跳到主要內容

ECIH_A_141-150

 =141==

You are a systems administrator for a company. You are accessing your file server remotely for maintenance.

你是一家公司的系統管理員。你正在遠程訪問你的文件伺服器進行維護。

Suddenly, you are unable to access the server.

突然間,你無法訪問伺服器。

After contacting others in your department, you find out that they cannot access the file server either.

與部門其他人聯繫後,你發現他們也無法訪問文件伺服器。

You can ping the file server but not connect to it via RDP.

你可以 ping 文件伺服器,但無法通過 RDP 連接它。

You check the Active Directory Server, and all is well.

你檢查了 Active Directory 伺服器,一切正常。

You check the email server and find that emails are sent and received normally.

你檢查了電子郵件伺服器,發現電子郵件正常發送和接收。

What is the most likely issue?

最可能的問題是什麼?

A. An admin account issue 管理員帳戶問題

B. An email service issue 電子郵件服務問題

C. A denial-of-service issue 拒絕服務問題

D. The file server has shut down 文件伺服器已關閉

 

=142==

QuadTech Solutions is a leading security services enterprise.

QuadTech Solutions 是一家領先的安全服務企業。

Dickson, who works as an incident responder for this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network.

在這家公司擔任事件響應者的 Dickson 正在進行漏洞評估,以通過使用自動化工具識別企業網絡中的主機、服務和漏洞來識別網絡中的安全問題。

In the above scenario, which of the following types of vulnerability assessment is Dickson performing?

在上述場景中,Dickson 正在進行哪種類型的漏洞評估?

A. External assessment 外部評估

B. Passive assessment 被動評估

C. Active assessment 主動評估

D. Internal assessment 內部評估

 

=143==

Your organization has a large amount of customer PII, and you want to protect those data from theft or unauthorized availability.

你的組織擁有大量的客戶PII,你想保護這些數據不被盜竊或未經授權的使用。

Among other actions, you classify and encrypt the data.

在其他操作中,你對數據進行分類和加密。

In this process, which of the following OWASP security risks are you guarding against?

在這個過程中,你防範的是以下哪種OWASP安全風險?

A. Insecure deserialization 不安全的反序列化

B. Sensitive data exposure 敏感數據暴露

C. Security misconfiguration 安全配置錯誤

D. Broken authentication 身份驗證失敗

 

=144==

Allan performed a reconnaissance attack on his corporate network as part of a red-team activity.

Allan 在他的公司網絡上進行了一次偵察攻擊,作為紅隊活動的一部分。

He scanned the IP range to find live host IP addresses.

他掃描了IP範圍以查找活動的主機IP地址。

What type of technique did he use to exploit the network?

他使用了哪種技術來利用網絡?

A. Ping sweeping Ping 掃描

B. Port scanning 端口掃描

C. Social engineering 社會工程學

D. DNS footprinting DNS足跡

 

=145==

What is the name of the type of malicious software or malware designed to deny access to a computer system or data until money is paid?

這種惡意軟件或惡意程序的名稱是什麼,這種軟件或程序旨在拒絕訪問計算機系統或數據,直到支付金錢?

A. Adware 廣告軟件

B. Spyware 間諜軟件

C. Virus 病毒

D. Ransomware 勒索軟件

 

=146==

Investigator Ian gives you a drive image to investigate.

調查員 Ian 給你一個驅動器映像進行調查。

What type of analysis are you performing?

你正在進行哪種類型的分析?

A. Dynamic 動態

B. Static 靜態

C. Live 實時

D. Real-time 即時

 

=147==

You are talking to a colleague who is deciding what information they should include in their organization's logs to help with security auditing.

你正在與一位同事交談,他正在決定應在組織的日誌中包含哪些信息以幫助安全審計。

Which of the following items should you tell them to NOT log?

你應告訴他們不要記錄以下哪項?

A. userid 用戶ID

B. Session ID 會話ID

C. Source IP address IP地址

D. Timestamp 時間戳

 

=148==

Which of the following is a common tool used to help detect malicious internal or compromised actors?

以下哪項是用於幫助檢測惡意內部或受損行為者的常用工具?

A. SOC2 compliance report SOC2 合規報告

B. Log forwarding 日誌轉發

C. User behavior analytics 用戶行為分析

D. Syslog configuration Syslog 配置

 

=149==

Deleting malicious code and disabling breached user accounts are examples of which of the following?

刪除惡意代碼和禁用被破壞的用戶帳戶是以下哪項的例子?

A. Troubleshooting 故障排除

B. Ethical hacking 道德駭客

C. Eradication 根除

D. Customer support 客戶支持

 

=150==

Michael is a part of the computer incident response team of a company.

Michael 是公司計算機事件響應團隊的一員。

One of his responsibilities is to handle email incidents.

他的其中一項責任是處理電子郵件事件。

The company receives an email from an unknown source, and one of the steps that he needs to take is to check the validity of the email.

公司收到來自未知來源的電子郵件,他需要採取的步驟之一是檢查電子郵件的有效性。

Which of the following tools should he use?

他應使用以下哪種工具?

A. Email Dossier 電子郵件卷宗

B. Yesware Yesware

C. G Suite Toolbox G Suite 工具箱

D. Zendio Zendio

CCBAD BBCCA

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容