跳到主要內容

ECIH_A_121-130

 =121==

What is the most recent NIST standard for incident response?

最近期的NIST事件響應標準是什麼?

 

A. 800-61r2 800-61r2

B. 800-53r3 800-53r3

C. 800-171r2 800-171r2

D. 800-61r3 800-61r3

 

=122==

Which of the following DOES NOT expose a cloud application to hacking?

以下哪項不會使雲應用程序暴露於黑客攻擊?

 

A. Inappropriate technical issue 不適當的技術問題

B. Contract with a cloud service vendor 與雲服務供應商簽約

C. Lack of experience in manipulating cloud systems 缺乏操作雲系統的經驗

D. Configuration error 配置錯誤

 

=123==

Frederick is in the eradication process in one of the incidents he is handling. Which of the following is NOT an eradication process?

Frederick正在處理的一個事件中處於根除過程。以下哪項不是根除過程?

 

A. Analyze the security model of the cloud provider interface. 分析雲提供者接口的安全模型。

B. CCs must train a few of their employees to use the cloud securely. CCs必須培訓一些員工安全使用雲。

C. Conduct vulnerability scanning and configuration audit. 進行漏洞掃描和配置審計。

D. Monitor the clients traffic for any malicious activities. 監控客戶的流量是否有惡意活動。

 

=124==

Ikeo Corp. hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise.

Ikeo公司聘請了一個事件響應團隊來評估企業安全。作為事件處理和響應過程的一部分,IR團隊正在審查企業實施的當前安全政策。

 

The IR team finds that employees of the organization do not have any restrictions on internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location.

IR團隊發現組織的員工對互聯網訪問沒有任何限制:他們可以訪問任何網站,下載任何應用程序,並從遠程位置訪問計算機或網絡。

 

Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?

考慮到這是主要的安全威脅,IR團隊計劃修改此政策,因為它很容易被攻擊者利用。IR團隊計劃修改以下哪項安全政策?

 

A. Promiscuous policy 放任政策

B. Paranoid policy 偏執政策

C. Permissive policy 寬容政策

D. Prudent policy 審慎政策

 

=125==

Which of the following is defined as the identification of the boundaries of an IT system along with the resources and information that constitute the system?

以下哪項被定義為識別IT系統的邊界以及構成系統的資源和信息?

 

A. System characterization 系統特徵描述

B. Vulnerability identification 漏洞識別

C. Threat identification 威脅識別

D. Control analysis 控制分析

 

=126==

Elizabeth, who works for OBC organization as an incident responder, is assessing the risks to the organizational security.

ElizabethOBC組織擔任事件響應者,她正在評估對組織安全的風險。

 

As part of the assessment process, she is calculating the probability of a threat source exploiting an existing system vulnerability.

作為評估過程的一部分,她正在計算威脅源利用現有系統漏洞的概率。

 

Which of the following risk assessment steps is Elizabeth currently in?

Elizabeth目前處於以下哪個風險評估步驟?

 

A. Likelihood analysis 可能性分析

B. System characterization 系統特徵描述

C. Vulnerability identification 漏洞識別

D. Impact analysis 影響分析

 

=127==

Rica works as an incident handler for an international company. As part of her role, she must review the present security policy implemented.

Rica是一家國際公司的事件處理人員。作為她角色的一部分,她必須審查目前實施的安全政策。

 

Upon inspection, Rica finds that the policy is wide open, and only known dangerous services/attacks or behaviors are blocked.

經檢查,Rica發現該政策是完全開放的,僅阻止已知的危險服務/攻擊或行為。

 

Which of the following is the current policy that Rica identified?

Rica識別到的當前政策是哪一項?

 

A. Promiscuous policy 放任政策

B. Paranoid policy 偏執政策

C. Permissive policy 寬容政策

D. Prudent policy 審慎政策

 

=128==

Tom received a phishing email and accidentally opened its attachment.

Tom收到了釣魚郵件並意外打開了其附件。

 

This resulted in the redirection of all traffic to a fraudulent website.

這導致所有流量被重定向到欺詐網站。

 

What type of phishing attack occurred in this scenario?

在這種情況下發生了哪種類型的釣魚攻擊?

 

A. Whaling 捕鯨

B. Spimming 網絡垃圾信息

C. Spear phishing 魚叉式網絡釣魚

D. Pharming 網絡詐騙

 

=129==

After malware is removed from a system and a clean scan is returned, which of the following steps should be taken for the affected device?

在惡意軟件從系統中移除並返回乾淨掃描後,應對受影響的設備採取以下哪項措施?

 

A. It should be placed in a monitoring environment for review to ensure that malware is removed before being placed in production.

應將其置於監控環境中進行審查,以確保在投產前已移除惡意軟件。

 

B. It should be connected to the domain controller via Ethernet to pull updated information.

應通過以太網將其連接到域控制器以提取更新信息。

 

C. It should be re-imaged

應重新映像

 

D. It should be sealed in a box and placed in storage for 90 days.

應密封在盒子裡並存放90天。

 

=130==

Which of the following is NOT an image integrity tool?

以下哪項不是圖像完整性工具?

 

A. HashCalc HashCalc

B. Netstat Netstat

C. MD5 Calculator MD5計算器

D. HashMyFiles HashMyFiles

ABBAA CCCAB

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容