跳到主要內容

ECIH_A_111-120

 =111==

Eric is an incident responder working on developing incident-handling plans and procedures.

Eric是一名事件應對者,負責制定事件處理計劃和程序。

As part of this process, he is analyzing the organizational network to generate a report and develop policies based on the acquired results.

作為這一過程的一部分,他正在分析組織網絡以生成報告並根據獲取的結果制定政策。

Which of the following tools will help him in analyzing his network and the related traffic?

以下哪種工具能幫助他分析其網絡和相關流量?

A. FaceNiff FaceNiff

B. Whois Whois

C. Burp Suite Burp Suite

D. Wireshark Wireshark

 

=112==

Matt is an incident handler working for one of the largest social network companies, which was affected by malware.

Matt是一名事件處理人員,為一家最大的社交網絡公司工作,該公司受到了惡意軟件的影響。

According to the company’s reporting timeframe guidelines, a malware incident should be detected within 1 hour of discovery/detection after its spread across the company.

根據公司的報告時間框架指導方針,應在惡意軟件事件在公司內部傳播後1小時內發現/檢測到該事件。

Which category does this incident belong to?

這個事件屬於哪一類?

A. CAT 1 CAT 1

B. CAT 2 CAT 2

C. CAT 3 CAT 3

D. CAT 4 CAT 4

 

=113==

Which of the following does NOT reduce the success rate of SQL injection?

以下哪項不會降低SQL注入的成功率?

A. Filter input to exclude special characters. 過濾輸入以排除特殊字符。

B. Automatically lock a user account after a predefined number of invalid login attempts within a predefined interval. 在預定時間間隔內無效登錄嘗試達到預定次數後自動鎖定用戶帳戶。

C. Close unnecessary application services and ports on the server. 關閉服務器上不必要的應用服務和端口。

D. Limit the length of the input field. 限制輸入字段的長度。

 

=114==

Patrick is performing a cyber forensic investigation.

Patrick正在進行網絡取證調查。

He is in the process of collecting physical evidence at the crime scene.

他正在犯罪現場收集物理證據。

Which of the following elements must be considered while collecting physical evidence?

在收集物理證據時必須考慮以下哪項元素?

A. Open ports, services, and operating system (OS) vulnerabilities 打開端口、服務和操作系統(OS)漏洞

B. Removable media, cables, and publications 可移動媒體、電纜和出版物

C. Published name servers and web-application source code 公開的名稱服務器和網絡應用程序源代碼

D. DNS information including domains and subdomains 包括域名和子域名的DNS信息

 

=115==

SWA Cloud Services added PKI as one of their cloud security controls.

SWA雲服務將PKI作為其雲安全控制之一。

What does PKI stand for?

PKI代表什麼?

A. Public key information 公鑰信息

B. Private key infrastructure 私鑰基礎設施

C. Private key information 私鑰信息

D. Public key infrastructure 公鑰基礎設施

 

=116==

Which of the following is the ECIH phase that involves removing or eliminating the root cause of an incident and closing all attack vectors to prevent similar incidents in the future?

以下哪一項是ECIH階段,涉及消除或根除事件的根本原因並關閉所有攻擊向量以防止未來類似事件?

A. Recovery 恢復

B. Eradication 根除

C. Containment 控制

D. Vulnerability management phase 漏洞管理階段

 

=117==

A malicious, security-breaking program is disguised as a useful program.

一個惡意的、破壞安全的程序被偽裝成一個有用的程序。

Such executable programs, which are installed when a file is opened, allow others to control a user's system.

這種可執行程序在打開文件時安裝,允許他人控制用戶的系統。

What is this type of program called?

這種類型的程序稱為什麼?

A. Trojan 木馬

B. Virus 病毒

C. Spyware 間諜軟件

D. Worm 蠕蟲

 

=118==

In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?

在事件處理和響應(IH&R)過程的以下哪個階段中,已識別的安全事件會被分析、驗證、分類和優先排序?

A. Notification 通知

B. Containment 控制

C. Incident recording and assignment 事件記錄和分配

D. Incident triage 事件分診

 

=119==

Khai was tasked with examining the logs from a Linux email server.

Khai的任務是檢查來自Linux電子郵件服務器的日誌。

The server uses Sendmail to execute the command to send emails and Syslog to maintain logs.

該服務器使用Sendmail執行發送電子郵件的命令,並使用Syslog維護日誌。

To validate the data within email headers, which of the following directories should Khai check for information such as source and destination IP addresses, dates, and timestamps?

為了驗證電子郵件標頭中的數據,Khai應檢查以下哪個目錄以獲取源和目標IP地址、日期和時間戳等信息?

A. /var/log/maillog /var/log/maillog

B. /var/log/mailog /var/log/mailog

C. /var/log/sendmail/maillog /var/log/sendmail/maillog

D. /var/log/sendmail /var/log/sendmail

 

=120==

According to NITS, what are the 5 main actors in cloud computing?

根據NITS,雲計算的5個主要參與者是什麼?

A. None of these 以上皆非

B. Buyer, consumer, carrier, auditor, and broker 買家、消費者、運營商、審計員和經紀人

C. Consumer, provider, carrier, auditor, and broker 消費者、提供者、運營商、審計員和經紀人

D. Provider, carrier, auditor, broker, and seller 提供者、運營商、審計員、經紀人和賣家

DCCBD BADAC

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容