跳到主要內容

ECIH_A_151-160

 =151==

Nervous Nat often sends emails with screenshots of what he thinks are serious incidents, but they always turn out to be false positives.

緊張的納特經常發送包含他認為是嚴重事件的截圖的電子郵件,但它們總是虛假警報。

Today, he sends another screenshot suggesting a nation-state attack.

今天,他又發送了一張截圖,暗示有國家級攻擊。

As usual, you go through your list of questions, check your resources for information to determine whether the screenshot shows a real attack, and determine the condition of your network.

像往常一樣,你通過一系列問題,檢查你的資源以確定截圖是否顯示真實攻擊,並確定你的網絡狀況。

Which step of IR did you just perform?

你剛剛執行了IR的哪一步驟?

 

A. Recovery 恢復

B. Detection and analysis (or identification) 檢測和分析(或識別)

C. Remediation 補救

D. Preparation 準備

 

=152==

An attack on a network is BEST blocked using which of the following?

使用下列哪種方法最能有效地阻止對網絡的攻擊?

 

A. Web proxy 網絡代理

B. Load balancer 負載均衡器

C. IPS device inline 線內入侵防護系統設備

D. HIPS 主機入侵防護系統

 

=153==

Your manager hands you several items of digital evidence and asks you to investigate them in the order of volatility.

你的經理交給你幾項數位證據,並要求你按照揮發性順序進行調查。

Which of the following is the MOST volatile?

以下哪一項最易揮發?

 

A. Cache 快取

B. Emails 電子郵件

C. Disk 磁碟

D. Temp files 臨時文件

 

=154==

Shally, an incident handler, works for a company named Texas Pvt. Ltd. based in Florida.

Shally是一名事件處理員,為位於佛羅里達的Texas Pvt. Ltd.公司工作。

She was asked to work on an incident response plan.

她被要求制定事件響應計劃。

As part of the plan, she decided to extend and improve the security infrastructure of the enterprise.

作為計劃的一部分,她決定擴展和改進企業的安全基礎設施。

She incorporated a security strategy that allows security professionals to use several strategic layers providing their information system.

她採用了允許安全專業人員使用多層策略來保護信息系統的安全策略。

Owing to multiple layer protection, even if one security layer bypasses an intruder directs attacks against the organization's information system as a break in one layer only leads the attacker to the next layer.

由於多層保護,即使一層安全防護被入侵者繞過,針對組織信息系統的攻擊也僅僅是從一層轉向下一層。

 

A. Defense-in-depth 深度防禦

B. Three-way handshake 三次握手

C. Covert channels 隱蔽通道

D. Exponential backoff algorithm 指數退避算法

 

=155==

One of your coworkers just sent you an email.

你的一位同事剛剛給你發了一封電子郵件。

She wonders if it is real, a part of your phishing campaign, a spear phishing attack, or a mistake.

她想知道這封郵件是否真實,是你釣魚活動的一部分,魚叉式釣魚攻擊,還是發錯了。

One of the things you want to know is where the email originated from.

你想知道的是這封郵件的來源。

Where would you check in the email message to find that information?

你會在郵件的哪裡查看以找到這些信息?

 

A. Email's received field 郵件接收欄

B. Inbox digest 收件匣摘要

C. The user's received report 用戶接收報告

D. Email headers 電子郵件標頭

 

=156==

Which of the following is NOT a network forensic tool?

以下哪一項不是網絡取證工具?

 

A. tcptrace

B. Inbox digest 收件匣摘要

C. Advanced NTFS Journaling Parser 高級NTFS日誌解析器

D. Wireshark

 

=157==

Employee monitoring tools are mostly used by employers to find which of the following?

雇主大多使用員工監控工具來查找以下哪項內容?

 

A. Lost registry keys 遺失的註冊表鍵

B. Malicious insider threats 惡意的內部威脅

C. Conspiracies 陰謀

D. Stolen credentials 被盜的憑證

 

=158==

Which of the following is a type of malicious code or software that appears legitimate but can take control of your computer?

以下哪種惡意代碼或軟件看似合法但可以控制你的電腦?

 

A. DDoS

B. Trojan attack 木馬攻擊

C. Phishing attack 網絡釣魚攻擊

D. Password attack 密碼攻擊

 

=159==

Alex is an incident handler in QWERTY Corp.

AlexQWERTY公司的事件處理員。

He identified that an attacker created a backdoor inside the company’s network by installing a fake AP inside a firewall.

他發現攻擊者通過在防火牆內安裝假AP在公司網絡內創建了後門。

Which of the following attack types did the attacker use?

攻擊者使用了以下哪種攻擊類型?

 

A. AP misconfiguration AP錯誤配置

B. Ad hoc associations 臨時關聯

C. Rogue access point 惡意接入點

D. Advanced persistent threat 高級持續性威脅

 

=160==

Clark, a professional hacker, successfully exploited the web application of a target organization by tampering with form and parameter values.

Clark是一名專業駭客,他通過篡改表單和參數值成功利用了目標組織的網絡應用。

Consequently, Clark gained access to the information assets of the organization.

因此,Clark獲得了該組織的信息資產訪問權限。

Which of the following is the web-application vulnerability exploited by the attacker?

以下哪項是攻擊者利用的網絡應用漏洞?

 

A. SQL injection SQL注入

B. Security misconfiguration 安全配置錯誤

C. Broken access control 訪問控制失效

D. Sensitive data exposure 敏感數據暴露

BCAAD BBBDA

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容