跳到主要內容

ECIH_A_131-140

 =131==

Jason is setting up a computer forensics lab and must perform the following steps:

Jason 正在設立一個電腦鑑識實驗室,並且必須執行以下步驟:

1.physical location and structural design considerations;物理位置和結構設計考量;

2.planning and budgeting;規劃和預算;

3.work area considerations;工作區域考量;

4.physical security recommendations;物理安全建議;

5.forensic lab licensing;鑑識實驗室許可證;

6.human resource considerations.人力資源考量。

Arrange these steps in the order of execution.

請按執行順序排列這些步驟。

A. 2 -> 1 -> 3 -> 6 -> 4 -> 5

B. 5 -> 2 -> 1 -> 3 -> 4 -> 6

C. 2 -> 3 -> 1 -> 4 -> 6 -> 5

D. 2 -> 3 -> 1 -> 4 -> 6 -> 5

 

=132==

Network Ned is the security administrator for a company.

Network Ned 是一家公司的安全管理員。

He is going to place the company's new web server into production.

他打算將公司的新網頁伺服器投入生產。

Into which of the following zones should he place the server to best protect the company's network?

他應該將伺服器放置在哪個區域以最佳保護公司的網路?

A. Honeypot 蜜罐

B. Intranet 內聯網

C. DMZ 非軍事區

D. Sandbox 沙盒

 

=133==

Raven is a part of an I&H&R team and was informed by her manager to handle and lead the removal of the root cause for an incident and to do all attack vectors for potential similar incidents in the future.

Raven I&H&R 團隊的一員,她的經理通知她處理並主導移除事件的根本原因,並處理所有潛在的攻擊向量以應對未來可能發生的類似事件。

Raven notifies the information security officers and developers of affected resources.

Raven 通知受影響資源的信息安全官和開發人員。

Which of the following steps of the incident response process does Raven need to implement to remove the root cause of the incident?

Raven 需要實施以下哪個事件響應過程步驟來消除事件的根本原因?

A. Containment 控制

B. Eradication 根除

C. Incident triage 事件分類

D. Evidence gathering and forensic analysis 蒐證和鑑識分析

 

=134==

Ross is an incident manager (IM) at an organization, and his team provides support to all users in the organization who are affected by threats or attacks.

Ross 是一家組織的事件經理 (IM),他的團隊為組織中受威脅或攻擊影響的所有用戶提供支持。

David, who is the organization's internal auditor, is also part of Ross's incident response team.

David 是組織的內部審計員,也是 Ross 事件響應團隊的一員。

Which of the following is David's responsibility?

以下哪項是 David 的責任?

A. Coordinate incident containment activities with the information security officer (ISO). 與信息安全官 (ISO) 協調事件控制活動

B. Identify and report security loopholes to the management for necessary action. 識別並向管理層報告安全漏洞以採取必要行動

C. Configure information security controls. 配置信息安全控制

D. Perform the necessary action to block the network traffic from the suspected intruder. 執行必要操作以阻止來自可疑入侵者的網絡流量

 

=135==

Which of the following is an attack that occurs when a malicious program causes a user's browser to perform an unwanted action on a trusted site for which the user is currently authenticated?

以下哪項是當惡意程序導致用戶的瀏覽器在受信任網站上執行未經授權的操作時發生的攻擊?

A. Insecure direct object references 不安全的直接對象引用

B. SQL injection SQL 注入

C. Cross-site request forgery 跨站點請求偽造

D. Cross-site scripting 跨站點腳本攻擊

 

=136==

Which of the following is an inappropriate usage incident?

以下哪項是濫用事件?

A. Access-control attack 訪問控制攻擊

B. Denial-of-service attack 拒絕服務攻擊

C. Insider threat 內部威脅

D. Reconnaissance attack 偵察攻擊

 

=137==

Francis received a spoof email asking for his bank information.

Francis 收到一封請求他銀行信息的欺詐電子郵件。

He decided to use a tool to analyze the email headers.

他決定使用一個工具來分析電子郵件標頭。

Which of the following should he use?

他應該使用以下哪個工具?

A. EventLog Analyzer 事件日誌分析器

B. PoliteMail PoliteMail

C. MxToolbox MxToolbox

D. Email Checker 電子郵件檢查器

 

=138==

Which of the following techniques against insider threats identifies events that are related to suspicious activity?

以下哪種技術可以識別與可疑活動相關的事件以對抗內部威脅?

A. Pattern discovery 模式發現

B. Anomaly detection 異常檢測

C. Correlation 相關性

D. Normalization 正規化

 

=139==

Alexa downloaded a movie file.

Alexa 下載了一個電影文件。

However, upon execution, it unleashed a dangerous program that sent Alexa's credit-card information to an attacker.

然而,在執行時,它釋放了一個將 Alexa 的信用卡信息發送給攻擊者的危險程序。

What is this malicious program masked as a movie file?

這個偽裝成電影文件的惡意程序是什麼?

A. Backdoor 後門程序

B. Trojan horse 特洛伊木馬

C. Ransomware 勒索軟體

D. Rootkit Rootkit

 

=140==

Which of the following risk management processes identifies the risks, estimates the impact, and determines sources to recommend proper mitigation measures?

以下哪個風險管理過程識別風險,估算影響並確定資源以建議適當的緩解措施?

A. Risk mitigation 風險緩解

B. Risk assumption 風險承擔

C. Risk avoidance 風險迴避

D. Risk assessment 風險評估

ABBBCCCBBD

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容