跳到主要內容

ECIH_A_181-190

 181==

Shiela is working at night as an incident handler.

Shiela 是在晚上值班的事件處理人員。

During a shift, servers were affected by a massive cyber-attack.

在輪班期間,伺服器受到大規模網路攻擊的影響。

After she classified and prioritized the incident, obtain necessary permissions, and perform other incident response functions.

在她分類和優先處理事件後,獲得必要的許可,並執行其他事件響應功能。

What list should she check to notify other responsible personnel?

她應該檢查哪個清單以通知其他負責人員?

A. Point of contact 聯絡人清單

B. Phone number list 電話號碼清單

C. HR log book 人力資源日誌

D. Email list 電子郵件清單

 

182==

Sam received an alert through an email monitoring tool indicating that their company was targeted by a phishing attack.

Sam 收到電子郵件監控工具的警報,顯示他們公司成為釣魚攻擊的目標。

After analyzing the incident, Sam identified that most of the targets of the attack are high-profile executives of the company.

在分析事件後,Sam 發現攻擊的大部分目標都是公司的高層主管。

What type of phishing attack is this?

這是哪種類型的釣魚攻擊?

A. Spear phishing 魚叉式網釣

B. Puddle phishing 水坑釣魚

C. Pharming 網路駭客攻擊

D. Whaling 捕鯨式釣魚

 

183==

A self-replicating virus does not alter files but resides in active memory and duplicates itself.

一種自我複製的病毒不會改變文件,但會駐留在活動記憶體中並自行複製。

It takes advantage of an information transport features in the system to travel independently.

它利用系統中的信息傳輸功能來獨立運行。

What is this type of object called?

這種類型的對象稱為什麼?

A. Adware 廣告軟體

B. Trojan 木馬

C. Worm 蠕蟲

D. Spyware 間諜軟體

 

184==

Which of the following is NOT part of the static data collection process?

以下哪一項不屬於靜態數據收集過程?

A. Evidence examination 證據檢查

B. Password protection 密碼保護

C. Evidence acquisition 證據收集

D. System preservation 系統保護

 

185==

Attackers or insiders create a backdoor into a trusted network by installing an unsecured access point inside a firewall.

攻擊者或內部人員通過在防火牆內安裝不安全的接入點來在受信任的網絡中創建後門。

They then use any software or hardware access point to perform an attack.

然後他們使用任何軟件或硬件接入點進行攻擊。

Which of the following is this type of attack?

以下哪一項是這種類型的攻擊?

A. Email infection 電子郵件感染

B. Malware attack 惡意軟件攻擊

C. Rogue access point attack 惡意接入點攻擊

D. Password-based attack 基於密碼的攻擊

 

186==

Which of the following is an attack that attempts to prevent the use of systems, networks, or applications by the intended users?

以下哪一項是試圖阻止預期用戶使用系統、網絡或應用程序的攻擊?

A. Malicious code or insider threat attack 惡意代碼或內部威脅攻擊

B. Fraud and theft 欺詐和盜竊

C. Unauthorized access 未經授權的訪問

D. Denial of service (DoS) attack 拒絕服務(DoS)攻擊

 

187==

To effectively describe security incidents, it is necessary to adopt a common set of terminology and to categorize the incidents.

為了有效描述安全事件,有必要採用一套通用術語並對事件進行分類。

According to EC1 text, in which category would you place an incident that involves illegal file download by a suspected or unknown user?

根據EC1文本,您會將涉及可疑或未知用戶非法文件下載的事件歸類在哪個類別?

A. High level 高級別

B. Low level 低級別

C. Middle level 中級別

D. Ultra High Level 超高級別

 

188==

Your company sells SaaS, and your company itself is hosted in the cloud (using it as a PaaS).

您的公司銷售SaaS,並且公司本身託管在雲中(用作PaaS)。

In case of a malware incident in your customer's database, who is responsible for eradicating the malicious software?

如果客戶數據庫發生惡意軟件事件,誰負責清除惡意軟件?

A. The customer 客戶

B. Your company 您的公司

C. The PaaS provider PaaS提供商

D. Building management 建築管理

 

189==

While analyzing a file, Ryan discovered that an attacker used an anti-forensics method, wherein the attacker embedded a hidden message inside an image file.

在分析文件時,Ryan 發現攻擊者使用了一種反取證方法,其中攻擊者將隱藏消息嵌入到圖像文件中。

What type of method is this?

這是哪種類型的方法?

A. Program packers 程序打包工具

B. Golden ticket 金票

C. Steganography 隱寫術

D. Password protection 密碼保護

 

190==

Alexis works as an incident responder at XYZ organization.

Alexis XYZ組織的事件響應人員。

She was asked to identify and attribute the attacks that occurred recently.

她被要求識別和歸因於最近發生的攻擊。

For this purpose, she is performing a type of threat attribution that deals with the identification of a specific person, society, or country sponsoring a well-planned and executed intrusion or attack on its target.

為此,她正在進行一種威脅歸因,該歸因涉及識別特定人員、社會或國家贊助的對目標進行精心策劃和執行的入侵或攻擊。

Which of the following types of threat attributions is Alexis performing?

Alexis 正在進行以下哪種類型的威脅歸因?

A. Nation-state attribution 國家級別歸因

B. True attribution 真實歸因

C. Intrusion-set attribution 入侵集歸因

D. Campaign attribution 活動歸因=

ADCBC DABCB

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容