跳到主要內容

ECIH_A_171-180

 =171==

Mr. Smith is a lead incident responder of a small financial enterprise, which has a few branches in Australia.

Smith先生是一家在澳洲有幾個分支的小型金融企業的主要事件響應者。

Recently, the company suffered a massive attack, losing $5M through an inter-banking system.

最近,公司遭受了大規模攻擊,通過銀行間系統損失了500萬美元。

After an in-depth investigation, it was found that the incident occurred because the attackers penetrated the network through a minor vulnerability 6 months ago and maintained access without being detected by any user.

經過深入調查發現,事件的發生是因為攻擊者在6個月前通過一個小漏洞滲透進網絡並保持訪問而未被任何用戶發現。

They then tried to delete user fingerprints and performed several activities to monitor the computer of a person with privileges in the inter-banking system.

他們隨後嘗試刪除用戶指紋並執行了多項活動來監視銀行間系統中有特權的人的電腦。

The attackers finally gained access and performed fraudulent transactions.

攻擊者最終獲得訪問並進行了欺詐交易。

In the above scenario, which of the following most accurately describes the type of attack?

在上述情況中,下列哪種攻擊類型最能準確描述這種攻擊?

 

A. Phishing 網路釣魚

B. Denial-of-service attack 拒絕服務攻擊

C. APT attack 高級持續性威脅攻擊

D. Ransomware attack 勒索軟體攻擊

 

=172==

Which of the following forensic investigation phases should occur first?

下列哪個取證調查階段應該首先發生?

 

A. Perform the first responder procedure. 執行初次響應程序。

B. Collect preliminary evidence. 收集初步證據。

C. Create two-bit stream copies of the evidence. 創建證據的兩個位元流副本。

D. Transport the evidence to the forensic laboratory. 將證據運送到取證實驗室。

 

=173==

As an IT security officer, what is the first step you will take after discovering a successful email compromise?

作為IT安全官員,在發現成功的電子郵件泄露後,你將採取的第一步是什麼?

 

A. Test the infected system to ensure security. 測試受感染系統以確保安全。

B. Investigate similar hosts to determine whether the attacker has compromised other systems. 調查類似主機以確定攻擊者是否已入侵其他系統。

C. Isolate the compromised system or take steps to contain the attack. 隔離受感染系統或採取措施遏制攻擊。

D. Report the incident to the organization's computer incident response team. 向組織的計算機事件響應團隊報告事件。

 

=174==

Which of the following is a term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers?

以下哪個術語描述了旨在將數據、應用程序和其他資源恢復到公共雲或專用服務提供商的策略和服務的組合?

 

A. Eradication 根除

B. Mitigation 減輕

C. Cloud recovery 雲恢復

D. Analysis 分析

 

=175==

Drake is an incident handler at Dark Cloud Inc.

DrakeDark Cloud公司的事件處理員。

He is tasked with performing log analysis to detect traces of malicious activities within the network infrastructure.

他的任務是執行日誌分析,以檢測網絡基礎設施內的惡意活動痕跡。

Which of the following tools should Drake employ to view logs in real time and identify malware propagation within the network?

Drake應該使用以下哪種工具來實時查看日誌並識別網絡內的惡意軟件傳播?

 

A. Splunk

B. Hydra

C. LOIC

D. HULK

 

=176==

Which of the following types of digital evidence is temporarily stored in a digital device that requires constant power supply and is deleted if the power supply is interrupted?

以下哪種數字證據類型暫時存儲在需要不間斷電源供應的數字設備中,並且如果電源供應中斷則會被刪除?

 

A. Event logs 事件日誌

B. Slack space 剩餘空間

C. Swap file 交換文件

D. Process memory 處理器記憶體

 

=177==

In the cloud environment, an authorized security professional executes approved sanitation procedures using approved utilities to permanently remove data spilled from contaminated information systems and applications in the cloud.

在雲環境中,授權的安全專業人員使用批准的工具執行批准的清理程序,以永久刪除來自受污染的信息系統和應用程序的雲中的數據。

This is an example of which of the following?

這是哪一種情況的例子?

 

A. Cloud auditor 雲審計

B. Cloud eradication 雲清理

C. Cloud broker 雲經紀人

D. Cloud computing 雲計算

 

=178==

Which of the following is a technique used by attackers to make a message difficult to understand through the use of ambiguous language?

以下哪種技術是攻擊者用來通過使用模棱兩可的語言使消息難以理解?

 

A. Spoofing 偽裝

B. Obfuscation 模糊化

C. Encryption 加密

D. Steganography 隱寫術

 

=179==

Which of the following is a volatile evidence collecting tool?

以下哪項是易揮發證據收集工具?

 

A. HashTool

B. FTK Images

C. ProDiscover Forensics

D. Netstat

 

=180==

An insider threat response plan helps an organization minimize the damage caused by malicious insiders.

內部威脅響應計劃幫助組織最大限度地減少惡意內部人員造成的損害。

One of the approaches to mitigate these threats is setting up controls from the human resources department.

減輕這些威脅的方法之一是從人力資源部門設置控制措施。

Which of the following guidelines can the human resources department use?

人力資源部門可以使用以下哪項指南?

 

A. Monitor and secure the organization's physical environment. 監控和保護組織的物理環境。

B. Disable the default administrative account to ensure accountability. 禁用默認管理帳戶以確保問責制。

C. Access granted to users should be documented and vetted by a supervisor. 用戶授予的訪問權限應記錄並經主管審查。

D. Implement a person-to-person rule to secure the backup process and physical media. 實施人對人規則以保護備份過程和物理媒體。

CACCA DABDC

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容