ECIH_A_161-170

 =161==

Which of the following is host-based evidence?

下列哪項是基於主機的證據？

 

A. IDS logs 入侵檢測系統日誌

B. Wiretaps 竊聽

C. Router logs 路由器日誌

D. The date and time of the PC 電腦的日期和時間

 

=162==

Malicious Micky has moved from the delivery stage to the exploitation stage of the kill chain.

惡意的米奇已從傳送階段轉移到攻擊鏈的利用階段。

This malware wants to find and report to the command center any useful services on the system.

該惡意軟體想要查找並報告給指揮中心系統上的任何有用服務。

Which of the following recon attacks is the MOST LIKELY to provide this information?

以下哪種偵察攻擊最有可能提供此信息？

 

A. IP range sweep IP範圍掃描

B. Session hijack 會話劫持

C. Port scan 埠掃描

D. Packet sniffing 封包嗅探

 

=163==

Miko was hired as an incident handler in XYZ company.

Miko被聘為XYZ公司的事件處理員。

His first task was to identify the PING sweep attempts inside the network.

他的首要任務是識別網絡內的PING掃描嘗試。

For this purpose, he used Wireshark to analyze the traffic.

為此，他使用Wireshark分析流量。

What filter did he use to identify ICMP ping sweep attempts?

他使用了什麼過濾器來識別ICMP ping掃描嘗試？

 

A. icmp.type == icmp

B. udp.type == 7

C. icmp.type == 8 or icmp.type == 0

D. tcp.type == icmp

 

=164==

Malicious downloads that result from malicious office documents being manipulated are caused by which of the following?

由被篡改的惡意辦公文件導致的惡意下載是由以下哪種情況引起的？

 

A. Impersonation 偽裝

B. Clickjacking 點擊劫持

C. Macro abuse 巨集濫用

D. Registry key manipulation 註冊表鍵篡改

 

=165==

Which of the following might be an insider threat?

以下哪項可能是內部威脅？

 

A. All of these 以上皆是

B. Disgruntled system administrators 不滿的系統管理員

C. Business partners 商業夥伴

D. Current employee 現任員工

 

=166==

Richard is analyzing a corporate network.

Richard正在分析一個企業網絡。

After an alert in the network's IPS, he identified that all the servers are sending huge amounts of traffic to the website abc.xyz.

在網絡IPS中的一個警報後，他發現所有伺服器都在向網站abc.xyz發送大量流量。

What type of information security attack vectors have affected the network?

哪種類型的信息安全攻擊向量影響了該網絡？

 

A. Botnet 殭屍網絡

B. Advanced persistent threats 高級持續性威脅

C. IOT threats 物聯網威脅

D. Ransomware 勒索軟體

 

=167==

Chandler is a professional hacker who is targeting an organization called Technote.

Chandler是一名專業駭客，目標是一家名為Technote的組織。

He wants to obtain important organizational information that is being transmitted between different hierarchies.

他想獲取在不同層級之間傳輸的重要組織信息。

In the process, he sniffs the data packets transmitted through the network and then analyzes them to gather packet details such as network, ports, protocols, devices, issues in network transmission, and other network specifications.

在此過程中，他嗅探通過網絡傳輸的數據包，然後分析它們以收集數據包的詳細信息，如網絡、埠、協議、設備、網絡傳輸中的問題以及其他網絡規範。

Which of the following tools can Chandler employ to perform packet analysis?

Chandler可以使用以下哪種工具進行封包分析？

 

A. IDAPro

B. Beef

C. Omnippeek

D. shAR

 

=168==

Which of the following is not called volatile data?

以下哪一項不稱為易揮發數據？

 

A. Open sockets or open ports 開放的插槽或埠

B. Creation dates of files 文件的創建日期

C. State of the network interface 網絡介面的狀態

D. The date and time of the system 系統的日期和時間

 

=169==

If the browser does not expire the session when the user fails to logout properly, which of the following OWASP Top 10 web vulnerabilities is caused?

如果用戶未能正確登出，瀏覽器未終止會話，會導致以下哪項OWASP前10大網絡漏洞？

 

A. A5: Broken access control 訪問控制失效

B. A2: Broken authentication 認證失敗

C. A7: Cross-site scripting 跨站腳本攻擊

D. A3: Sensitive data exposure 敏感數據暴露

 

=170==

Ren is assigned to handle a security incident of an organization.

Ren被指派處理一家組織的安全事件。

He is tasked with forensics investigation to find the evidence needed by the management.

他的任務是進行取證調查，以找到管理層所需的證據。

Which of the following steps falls under the investigation phase of the computer forensics investigation process?

以下哪個步驟屬於電腦取證調查過程中的調查階段？

 

A. Setup a computer forensics lab 建立電腦取證實驗室

B. Secure the evidence 保全證據

C. Risk assessment 風險評估

D. Evidence assessment 證據評估

DCCCA DABDC