=41=
A company's IoT network is experiencing a DDoS attack, disrupting critical operations.
一家公司物聯網網絡正遭受DDoS攻擊,干擾了關鍵操作。
What is the best course of action for the incident response team in this scenario?
在這種情況下,事件響應團隊應採取的最佳行動是什麼?
A. Block all incoming traffic to the IoT network 封鎖所有進入物聯網網絡的流量
B. Notify senior management and other stakeholders 通知高級管理層和其他相關方
C. Disconnect the affected IoT devices from the network 將受影響的物聯網設備斷開網絡
D. Increase bandwidth to the IoT network to handle the attack 增加物聯網網絡的帶寬以應對攻擊
=42=
At NeoTech, after a suspected insider threat incident, a smartphone believed to be a key piece of evidence was secured.
在NeoTech,經歷了一次懷疑內部威脅事件後,一部被認為是關鍵證據的智能手機被保全了。
While waiting for forensic experts, what should the incident handler do to maintain the phone's data integrity?
在等待法醫專家的同時,事件處理人員應該如何維護手機的數據完整性?
A. Take photos of all opened apps and active screens for documentation 拍攝所有已打開的應用程序和活動屏幕以作記錄
B. Place the phone in a Faraday bag to prevent remote wiping or communication 將手機放入法拉第袋以防止遠程擦除或通信
C. Keep the phone turned on and prevent it from locking 保持手機開機並防止其鎖定
D. Charge the phone continuously to avoid power loss 持續給手機充電以避免電量耗盡
=43=
In the lab scenario, a malicious process was detected running on the server.
在實驗室場景中,檢測到一個惡意進程正在服務器上運行。
An incident handler aims to prevent further exploitation of the compromised system.
事件處理人員旨在防止受損系統進一步被利用。
In the context of the lab scenario and available resources, which of the following actions should the handler take immediately after detecting the malicious process?
在實驗室場景和可用資源的背景下,檢測到惡意進程後,事件處理人員應立即採取以下哪一項行動?
A. Launch a detailed trojan and virus analysis using VirusTotal and OllyDbg before taking any actions 在採取任何行動之前,使用 VirusTotal 和 OllyDbg 進行詳細的木馬和病毒分析
B. Reboot the system in safe mode and use ClamWin to remove the malware from the system 在安全模式下重啟系統並使用 ClamWin 從系統中移除惡意軟件
C. Kill the process using CurrPorts and block the corresponding port to prevent future connections 使用 CurrPorts 終止進程並阻止相應的端口以防止未來的連接
D. Utilize Regshot to take a snapshot of the registry and compare it with previous entries to find changes 使用 Regshot 拍攝註冊表的快照並與以前的條目進行比較以查找變更
=44=
Incident handlers at Delta Corp. were alerted about potential unauthorized access to a sensitive server room.
Delta Corp.的事件處理人員收到關於潛在未經授權訪問敏感服務器室的警報。
Upon reaching the scene, what should be their immediate step to ensure the integrity of potential evidence?
到達現場後,他們應立即採取什麼措施來確保潛在證據的完整性?
A. Engage external consultants to determine the extent of the breach 聘請外部顧問以確定違規的範圍
B. Document the current state of the room, including positions of devices and opened files 記錄房間的當前狀態,包括設備的位置和打開的文件
C. Turn off all machines to stop further unauthorized access 關閉所有機器以停止進一步的未經授權訪問
D. Start scanning the network for signs of exfiltration activities 開始掃描網絡以查找外流活動的跡象
=45=
You are the network security manager for a large organization.
你是一家大型組織的網絡安全經理。
As part of your preparation for handling network security incidents, which of the following actions is MOST important to perform?
作為應對網絡安全事件準備工作的一部分,以下哪一項行動最重要?
A. Regularly update and patch network devices and systems 定期更新和修補網絡設備和系統
B. Implement intrusion detection and prevention systems (IDPS) 實施入侵檢測和防禦系統 (IDPS)
C. Develop an incident response plan and regularly conduct tabletop exercises 制定事件響應計劃並定期進行桌面演練
D. Conduct regular vulnerability assessments and penetration tests 進行定期的漏洞評估和滲透測試
=46=
As a Certified Incident Handler at a multinational corporation, you are notified of a possible data breach incident in one of the departments.
作為一家跨國公司的認證事件處理人員,你被通知某個部門可能發生了數據洩露事件。
During the initial investigation, you confirmed that one workstation was used to execute the malicious activity.
在初步調查中,你確認一台工作站被用來執行惡意活動。
You need to ensure the integrity of the evidence for further forensic analysis.
你需要確保證據的完整性以便進一步的法證分析。
What should your first response action be regarding the affected workstation?
對於受影響的工作站,你的首要響應行動應該是什麼?
A. Immediately disconnect the workstation from the network but leave it running 立即將工作站與網絡斷開但保持運行
B. Photograph the workstation and document the hardware configuration 拍攝工作站並記錄硬件配置
C. Use an antivirus to scan the workstation and delete any detected malware 使用防病毒軟件掃描工作站並刪除檢測到的任何惡意軟件
D. Shut down the workstation immediately to stop potential data loss 立即關閉工作站以防止潛在的數據丟失
=47=
In a scenario where the EC-Council Certified Incident Handler (ECIH) is analyzing unauthorized access incidents, they detect suspicious activities in their network.
在 EC-Council 認證事件處理人員 (ECIH) 分析未經授權的訪問事件的情況下,他們檢測到網絡中的可疑活動。
They identify multiple reconnaissance attempts from an external IP address, including PingSweep, SYNscan, Null scan, and Xmas scan.
他們識別出來自外部 IP 地址的多次偵察嘗試,包括 PingSweep、SYNscan、Null 掃描和 Xmas 掃描。
Subsequently, an unfamiliar text file appears in their VSFTPD logs.
隨後,他們的 VSFTPD 日誌中出現了一個不熟悉的文本文件。
Considering this situation, what should the ECIH do next?
考慮到這種情況,ECIH 接下來應該做什麼?
A. Ignore the unfamiliar text file, as it might just be a coincidence 忽略不熟悉的文本文件,因為它可能只是巧合
B. Check the content of the unfamiliar text file, as it might contain critical information 檢查不熟悉的文本文件的內容,因為它可能包含關鍵信息
C. Shut down the network immediately to prevent any further unauthorized access 立即關閉網絡以防止任何進一步的未經授權訪問
D. Conduct a reverse IP lookup of the external IP address to identify the origin of the reconnaissance attacks 進行外部 IP 地址的反向查詢以識別偵察攻擊的來源
=048=
As an Incident Handler, you are overseeing a large organization that heavily relies on email communication.
作為事件處理員,你負責監督一個高度依賴電子郵件通信的大型組織。
Recent studies have revealed a substantial increase in phishing and malicious email attachment attacks, leading to heightened concerns over email security.
最近的研究顯示,釣魚和惡意電子郵件附件攻擊顯著增加,導致對電子郵件安全的擔憂加劇。
Which of the following approaches would provide the most comprehensive protection against these emerging email security threats?
以下哪種方法能對這些新興的電子郵件安全威脅提供最全面的保護?
A. Ensuring secure email communication by implementing Pretty Good Privacy. 確保透過實施 Pretty Good Privacy 來進行安全的電子郵件通信。
B. Developing a layered defense mechanism that combines phishing attack prevention, email header analysis, and secure email communication through PGP. 開發結合釣魚攻擊防範、電子郵件標頭分析和透過 PGP 進行安全通信的分層防禦機制。
C. Employing email header analysis to trace the origin of suspicious emails. 使用電子郵件標頭分析來追溯可疑電子郵件的來源。
D. Using the Netcraft Toolbar to detect phishing sites and warn users about them. 使用 Netcraft 工具列檢測釣魚網站並警告用戶。
=049=
During the eradication phase of a web application security incident at a major online retail platform, the incident response team discovers that the application was compromised through a previously unknown zero-day vulnerability.
在某主要在線零售平台的網絡應用安全事件的根除階段,事件響應小組發現該應用程序是通過先前未知的零日漏洞被入侵的。
This vulnerability allowed the attacker to access user credit card information.
這個漏洞使攻擊者可以訪問用戶的信用卡信息。
The incident has severe financial and reputational implications.
該事件具有嚴重的財務和聲譽影響。
In this highly sensitive scenario, what is the best course of action for the incident response team?
在這種高度敏感的情況下,事件響應小組應採取的最佳行動是什麼?
A. Conceal the incident to protect the company's reputation 隱瞞事件以保護公司的聲譽
B. Focus solely on tracking the attacker without addressing the vulnerability 只關注追踪攻擊者而不解決漏洞
C. Immediately go public with the details of the zero-day vulnerability 立即公開零日漏洞的詳細信息
D. Patch the vulnerability, remove all traces of the attacker, inform affected users, and coordinate with relevant authorities 修補漏洞,移除攻擊者的所有痕跡,通知受影響的用戶,並與相關機構協調
=050=
As a senior network security analyst at a multinational corporation, you are part of an expert team overseeing the security of a complex network.
作為跨國公司的一名高級網絡安全分析師,你是負責監督複雜網絡安全的專家團隊的一員。
An alert comes through one morning, indicating potential unauthorized access through a vulnerable Wi-Fi connection in one of your global offices.
某天早上收到警報,顯示在你們全球辦事處之一中,通過一個漏洞百出的 Wi-Fi 連接可能發生了未經授權的訪問。
The nature of the breach suggests possible intellectual property theft.
這次違規的性質表明可能涉及知識產權盜竊。
Your team is assigned to validate and respond to the incident.
你的團隊被指派驗證和應對該事件。
In this complex scenario, what is the primary goal of a network security incident response plan?
在這種複雜的情況下,網絡安全事件響應計劃的主要目標是什麼?
A. Minimizing costs associated with the incident response 將與事件響應相關的成本降至最低
B. Identifying, containing, eradicating, and recovering from the incident 識別、遏制、根除和從事件中恢復
C. Implementing new business strategies for the company 為公司實施新的商業策略
D. Expanding the company's global reach and market share 擴展公司的全球覆蓋範圍和市場份額
=051=
During a recent incident response, the Blue Team of Contoso Corp. discovered a series of sophisticated spear-phishing emails sent to senior executives.
在最近的一次事件響應中,Contoso 公司的藍隊發現了一系列發送給高級主管的複雜魚叉式網絡釣魚電子郵件。
The emails leveraged zero-day vulnerabilities.
這些電子郵件利用了零日漏洞。
To enhance its proactive defenses, the team decided to incorporate more robust threat intelligence into their response strategy.
為了增強其主動防禦能力,該團隊決定將更強大的威脅情報納入其響應策略。
Which approach would best address the situation?
哪種方法最能解決這種情況?
A. Conduct regular penetration testing to identify and patch vulnerabilities. 進行定期滲透測試以識別和修補漏洞。
B. Collaborate with industry-specific Information Sharing and Analysis Centers (ISACs). 與行業特定的信息共享和分析中心(ISACs)合作。
C. Utilize commercial threat feeds to gain insights into generic threats. 利用商業威脅源來獲取對一般威脅的見解。
D. Implement mandatory two-factor authentication for all senior executive accounts. 為所有高級主管帳戶實施強制的雙重身份驗證。
=052=
During the eradication phase of a web application security incident, the incident response team discovers that the attacker has compromised the organization's Active Directory domain controller.
在網絡應用安全事件的根除階段,事件響應小組發現攻擊者已經入侵了該組織的 Active Directory 域控制器。
What is the best course of action for the incident response team?
事件響應小組應採取的最佳行動是什麼?
A. Change all passwords and credentials on the affected domain controller 更改受影響域控制器上的所有密碼和憑證
B. Install additional security measures on the affected domain controller 在受影響的域控制器上安裝額外的安全措施
C. Run a malware scan on the affected domain controller 在受影響的域控制器上運行惡意軟件掃描
D. Wipe and rebuild the affected domain controller 清除並重建受影響的域控制器
=053=
Post a debilitating malware attack on RetailHub, a chain of e-commerce platforms, the top brass decided to bolster their defenses.
在一次使 RetailHub(一連鎖電子商務平台)陷入癱瘓的惡意軟件攻擊後,高層決定加強防禦。
They acknowledged human error as a significant vulnerability.
他們承認人為錯誤是一個重要的漏洞。
As part of their renewed strategy, which preventive guideline would be most impactful against malware introduction?
作為其更新策略的一部分,哪條預防指導方針對防止惡意軟件引入最有影響?
A. Conducting regular employee training on phishing and social engineering threats. 進行定期的員工培訓,針對釣魚和社會工程威脅。
B. Outsourcing their IT infrastructure to a third-party vendor for better management. 將他們的 IT 基礎設施外包給第三方供應商以便更好地管理。
C. Mandating biannual security audits. 強制進行每年兩次的安全審計。
D. Restricting administrative privileges to a select few. 限制管理特權僅限於少數人。
=054=
During the initial setup of an incident response team at a medium-sized organization, the newly hired incident handler is tasked with defining an effective process for managing security incidents.
在一家中型組織建立事件響應團隊的初期,剛聘用的事件處理員的任務是定義一個有效的安全事件管理過程。
Considering the broad range of possible incidents, from common threats to advanced persistent threats (APTs), which of the following is the MOST appropriate approach for this task?
考慮到從普通威脅到高級持續性威脅(APT)的廣泛可能事件,以下哪種方法對此任務最為合適?
A. Concentrate on detecting missing security patches using MBSA on Windows, along with performing security checks using buck-security on Linux. 集中精力使用 MBSA 在 Windows 上檢測丟失的安全補丁,同時在 Linux 上使用 buck-security 進行安全檢查。
B. Implement policies using the Group Policy Management Console (GPMC) and work with incident tickets in OSSIM. 使用組策略管理控制台(GPMC)實施策略,並在 OSSIM 中處理事件票據。
C. Develop a comprehensive incident response process, including policies, incident response teams, procedures, and guidelines tailored to address a variety of potential incidents. 制定全面的事件響應流程,包括政策、事件響應團隊、程序和指南,針對各種潛在事件。
D. Draft an incident handling plan focusing only on APTs due to their high impact. 制定一個僅專注於 APT 的事件處理計劃,因為它們具有高影響力。
=055=
A gaming company recently launched a new online multiplayer game.
一家遊戲公司最近推出了一款新的多人在線遊戲。
Within a month, they noticed an unusual spike in server traffic, causing significant latency and performance issues for players.
一個月內,他們注意到伺服器流量異常增加,導致玩家的延遲和性能問題顯著。
Upon investigation, the security team discovered it was a DDoS attack aimed at disrupting game services.
經調查,安全團隊發現這是一場旨在破壞遊戲服務的 DDoS 攻擊。
What should the incident response team focus on to mitigate such attacks and ensure smooth game operation?
事件響應小組應專注於什麼以減輕此類攻擊並確保遊戲運行順暢?
A. Implementing rate limiting and traffic filtering to manage excessive traffic. 實施速率限制和流量過濾以管理過多的流量。
B. Upgrading game servers to higher capacity to handle increased traffic. 升級遊戲伺服器以應對增加的流量。
C. Informing players about the attack and advising them to reduce their game usage. 通知玩家關於攻擊並建議他們減少遊戲使用。
D. Outsourcing game server management to a third-party cloud service. 將遊戲伺服器管理外包給第三方雲服務。
=056=
You are an Incident Handler at a medium-sized financial institution that recently experienced a data breach affecting customer personal information.
你是一家中型金融機構的事件處理員,該機構最近經歷了一次影響客戶個人信息的數據洩露。
The breach has led to severe reputational damage and loss of customer trust.
這次洩露導致了嚴重的聲譽損害和客戶信任的喪失。
The leadership team seeks your recommendation on the immediate next step to address the breach.
領導團隊尋求你對解決洩露的下一步建議。
A. Publicly apologize to the customers and offer compensation. 向客戶公開道歉並提供賠償。
B. Conduct a detailed forensic investigation to determine the extent of the breach and prevent future occurrences. 進行詳細的法證調查以確定洩露的範圍並防止未來的發生。
C. Terminate the contract of the current cybersecurity vendor. 終止與現有網絡安全供應商的合同。
D. Launch a public relations campaign to rebuild the company’s image. 發起公關活動以重建公司的形象。
=057=
A forensic investigator is called to investigate a security breach at a data center that houses critical information for a government agency.
一名法證調查員被召來調查在存放政府機構關鍵信息的數據中心發生的安全漏洞。
Upon arrival, the investigator's first priority is to ensure that the evidence remains intact and unaltered.
到達現場後,調查員的首要任務是確保證據保持完整且未被改動。
Which of the following should the investigator do FIRST to preserve the integrity of the evidence?
調查員首先應該做什麼來保持證據的完整性?
A. Label and secure all evidence in tamper-proof containers. 將所有證據標記並放入防篡改的容器中。
B. Shut down all affected systems immediately to prevent further tampering. 立即關閉所有受影響的系統以防止進一步篡改。
C. Make a forensic image of the systems involved in the breach. 製作涉及洩露的系統的法證映像。
D. Interview witnesses and document their statements. 訪談證人並記錄他們的陳述。
=058=
Your organization is in the process of revising its incident response plan (IRP) to ensure better preparedness for potential security incidents.
你的組織正在修訂其事件響應計劃(IRP),以確保更好地準備應對潛在的安全事件。
As the Chief Information Security Officer (CISO), you are tasked with identifying the key components that should be included in the updated IRP.
作為首席信息安全官(CISO),你的任務是確定應包含在更新 IRP 中的關鍵組成部分。
Which of the following components is crucial for an effective incident response plan?
以下哪個組成部分對有效的事件響應計劃至關重要?
A. A detailed contact list of all stakeholders and incident response team members. 所有利益相關者和事件響應團隊成員的詳細聯繫名單。
B. An extensive list of all potential threats and vulnerabilities. 所有潛在威脅和漏洞的詳細清單。
C. A comprehensive inventory of all hardware and software assets. 所有硬件和軟件資產的全面清單。
D. A summary of the company's financial status and risk appetite. 公司的財務狀況和風險偏好的摘要。
=059=
During a recent cybersecurity incident, a major pharmaceutical company experienced a ransomware attack that encrypted sensitive research data.
在最近的一次網絡安全事件中,一家大型製藥公司經歷了一次勒索軟件攻擊,加密了敏感的研究數據。
The attackers demanded a substantial ransom to decrypt the files.
攻擊者要求支付高額贖金以解密文件。
As the Incident Response Manager, what should be your immediate course of action?
作為事件響應經理,你的立即行動方針應該是什麼?
A. Negotiate with the attackers to reduce the ransom amount. 與攻擊者談判以減少贖金金額。
B. Pay the ransom to quickly regain access to the encrypted data. 支付贖金以迅速重新獲得對加密數據的訪問權限。
C. Inform law enforcement and follow legal and organizational protocols. 通知執法部門並遵循法律和組織規程。
D. Attempt to decrypt the files using available tools and resources. 嘗試使用可用的工具和資源解密文件。
=060=
During the triage phase of a cyber incident at a global logistics company, the incident response team identifies that the company's database has been breached, exposing sensitive customer data.
在全球物流公司的網絡事件分診階段,事件響應小組發現該公司的數據庫被入侵,暴露了敏感的客戶數據。
The breach has significant legal and financial implications.
這次入侵具有重大法律和財務影響。
What should the incident response team prioritize to handle the situation effectively?
事件響應小組應優先處理什麼以有效應對這種情況?
A. Notifying customers about the data breach to maintain transparency. 通知客戶數據洩露以保持透明。
B. Isolating the breached database to prevent further data loss. 隔離被入侵的數據庫以防止進一步數據丟失。
C. Conducting a full forensic investigation to identify the breach source. 進行全面的法證調查以確定入侵來源。
D. Contacting legal counsel to address potential compliance issues. 聯繫法律顧問以處理潛在的合規問題。
留言
張貼留言