=21==
After a significant software upgrade at ZetaCorp, the IT department noticed an abnormal surge in network traffic.
在ZetaCorp進行重大軟件升級後,IT部門注意到網絡流量異常激增。
On closer inspection, the anomaly appeared to originate from a specific set of newly installed machines.
經過仔細檢查,異常似乎來自一組新安裝的機器。
IT personnel identified an unknown process transmitting large amounts of data.
IT人員發現一個未知進程正在傳輸大量數據。
Realizing the potential implications, they sought immediate action. What should their primary response be?
意識到潛在的影響,他們尋求立即行動。他們的主要應對措施應該是什麼?
A. Document the process details and alert the software vendor.
記錄過程詳細信息並通知軟件供應商。
B. Seek external help from malware experts without internal intervention.
尋求惡意軟件專家的外部幫助,而不進行內部干預。
C. Run an antivirus sweep across the entire network.
在整個網絡上進行防病毒掃描。
D. Immediately isolate the affected machines from the network.
立即將受影響的機器與網絡隔離。
=22==
You are an EC-Council Certified Incident Handler (ECIH) working for a company that has most of its infrastructure on the AWS cloud.
您是一位EC-Council認證的事件處理員,為一家大部分基礎設施都在AWS雲上的公司工作。
Recently, a high-profile security incident took place where confidential data was accessed by an unauthorized user.
最近發生了一起高調的安全事件,機密數據被未經授權的用戶訪問。
Your team has already managed to contain and eradicate the breach. As a next step, which of the following should you prioritize?
您的團隊已經設法控制並消除了這次漏洞。下一步,您應優先考慮以下哪項?
A. Changing all user credentials and revoking all existing API keys.
更改所有用戶憑據並撤銷所有現有的API密鑰。
B. Setting up additional firewalls to block external traffic.
設置額外的防火牆以阻止外部流量。
C. Moving sensitive data to a more secure, private cloud environment.
將敏感數據轉移到更安全的私有雲環境中。
D. Conduct a thorough post-mortem analysis to understand the cause and effect of the incident.
進行徹底的事後分析以了解事件的原因和影響。
=23==
An EC-Council Certified Incident Handler (ECIH) is dispatched to manage a cyber incident at a multinational firm where a ransomware attack has encrypted critical data.
一位EC-Council認證的事件處理員被派去處理一家跨國公司的網絡事件,該事件中勒索軟件加密了關鍵數據。
While preserving the evidence, the handler discovered a suspicious email attachment on an affected system. What should be the handler's next step?
在保留證據的同時,處理員在受影響的系統上發現了一個可疑的電子郵件附件。處理員的下一步應該是什麼?
A. Delete the email and its attachments from the affected system.
從受影響的系統中刪除電子郵件及其附件。
B. Reply to the suspicious email to negotiate with the attackers.
回覆可疑電子郵件以與攻擊者談判。
C. Open the attachment on the affected system for instant analysis.
在受影響的系統上打開附件進行即時分析。
D. Transfer the suspicious email and attachments to a digital forensics' lab.
將可疑的電子郵件及附件轉移到數字取證實驗室。
=24==
You are an EC-Council Certified Incident Handler for a financial institution. A sudden network spike has been detected in one of your data centers late at night.
您是一位金融機構的EC-Council認證事件處理員。在深夜,您的數據中心之一檢測到突然的網絡峰值。
The company might be dealing with a distributed denial of service attack. As the one on the front line, what is the top priority action you'd need to jump on right away?
公司可能正在處理分佈式拒絕服務攻擊。作為前線人員,您需要立即採取的首要行動是什麼?
A. Notify all customers about the potential breach.
通知所有客戶潛在的漏洞。
B. Switch off the servers to stop further data transmission.
關閉服務器以停止進一步的數據傳輸。
C. Initiate a complete system backup to preserve current data.
啟動完整的系統備份以保留當前數據。
D. Isolate affected systems to prevent the spread of the attack.
隔離受影響的系統以防止攻擊蔓延。
=25==
An EC-Council Certified Incident Handler (ECIH) is preparing a cloud-based company for potential security incidents. She's focusing on best practices to fortify the company's defenses against such events.
一位EC-Council認證的事件處理員正在為一家雲端公司準備潛在的安全事件。她專注於加強公司防禦此類事件的最佳實踐。
Given the following measures, which one should the ECIH prioritize?
考慮到以下措施,ECIH應優先考慮哪一項?
A. Regularly updating and patching all cloud-based systems.
定期更新和修補所有基於雲的系統。
B. Limiting the use of third-party applications within the cloud environment.
限制雲環境中第三方應用程序的使用。
C. Implementing a zero-trust architecture across all network resources.
在所有網絡資源中實施零信任架構。
D. Frequently changing all users' passwords in the cloud environment.
在雲環境中頻繁更改所有用戶的密碼。
=26==
During a web application security incident, the incident response team discovers that a hacker has gained access to a server hosting a critical web application.
在一次網絡應用安全事件中,事件響應團隊發現黑客已經獲得了一個託管關鍵網絡應用的服務器的訪問權限。
The hacker has also installed malware that has enabled them to steal sensitive data from the server. What is the best course of action for the incident response team during the containment phase?
黑客還安裝了惡意軟件,使他們能夠從服務器中竊取敏感數據。在遏制階段,事件響應團隊的最佳行動方案是什麼?
A. Back up the compromised server to preserve evidence
備份受損的服務器以保留證據
B. Disconnect the server from the network to prevent further access
將服務器與網絡斷開以防止進一步訪問
C. Leave the server connected to the network to gather more information about the attack
讓服務器保持連接以收集更多有關攻擊的信息
D. Notify the affected customers of the breach
通知受影響的客戶有關漏洞
=27==
You are the Azure security incident response lead for a multinational organization. Your team has detected suspicious activity in one of the Azure subscriptions.
您是跨國組織的Azure安全事件響應負責人。您的團隊在其中一個Azure訂閱中檢測到可疑活動。
Upon investigation, you find that an unauthorized user has gained access to a virtual machine (VM) running a critical application.
經調查,您發現未經授權的用戶已經獲得了運行關鍵應用程序的虛擬機(VM)的訪問權限。
What is the MOST appropriate immediate action to take?
最適當的立即行動是什麼?
A. Change the credentials of all user accounts associated with the Azure subscription.
更改與Azure訂閱相關的所有用戶帳戶憑據。
B. Preserve the volatile memory of the compromised VM for forensic analysis.
保留受損VM的易失性內存以進行取證分析。
C. Disconnect the compromised VM from the network to prevent further unauthorized access.
將受損的VM與網絡斷開以防止進一步的未經授權訪問。
D. Notify Azure support and request assistance in containing and investigating the incident.
通知Azure支持並請求協助遏制和調查事件。
=28==
In a hypothetical scenario, you are an EC-Council Certified Incident Handler (ECIH), and you have been called to handle an incident at a large multinational corporation where a significant data breach has been detected.
在一個假設的場景中,您是一位EC-Council認證的事件處理員,您被叫去處理一家大型跨國公司的事件,該公司發現了一起重大數據泄露事件。
The breach involves a cloud-hosted database containing sensitive client information. You need to secure and document the crime scene. Which of the following steps is most appropriate as your first response?
泄露涉及一個雲端託管的數據庫,其中包含敏感客戶信息。您需要保護並記錄犯罪現場。以下哪個步驟最適合作為您的首次響應?
A. Immediately inform all clients about the breach and the potential loss of data.
立即通知所有客戶有關泄露及潛在數據丟失。
B. Document the state of the cloud environment, including system logs and configurations.
記錄雲環境的狀態,包括系統日誌和配置。
C. Remotely login and shut down the compromised database to prevent further access.
遠程登錄並關閉受損的數據庫以防止進一步訪問。
D. Begin with a comprehensive network traffic analysis to identify the source of the breach.
從全面的網絡流量分析開始以確定泄露的來源。
=29==
You are an EC-Council Certified Incident Handler (ECIH) at a global financial institution reassessing its security posture after a targeted Advanced Persistent Threat (APT) attack.
您是一位全球金融機構的EC-Council認證事件處理員,在針對性的高級持續威脅(APT)攻擊後重新評估其安全姿態。
Post-analysis reveals that the APT group exploited a previously unknown vulnerability in one of their legacy systems.
事後分析顯示,APT組織利用了他們的一個舊系統中的一個先前未知的漏洞。
Which strategy should the institution prioritize to better guard against such sophisticated threats?
該機構應優先考慮哪種策略來更好地防禦此類複雜威脅?
A. Regularly back up all systems and store in a cold storage environment.
定期備份所有系統並存儲在冷存儲環境中。
B. Adopt a defense-in-depth strategy incorporating multiple security layers.
採用包含多層安全措施的縱深防禦策略。
C. Decommission legacy systems and migrate to newer platforms.
停用舊系統並遷移到較新的平台。
D. Frequently update antivirus and IDS/IPS signatures.
頻繁更新防病毒和IDS/IPS特徵。
=30==
MediTech, a healthcare tech company, is rolling out a proactive strategy against potential malware threats.
MediTech是一家醫療技術公司,正在推出針對潛在惡意軟件威脅的積極策略。
They have a diverse range of software and hardware assets. In an executive meeting, a range of measures were discussed.
他們擁有多樣的軟硬件資產。在一次高管會議中,討論了一系列措施。
Which measure would best enable them to promptly identify unauthorized applications?
哪項措施能最好地使他們能夠及時識別未經授權的應用程序?
A. Conducting weekly vulnerability assessments.
每週進行漏洞評估。
B. Deploying a heuristic-based intrusion detection system.
部署基於啟發式的入侵檢測系統。
C. Establishing a strict patch management routine.
建立嚴格的補丁管理常規。
D. Enforcing application whitelisting across all company endpoints.
在所有公司端點實施應用程序白名單。
=31==
In a situation where an insider threat has been detected in your organization using the ActivTrak Employee Monitoring Solution, what would be the most appropriate step to handle this situation while ensuring minimal damage to the organizational resources?
在使用ActivTrak員工監控解決方案檢測到組織內部威脅的情況下,什麼是處理此情況的最適當步驟,同時確保對組織資源的損害最小?
A. Confront the suspicious employee directly and ask them about their unusual activities.
直接面對可疑員工並詢問他們的不尋常活動。
B. Ignore the threat if it seems non-serious and continue monitoring employee activities.
如果威脅看起來不嚴重則忽略並繼續監控員工活動。
C. Immediately block all access to suspicious employees, including email, application accounts, physical access cards, and network credentials.
立即封鎖所有可疑員工的訪問,包括電子郵件、應用程序帳戶、物理訪問卡和網絡憑據。
D. Inform all employees about the detected threat and ask them to be more cautious in the future.
通知所有員工已檢測到的威脅並要求他們將來更加謹慎。
=32==
A company's network experiences a distributed denial-of-service (DDoS) attack, causing significant disruption to its online services.
一家公司網絡遭遇分佈式拒絕服務(DDoS)攻擊,導致其在線服務嚴重中斷。
What is the best course of action for the incident response team in this scenario?
在這種情況下,事件響應團隊的最佳行動方案是什麼?
A. Utilize a robust DDoS mitigation solution to filter and block malicious traffic.
使用強大的DDoS緩解解決方案過濾並阻止惡意流量。
B. Implement additional network security measures to prevent future DDoS attacks.
實施額外的網絡安全措施以防止未來的DDoS攻擊。
C. Identify the origin of the DDoS attack and pursue legal action against the attackers.
確定DDoS攻擊的來源並對攻擊者採取法律行動。
D. Promptly inform senior management and relevant stakeholders about the ongoing attack.
及時通知高級管理層和相關利益相關者有關正在進行的攻擊。
=33==
A software development company is undergoing a major security overhaul.
一家軟件開發公司正在進行重大安全改造。
They are concerned about insider threats and data breaches.
他們擔心內部威脅和數據洩露。
Which of the following measures should they prioritize to address these concerns?
他們應優先考慮以下哪項措施來解決這些問題?
A. Implementing stringent access controls and user permissions.
實施嚴格的訪問控制和用戶權限。
B. Conducting regular security awareness training for employees.
定期進行員工安全意識培訓。
C. Deploying advanced encryption techniques for all sensitive data.
為所有敏感數據部署先進的加密技術。
D. Setting up a comprehensive incident response plan.
制定全面的事件響應計劃。
=34==
You are an incident handler at a multinational corporation. The company has detected unusual activity on a privileged user account.
您是跨國公司的一名事件處理員。公司檢測到特權用戶帳戶上的異常活動。
Which of the following is the most appropriate initial step to take?
以下哪項是最適當的初步措施?
A. Disable the account immediately and initiate a forensic investigation.
立即禁用帳戶並啟動取證調查。
B. Change the account password and continue to monitor the activity.
更改帳戶密碼並繼續監控活動。
C. Notify senior management about the suspicious activity.
通知高級管理層有關可疑活動。
D. Perform a full audit of the account's recent activities.
對該帳戶的最近活動進行全面審計。
=35==
A financial firm has experienced a phishing attack where multiple employees disclosed their credentials.
一家金融公司經歷了一次網絡釣魚攻擊,多名員工洩露了他們的憑據。
What should be the firm's immediate response to mitigate the impact?
公司應立即採取什麼措施來減輕影響?
A. Notify the affected employees and ask them to change their passwords.
通知受影響的員工並要求他們更改密碼。
B. Revoke access for the compromised accounts and investigate the breach.
撤銷受損帳戶的訪問權限並調查漏洞。
C. Implement multi-factor authentication across the organization.
在整個組織中實施多因素身份驗證。
D. Conduct a company-wide phishing awareness training.
進行全公司的網絡釣魚意識培訓。
=36==
You are handling a security incident where a malware outbreak has occurred within your organization.
您正在處理公司內部發生的惡意軟件爆發事件。
What is the best immediate action to contain the outbreak?
遏制爆發的最佳立即措施是什麼?
A. Inform all employees about the outbreak and instruct them to shut down their systems.
通知所有員工有關爆發情況並指示他們關閉系統。
B. Disconnect all infected systems from the network.
將所有受感染的系統與網絡斷開。
C. Perform a full system scan on all organizational devices.
對所有組織設備進行全面系統掃描。
D. Update the antivirus signatures and run an immediate scan.
更新防病毒特徵碼並立即進行掃描。
=37==
In the event of a successful SQL injection attack on a company's web application, what should be the incident response team's primary focus during the eradication phase?
在公司網絡應用程序成功遭受SQL注入攻擊的情況下,事件響應團隊在消除階段的主要關注點應該是什麼?
A. Restoring the database to a previous backup.
將數據庫恢復到先前的備份。
B. Implementing input validation and sanitization on user inputs.
對用戶輸入實施輸入驗證和清理。
C. Identifying and removing the malicious SQL code from the database.
識別並移除數據庫中的惡意SQL代碼。
D. Notifying affected customers about the data breach.
通知受影響的客戶有關數據泄露。
=38==
Your organization has detected unauthorized access to sensitive data in its cloud storage.
您的組織已檢測到對雲存儲中敏感數據的未經授權訪問。
What is the most appropriate initial response to this incident?
對此事件最適當的初步響應是什麼?
A. Immediately delete the compromised data from the cloud storage.
立即從雲存儲中刪除受損數據。
B. Suspend all user access to the cloud storage.
暫停所有用戶對雲存儲的訪問。
C. Conduct a thorough investigation to determine the extent of the breach.
進行徹底調查以確定漏洞的範圍。
D. Notify the cloud service provider about the unauthorized access.
通知雲服務提供商有關未經授權的訪問。
=39==
A security incident has been detected where an attacker has gained access to your company's internal network through a phishing attack.
已檢測到安全事件,其中攻擊者通過網絡釣魚攻擊獲得了貴公司內部網絡的訪問權限。
What is the most immediate action that should be taken to contain the attack?
遏制攻擊應立即採取的措施是什麼?
A. Shut down the company's entire network to prevent further access.
關閉公司的整個網絡以防止進一步訪問。
B. Isolate the affected systems from the network.
將受影響的系統與網絡隔離。
C. Inform all employees about the phishing attack and advise them to be cautious.
通知所有員工有關網絡釣魚攻擊並建議他們謹慎。
D. Perform a full security audit of the network.
對網絡進行全面的安全審計。
=40==
An EC-Council Certified Incident Handler (ECIH) is tasked with managing an incident involving a sophisticated malware attack on a company's infrastructure.
一位EC-Council認證事件處理員被指派管理涉及對公司基礎設施的複雜惡意軟件攻擊的事件。
The attack has compromised several critical systems and is spreading rapidly. What should the ECIH do first to mitigate the damage?
攻擊已損害多個關鍵系統並迅速蔓延。ECIH首先應該做什麼來減輕損害?
A. Immediately shut down all affected systems to prevent further spread.
立即關閉所有受影響的系統以防止進一步蔓延。
B. Notify senior management and relevant stakeholders about the attack.
通知高級管理層和相關利益相關者有關攻擊。
C. Conduct a thorough analysis to identify the malware's origin and entry point.
進行徹底分析以確定惡意軟件的來源和入口點。
D. Deploy security patches and updates across all systems.
在所有系統上部署安全補丁和更新。
留言
張貼留言