跳到主要內容

ECIH_A_191-200

 =191==

Which of the following are malicious software programs that infect computers and corrupt or delete the data on them?

以下哪一項是惡意軟體程式,會感染電腦並損壞或刪除其上的資料?

A. Trojans 木馬程式

B. Worms 蠕蟲

C. Spyware 間諜軟體

D. Virus 病毒

 

=192==

Stanley works as an incident responder at a top MNC based in Singapore.

Stanley 是新加坡一流跨國公司的事件響應人員。

He was asked to investigate a cybersecurity incident that recently occurred in the company.

他被要求調查公司最近發生的網絡安全事件。

While investigating the incident, he collected evidence from the victim systems.

在調查事件時,他從受害系統中收集了證據。

He must present this evidence in a clear and comprehensible manner to the members of a jury so that the evidence clarifies the facts and further helps in obtaining an expert opinion on the incident to confirm the investigation process.

他必須以清晰和易於理解的方式向陪審團成員展示這些證據,以便證據澄清事實,並進一步有助於獲得專家對事件的意見以確認調查過程。

In the above scenario, which of the following characteristics of the digital evidence did Stanley attempt to preserve?

在上述情境中,Stanley 試圖保留數位證據的以下哪一個特徵?

A. Completeness 完整性

B. Admissibility 可接受性

C. Authenticity 真實性

D. Believability 可信度

 

=193==

Sam, an employee of a multinational company, sends emails to third-party organizations with a spoofed email address of his organization.

Sam 是一家跨國公司的員工,他使用偽造的公司電子郵件地址向第三方組織發送電子郵件。

How can you categorize this type of incident?

你如何分類這種類型的事件?

A. Unauthorized access incident 未經授權的訪問事件

B. Denial-of-service incident 拒絕服務事件

C. Impersonation attack incident 冒充攻擊事件

D. Network intrusion incident 網絡入侵事件

 

=194==

Jacob is an employee at a firm called Dolphin Investment.

Jacob 是一家名為 Dolphin Investment 公司的員工。

While he was on duty, he identified that his computer was facing some problems, and he wanted to convey the issue to the concerned authority in his organization.

在他值班時,他發現他的電腦遇到了一些問題,他想將這個問題告知公司內相關部門。

However, this organization currently does not have a ticketing system to address such types of issues.

然而,這家公司目前沒有票務系統來處理這類問題。

In the above scenario, which of the following ticketing systems can be employed by Dolphin Investment to allow Jacob to inform the concerned team about the incident?

在上述情境中,Dolphin Investment 可以採用以下哪個票務系統讓 Jacob 告知相關團隊事件?

A. MISP

B. ThreatConnect

C. ManageEngine ServiceDesk Plus

D. IBM XForce Exchange

 

=195==

Ryan is working in the eradication phase, wherein he is eliminating the root cause of an incident that occurred in the Windows operating system installed in a system.

Ryan 正在消除階段,消除發生在安裝了 Windows 操作系統的系統中的事件根本原因。

He ran a tool that can detect missing patches in the system and install the latest patches on the system and networks.

他運行了一個工具,該工具可以檢測系統中缺少的補丁並安裝系統和網絡上的最新補丁。

Which of the following tools did Ryan use to accomplish missing security patches?

Ryan 使用以下哪一個工具來完成缺少的安全補丁?

A. Microsoft Baseline Security Analyzer 微軟基準安全分析器

B. Microsoft Advanced Threat Analytics 微軟高級威脅分析

C. Office365 Advanced Threat Protection Office365 高級威脅保護

D. Microsoft Cloud App Security 微軟雲端應用安全

 

=196==

Which of the following best describes an email issued as an attack medium, in which several messages are sent to a mailbox to cause overflow?

以下哪一項最能描述作為攻擊媒介的電子郵件,其中多封消息發送到郵箱以導致溢出?

A. Spoofing 偽裝

B. Email-bombing 電子郵件炸彈

C. Masquerading 冒充

D. Smurf attack Smurf 攻擊

 

=197==

Oscar receives an email from an unknown source containing his domain name oscar.com.

Oscar 收到一封來自未知來源的電子郵件,其中包含他的域名 oscar.com

Upon checking the link, he found that it contains a malicious URL that redirects to the website evilsite.org.

檢查鏈接後,他發現它包含一個惡意 URL,會重定向到網站 evilsite.org

What type of vulnerability is this?

這是哪種類型的漏洞?

A. Unvalidated redirects and forwards 未經驗證的重定向和轉發

B. SQL injection SQL 注入

C. Malware 惡意軟體

D. Botnet 殭屍網絡

 

=198==

A user downloaded what appears to be genuine software.

用戶下載了看起來是正版的軟體。

Unknown to her, when she installed the application, it executed code that provided an unauthorized remote attacker access to her computer.

她不知道的是,當她安裝應用程式時,它執行了代碼,使未經授權的遠程攻擊者訪問她的計算機。

What type of malicious threat displays this characteristic?

具有此特徵的惡意威脅是哪種類型?

A. Backdoor 後門

B. Trojan 木馬程式

C. Worm 蠕蟲

D. Spyware 間諜軟體

 

=199==

If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member.

如果駭客找不到其他方法攻擊組織,他們可以影響員工或心懷不滿的員工。

What type of threat is this?

這是哪種類型的威脅?

A. Identity theft 身份盜竊

B. Footprinting 足跡

C. Insider attack 內部攻擊

D. Phishing attack 魚叉攻擊

 

=200==

A colleague wants to minimize their security responsibility because they are in a small organization.

一位同事希望將其安全責任降到最低,因為他們在一家小型組織中。

They are evaluating a new application that is offered in different forms.

他們正在評估一種以不同形式提供的新應用程式。

Which form would result in the least amount of responsibility for the colleague?

哪種形式會導致同事的責任最小化?

A. On-prem installation 本地安裝

B. SaaS 軟體即服務

C. PaaS 平台即服務

D. IaaS 基礎設施即服務

DDCCA BACCB

標籤:

留言

張貼留言

這個網誌中的熱門文章

ECIH_A_051-060

  =051== In which of the following phases of incident handling and response (IH&R) process are the identified security incidents analyzed, validated, categorized, and prioritized? 在事件處理和響應 (IH&R) 流程的哪個階段,已識別的安全事件會被分析、驗證、分類和優先排序? A. Incident triage, 事件分類 B. Notification, 通知 C. Incident recording and assignment, 事件記錄和分配 D. Containment, 控制   =052== Browser data can be used to access various credentials. 瀏覽器數據可以用來訪問各種憑證。 Which of the following tools is used to analyze the history data files in Microsoft Edge browser? 以下哪個工具用於分析 Microsoft Edge 瀏覽器中的歷史數據文件? A. MZHistoryView B. BrowsingHistoryView C. ChromeHistoryView D. MZCacheView   =053== Eve is an incident handler in ABC organization. Eve 是 ABC 組織的事件處理人員。 One day, she got a complaint about an email hacking incident from one of the employees of the organization. 有一天,她收到該組織的一名員工關於電子郵件駭客事件的投訴。 As an incident handler, Eve follows a set of recovery steps in order to recover...
張貼留言
閱讀完整內容

ECIH_B_001-010

  =001== XYZ Corp. recently shifted its infrastructure to Microsoft Azure and soon after faced an unexpected data breach. XYZ 公司最近將其基礎設施轉移到 Microsoft Azure ,但不久後就遭遇了意外的數據洩漏事件。 The event led to confidential data being accessed by an unauthorized user. 該事件導致機密數據被未經授權的用戶訪問。 As the newly appointed EC-Council Certified Incident Handler, you are tasked with improving the incident response strategy to prevent such security incidents in the future. 作為新任命的 EC-Council 認證事件處理人員,您被要求改進事件響應策略,以防止未來發生此類安全事件。 What is the best course of action? 最佳行動方案是什麼? · Activate Azure disk encryption for all data stored in the cloud. 啟用 Azure 磁碟加密,對雲端中儲存的所有數據進行加密。 · Transition all operations to Azure private network to enhance control over data. 將所有操作轉移到 Azure 私人網路,以增強對數據的控制。 · Implement Azure network security groups to limit access to resources. 實施 Azure 網路安全群組,限制對資源的訪問。 · Set up Azure Security Center and enable just-in-time VM access. 設置 Azure 安全中心並啟用即時虛擬機存取。 =002== The CEO of a l...
張貼留言
閱讀完整內容

ECIH_B_031-040

=031== An employee accidentally emails confidential customer information to a personal email address. 一名員工不小心將機密客戶資訊發送到個人電子郵件地址。 What is the biggest challenge faced by the incident response team in this scenario? 在此情境中,事件回應團隊面臨的最大挑戰是什麼? Ⓐ Determining the intent of the employee 確定員工的意圖 Ⓑ Balancing the need for confidentiality and transparency with stakeholders 平衡保密需求與對利害關係人保持透明之間的需求 Ⓒ Identifying the extent of the damage caused by the incident 確定事件造成的損害程度 Ⓓ Identifying the source of the email server used to send the email 確定用於發送郵件的電子郵件伺服器的來源 =032== An incident handling team has been alerted about a possible security breach on a Linux system. 一個事件處理團隊收到有關 Linux 系統可能發生安全漏洞的警報。 As an EC-Council Certified Incident Handler, you decide to perform an incident triage using a tool named buck-security on Linux. 作為 EC-Council 認證的事件處理人員,您決定使用名為 buck-security 的工具在 Linux 上進行事件分類。 After conducting the security check, buck-security returns a warning message indicating a ...
張貼留言
閱讀完整內容