
decided to wipe evidence using artifact wiping techniques to evade forensic
investigation.
攻擊者在進行攻擊後決定使用工件擦除技術來清除證據以逃避法證調查。
He applied a magnetic field to the digital
media device, resulting in a device entirely cleaned of any previously stored
data.
他對數字媒體設備施加了磁場,導致設備中的所有先前存儲的數據被完全清除。
Identify the artifact wiping technique used
by the attacker.
識別攻擊者使用的工件擦除技術。
A. Syscall proxying 系統調用代理
B. Disk cleaning utilities 磁盤清理工具
C. Disk degaussing/destruction 磁盤退磁/銷毀
D. File wiping utilities 文件擦除工具
=095==
Which of the following details are included
in the evidence bags?
證據袋中包含以下哪些詳細信息?
A. Date and time of seizure, exhibit
number, and name of incident responder 扣押的日期和時間、展示號碼和事件應對者的名字
B. Sensitive directories, personal, and
organizational email address 敏感目錄、個人和組織的電子郵件地址
C. Software version information and web
application source code 軟件版本信息和Web應用程序源代碼
D. Error messages that contain sensitive
information and files containing passwords 包含敏感信息的錯誤消息和包含密碼的文件
=096==
Shally, an incident handler, is working for
a company named Texas Pvt. Ltd. based in Florida.
Shally是一名事件處理者,她在一家名為Texas Pvt. Ltd.的公司工作,該公司位於佛羅里達州。
She was asked to work on an incident
response plan.
她被要求制定一個事件應對計劃。
As part of the plan, she decided to enhance
and improve the security infrastructure of the enterprise.
作為計劃的一部分,她決定加強和改善企業的安全基礎設施。
She has incorporated a security strategy
that allows security professionals to use several protection layers throughout
their information system.
她採用了允許安全專業人員在整個信息系統中使用多層保護的安全策略。
Due to multiple layer protection, this
security strategy assists in preventing directed attacks against the
organization’s information system as a break in one layer only leads the
attacker to the next layer.
由於多層保護,這種安全策略有助於防止針對組織信息系統的定向攻擊,因為突破一層只會將攻擊者引向下一層。
Identify the security strategy Shally has
incorporated in the incident response plan.
識別Shally在事件應對計劃中採用的安全策略。
A. Defense-in-depth 縱深防禦
B. Exponential backoff algorithm 指數退避算法
C. Covert channels 隱蔽通道
D. Three-way handshake 三次握手
=097==
Dan is a newly appointed information
security professional in a renowned organization.
Dan是著名組織中新任命的信息安全專業人員。
He is supposed to follow multiple security
strategies to eradicate malware incidents.
他應該遵循多種安全策略來消除惡意軟件事件。
Which of the following is not considered as
a good practice for maintaining information security and preventing malware
incidents?
以下哪項不被認為是維持信息安全和防止惡意軟件事件的良好做法?
A. Do not click on web browser pop-up
windows 不點擊網頁瀏覽器彈出窗口
B. Do not download or execute applications
from trusted sources 不從受信任來源下載或執行應用程序
C. Do not open files with file extensions
such as .bat, .com, .exe, .pif, .vbs, and so on 不打開擴展名為.bat、.com、.exe、.pif、.vbs等文件
D. Do not download or execute applications
from third-party sources 不從第三方來源下載或執行應用程序
=098==
After a recent email attack, Harry is analyzing
the incident to obtain important information.
在最近的電子郵件攻擊後,Harry正在分析事件以獲取重要信息。
While analyzing the headers, he is trying
to collect the details about the sender’s identity, mail server, sender’s IP
address, location, etc.
在分析標頭時,他試圖收集有關發件人身份、郵件服務器、發件人IP地址、位置等的詳細信息。
Which of the following tools should Harry
use to perform this task?
Harry應該使用以下哪種工具來執行這項任務?
A. shARP shARP
B. Yesware Yesware
C. Clamwin Clamwin
D. Logly Logly
=099==
Which of the following port scanning
techniques involves resetting the TCP connection between client and server
abruptly before completion of the three-way handshake signals, making the
connection half-open?
以下哪種端口掃描技術涉及在完成三次握手信號之前突然重置客戶端和服務器之間的TCP連接,使連接處於半開狀態?
A. Full connect scan 全連接掃描
B. Stealth scan 隱身掃描
C. Null scan 空掃描
D. Xmas scan Xmas掃描
=100==
Which of the following confidentiality
attacks do attackers try to lure users by posing themselves as authorized AP by
beaconing the WLAN’s SSID?
攻擊者通過發送WLAN的SSID並偽裝成授權AP來引誘用戶的以下哪種機密性攻擊?
A. Evil twin AP 邪惡雙胞胎AP
B. Masquerading 偽裝
C. Honeypot AP 蜜罐AP
D. Session hijacking 會話劫持
ADCCA ABBDA
留言
張貼留言