Logical Operations CFR-210 問題集

質問 1：
The Chief Information Officer (CIO) of a company asks the incident responder to update the risk
management plan. Which of the following methods can BEST help the incident responder identify the
risks that require in-depth analysis?
A. Targeted risk analysis
B. Quantitative analysis
C. Non-targeted risk analysis
D. Qualitative analysis
正解：B

質問 2：
A file is discovered in the /etc directory of an internal server by an automated file integrity checker. A
security analyst determines the file is a bash script. The contents are as follows:
# /bin/bash
IFS=:
[[-f/etc/passwd]] && cat/etc/passwd I
while read a b c d e f g
do
echo "$e ($a)"
done
Which of the following was the author of the script attempting to gather?
A. UID and GID
B. Home directory and shell
C. User's name and username
D. Username and password hash
正解：D

質問 3：
Which of the following types of logs is shown below, and what can be discerned from its contents?
2 015-07-19 12:33:31 reject UDP 146.64.21.212 192.141.173.72 1234 80
2 015-07-19 12:33:31 reject UDP 166.32.22.12 192.141.173.72 1234 80
2 015-07-19 12:33:31 reject UDP 123.56.71.145 192.141.173.72 1234 80
2 015-07-19 12:33:31 reject UDP 146.64.21.212 192.141.173.72 1234 80
2 015-07-19 12:33:32 reject UDP 166.32.22.12 192.141.173.72 1234 80
2 015-07-19 12:33:32 reject UDP 123.56.71.145 192.141.173.72 1234 80
2 015-07-19 12:33:32 reject UDP 146.64.21.212 192.141.173.72 1234 80
2 015-07-19 12:33:33 reject UDP 166.32.22.12 192.141.173.72 1234 80
2 015-07-19 12:33:33 reject UDP 123.56.71.145 192.141.173.72 1234 80
2 015-07-19 12:33:33 reject UDP 146.64.21.212 192.141.173.72 1234 80
2 015-07-19 12:33:34 reject UDP 166.32.22.12 192.141.173.72 1234 80
2 015-07-19 12:33:34 reject UDP 123.56.71.145 192.141.173.72 1234 80
2 015-07-19 12:33:34 reject UDP 146.64.21.212 192.141.173.72 1234 80
2 015-07-19 12:33:35 reject UDP 166.32.22.12 192.141.173.72 1234 80
2 015-07-19 12:33:35 reject UDP 123.56.71.145 192.141.173.72 1234 80
A. Firewall log showing a possible web server attack
B. Firewall log showing a possible DoS attack
C. Proxy log showing a possible DoS attack
D. Proxy log showing a possible web server attack
正解：B

質問 4：
Which of the following commands should be used to print out ONLY the second column of items in the
following file?
Source_File,txt
Alpha Whiskey
Bravo Tango
Charlie Foxtrot
Echo Oscar
Delta Roger
A. cut -c6-12 Source_File.txt
B. cut -d 11 11 -f2 Source_File.txt
C. cut -b7-15 source_file.txt
D. cut -d 11 11 -f2 source_file.txt
正解：A

質問 5：
A computer attacker has compromised a system by implanting a script that will send 10B packages over
port 150. This port is also used for sending heartbeat messages to a central monitoring server.
Which of the following BEST describes the tactic used to execute this attack?
A. Logic bomb
B. Backdoors
C. ICMP redirect
D. Covert channels
正解：D

質問 6：
A malware analyst has been assigned the task of reverse engineering malicious code. To conduct the
analysis safely, which of the following could the analyst implement?
A. Honeypot
B. VLAN
C. Sandbox
D. Lock box
正解：C

質問 7：
During the identification phase, it is discovered that port 23 is being used maliciously. Which of the
following system hardening techniques should be used to remediate the issue?
A. Configure DNS filtering
B. Configure black hole routing
C. Disable unnecessary services
D. Patch the system
正解：D

質問 8：
An incident responder is asked to work with the IT department to address patch management issues with
the company servers. Which of the following is the BEST source for the incident responder to obtain the
CVEs for the latest industry-recognized patches?
A. Security blogs
B. Security journals
C. Vulnerabilities database
D. Intelligence feeds
正解：C