美亚杯2023个人资格赛

sll_scdyh

于 2024-09-13 11:41:18 发布

阅读量1.4k

点赞数 23

文章标签：网络安全

本文链接：https://blog.csdn.net/2301_80780402/article/details/142206498

版权

笔者在做完2022美亚团体赛的下一套题，整体感受是非常难受——在取证题目中穿插了大量的理论题，对于笔者这种小白简直是“毁灭性的打击”，所以在相关题目的部分可能只是贴了一部分gpt的截图，敬请谅解。

实操题目部分比2022美亚杯资格赛的要简单很多，都是很独立很明显的题目，但是笔者做常识题可能只有10%-20%的正确率，所以在接下来的学习中需要加强基础知识了。

很抱歉题目部分会混有英文，笔者在做的时候也很难受，请大家谅解。

挂载密码：

3hqGFfT#B*Yjd74t@f%9fDqs6D^$wVjAvxZkA79*4UV*kVRcq^Zu6Xp87W*p#X3XD%*ER!nHzzTnSEMwy8NEGX6A*%P&#rBUkxypAPKwX4mP3WZuHnYKRc7sA33hd@qS

1. [填空题] 参考 ' Android.bin ' 回答以下题目 With reference to 'Android.bin' to answer below question 李大辉所用手机移动运营商公司的名称 What is the name of the telecommunication company that Li Dahui's mobile phone is using. 提示:请所有字母都用大写英文 Tips: Please answer in capital letters. (1分) CMHK

CMHK是中国移动香港

2. [单选题] 参考 ' Android.bin ' 回答以下题目 With reference to 'Android.bin' to answer below question 李大辉的手机安装了什么即时通讯软件 (Instant Messaging App)? What instant messaging app is installed on Li Dahui's mobile phone? (1分) AC

A. WhatsApp

B. LINE

C. 微信

D. Signal

E. QQ

3. [填空题] 参考 ' Android.bin ' 回答以下题目 With reference to 'Android.bin' to answer below question 李大辉的手机安装了什么反追踪软件? What anti-tracking software is installed on Li Dahui's mobile phone? 提示: 所有答案字母都用小写字母并用xxx_xxx_xxxxxxx_xxxxxx_xxxx格式作答 Tips: Please answer the question as below format in lowercase letters. (1分)

照片从晚到早排序

4. [单选题] 参考 ' Android.bin ' 回答以下题目 With reference to 'Android.bin' to answer below question 李大辉的手机是什么时间成功登入WhatsApp? At what time did Li Dahui's mobile phone successfully log into WhatsApp? (2分) C

A. 2022-08-18_21:52:30

B. 2022-08-19_21:56:23

C. 2022-08-18_21:56:37

D. 2022-08-19_06:59:07

E. 2022-08-19_07:01:17

创建时间线，一个一个过滤时间

这里发送验证码应该就是要登陆了

5. [填空题] 参考 ' Android.bin ' 回答以下题目 With reference to 'Android.bin' to answer below question 李大辉登入WHATSAPP时的认证短码是什么? What was the verification code that Li Dahui used to log into WhatsApp? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers. (1分) 304313

图同上题

6. [单选题] 参考 ' Android.bin ' 回答以下题目 With reference to 'Android.bin' to answer below question 李大辉到美丽好化妆品公司的入职时间是何时？ When did Li Dahui join the Beauty Good Cosmetics Company? (2分) D

A. 2016-04-16

B. 2016-06-28

C. 2017-05-25

D. 2017-07-25

E. 2017-08-18

总感觉看过这张图，是往届的美亚杯吗

在pdf文件里

7. [单选题] 参考 ' Android.bin ' 回答以下题目 With reference to 'Android.bin' to answer below question 李大辉曾于什么时间使用了图像编辑软件? At what time did Li Dahui use image editing software? (2分) 2022-10-11

A. 2022-09-10

B. 2022-09-12

C. 2022-10-05

D. 2022-11-10

E. 2022-11-13

其实就是去看哪张照片的创建时间和修改时间不同

这里丢给取证大师

到这里我就反应过来了，竟然和2022美亚个人赛用的是相同的素材

比较搞笑的是取证大师还是认为是2008年的照片，那时候都还没有LG-H961N

跳转一下源文件

8. [填空题] 参考Server文件夹下的 ' Meiya_VPN.vmdk ' 回答以下题目 With reference to ' Meiya_VPN.vmdk ' in Server folder to answer below question 这个访问服务器使用了哪个端口？ Which port was used for this access server? 提示: 请用阿拉伯数字作答 Tips: Please answer in arabic numbers. (1分) 943

方法一：在usr/local/openvpn_as/etc/db路径下有config_local.db配置文件:

方法二：检索openvpn

9. [填空题] 参考Server文件夹下的 ' Meiya_VPN.vmdk ' 回答以下题目 With reference to ' Meiya_VPN.vmdk ' in Server folder to answer below question “User1”账户最近连接到这个访问服务器时使用的IP地址是多少？ What was the latest IP of “User1” account that connected to this access server? 提示: 用IPV4 格式回答 Answer: Please answer in IPV4 format (1分) 192.166.244.167

我以为是看wtmp或者btmp

但是这是一个VPN服务器，本质上就是靠远程登陆，所以这个user1不是本地的用户

看同目录下的openvpn.log

10. [多选题] 参考Server文件夹下的 ' Meiya_VPN.vmdk '回答以下题目 With reference to ' Meiya_VPN.vmdk ' in Server folder to answer below question 哪些文件可以找出这个访问服务器的Ubuntu版本？ Which files can find out the Ubuntu version of this access server? (1分) AB

A. lsb-release

B. issue.net

C. .profile

D. console

其实可以一个一个搜来看

11. [多选题] 参考Server文件夹下的 ' Meiya_VPN.vmdk '回答以下题目 With reference to ' Meiya_VPN.vmdk ' in Server folder to answer below question 哪些文件有助于分辨这是一个存储服务器？ Which files could be used to prove this access server? (1分) AB

A. auth.log

B. sys.log

C. bash_history

D. idconfig

12. [单选题] 参考Server文件夹下的 ' Meiya_VPN.vmdk ' 回答以下题目 With reference to ' Meiya_VPN.vmdk ' in Server folder to answer below question 这个访问服务器所在时区是哪个时区？ What is the time zone of this access server? (2分) C

A. UTC +9

B. UTC +8

C. UTC -7

D. UTC

Timedatectl

或者看/etc/timezone

13. [填空题] 参考Server文件夹下的 ' Meiya_VPN.vmdk ' 回答以下题目 With reference to ' Meiya_VPN.vmdk ' in Server folder to answer below question 这个访问服务器的“openvpn”帐户密码是多少？ What is the password of the “openvpn” account of this access server? 提示:请用大写字母与阿拉伯数字作答 Tips: Please answer in capital letters and arabic numbers. (2分) TLfAg6l6dssc

方法一：看端口的时候就知道有账号和密码

看刚刚的数据库就可以发现如果直接登录就是上hostname，如果要先通过vpn再访问内部的服务器，那就是vpn.server.routing.private_network.0。

看他的网络信息就知道应该是后者

方法二：usr/local/openvpn_as目录下

其实就是根据前面的题找到目录然后一个一个看，恰巧有

14. [单选题] 参考Server文件夹下的 ' Meiya_VPN.vmdk '回答以下题目 With reference to ' Meiya_VPN.vmdk ' in Server folder to answer below question 在这个访问服务器中，“User1”账户之间的连接所使用的加密算法（密码）是什么？ What is the encryption algorithms (cipher) used for the connections among the “User1”account in this access server? (2分) D

A. Blowfish-CBC

B. 3DES-CBC

C. AES-128-GCM

D. AES-256-CBC

可以试试全局搜索，就会发现有很多关于User1.ovpn这个文件，当然直接索引搜也可以

然后就能看到加密算法

15. [填空题] 参考' 网络题目.pcapng ' 文件回答以下题目 With reference to ' 网络题目.pcapng ' file to answer below question 给出正在进行Nmap扫瞄的计算机互联网协议地址? What is the source IP of the nmap scanning? 提示: 以IPV4格式给出答案 Answer: Please answer in IPV4 format. (1分) 192.168.186.132

题目的意思是nmap扫描的源ip是什么

一目了然

16. [填空题] 参考' 网络题目pcapng' 文件回答以下题目 With reference to ' 网络题目.pcapng ' file to answer below question 有多少个Nmap扫瞄正在同时进行? How many nmap scanning(s) is/are conducting at the same time? 提示:请给出阿拉伯数字作答 Tips: Please answer in number (1分) 2

方法一：协议使用icmp_echo_reg，用于探测主机存活性，nmap会以这种方式来开始，但不一定所有使用该协议都是在nmap扫描（本题是）

方法二：当一个源IP开始大量给另一个IP大量发包，可能就是开始扫描了，但是我觉得这两个方法都不够准确

17. [单选题] 参考网络题目.pcapng文件回答以下题目 With reference to ' 网络题目.pcapng ' file to answer below question 当计算机正在扫瞄8.8.8.8，namp相关的指令是什么 The computer is scanning 8.8.8.8. What is the corresponding nmap command? (1分) A

A. nmap -sT 8.8.8.8

B. nmap -sU 8.8.8.8

C. nmap -sn -PR 8.8.8.8

D. nmap -sn -PU 8.8.8.8

TCP协议

18. [单选题] 参考网络题目.pcapng文件回答以下题目 With reference to ' 网络题目.pcapng ' file to answer below question 当计算机正在扫瞄45.33.32.156，namp相关的指令是什么 The computer is scanning 45.33.32.156. What is the corresponding nmap command? (1分) B

A. nmap -sT 45.33.32.156

B. nmap -sU 45.33.32.156

C. nmap -sn -45.33.32.156

D. nmap -sn -45.33.32.156

UDP协议

19. [单选题] 国强被指派设定一个DHCP服务器，该服务器需借出最后100个的IP地址，以下哪个IP地址会是被借出的IP地址? Kwok-keung was assinged to configure a DHCP server. The server must lease the last 100 IP addresses. Which of the following IP address will be leased ? (1分) C

A. 10.1.4.255

B. 10.1.4.100

C. 10.1.4.254

D. 10.1.4.1

1-254

20. [单选题] 以下那个协议是属于TCP/IP协议? Which of the following protocols belong to TCP/IP protocol? i: DHCP ii: HTTP iii: RTP iv: Telnet (1分) B

A. i & iii

B. ii & iv

C. 所有皆是 (All answers belong to TCP/IP protocol)

D. 所有皆否(All answers don’t belong to TCP/IP protocol)

21. [单选题] 题目内容请看题目描述。（21） (2分) C

浩贤为一间公司的网络管理员，他需要把一个路由器作出以下设定

1) 允许192.168.26.3连上互联网

2) 允许192.168.26.2作UDP连接

Ho-yin is the network administrator of a company. He needs to

configure a router to below conditions

1) Permit 192.168.26.3 to connect internet

2) Permit 192.168.26.2 to make UDP connection

现在浩贤把路由器作以下设定:-

Ho-yin now makes the router as following settings:-

access-list 119 deny udp any any

access-list 121 permit udp host 192.168.26.2 any

access-list 120 deny tcp any any

access-list 122 permit tcp host 192.168.26.3 eq www any

access-list 123 permit tcp any eq ftp any

志伟是浩贤的主管，他发现浩贤的设定错误，浩贤应作怎样的更正？

Chi-wai is the supervisor of Ho-yin. He discovers Ho-yin made mistake in the settings. What correction should Ho-yin do?

A. ' access-list 123 permit tcp any eq ftp any ' 更正为(change) 'access-list 123 permit udp any eq ftp any '

B. ' access-list 122 permit tcp host 192.168.26.3 eq www any ' 更正为(change) ' access-list 122 permit udp host 192.168.26.3 eq www any '

C. 删除(Delete)' access-list 120 deny tcp any any ' 与' access-list 119 deny udp any any '

D. 删除(Delete)' access-list 123 permit tcp any eq ftp any '

22. [单选题] 题目内容请看题目描述。（22） (2分) A

根据以下ping指令的结果，你会估计192.168.186.132是哪一个操作系统

According to below ping commands, what is the operation system of the target IP address 192.168.186.132?

Ping 192.168.186.132 (使用 32 字节的数据):

回复自 192.168.186.132: 字节=32 时间<1ms TTL=64

Ping 192.168.186.132 with 32 bytes of data

Reply from 192.168.186.132: byte=32 time<1ms TTL=64

Reply from 192.168.186.132: byte=32 time<1ms TTL=64)

192.168.186.132 的 Ping 统计资料:

封包: 已传送 = 4，已收到 = 4, 已遗失 = 0 (0% 遗失)，

大约的来回时间 (毫秒):

最小值 = 0ms，最大值 = 0ms，平均 = 0ms

Ping statistics for 192.168.186.132:

Packet: Sent = 4，Received = 4, Lost = 0 (0% loss)，

Approximate round trip times in milli-seconds:

Minimum = 0ms，Maximum = 0ms，Average = 0ms

A. ) Linux

B. ) Windows XP

C. ) Windows 7

D. ) iOS 12.4 (Cisco Routers)

确实不懂，看了别人的才明白

23. [单选题] 当使用nmap扫瞄目标后，nmap内出现以下信息 After scanning the target by nmap, below messags is shown in nmap "Note: Host seems down. If it is really up, but blocking our ping probes" (主机似乎关机。如果它是开启的，它正在阻挡ping探测。) 应用哪一个指令找出开放的端口? Which command should be used to find out open port? (2分) D

A. ) nmap -sT

B. ) nmap -sN

C. ) nmap -sX

D. ) nmap -Pn

-Pn：不使用Ping探测主机是否存活

24. [单选题] 以下哪一个Nmap指令可以减低被侦测的可能性 Which nmap command can be used to lower the possibility of being dectected ? (2分)

A. nmap -sT -O -T5

B. nmap -sT -O -T0

C. nmap sU

D. nmap -A --host-timeout 99-T1

-sT: 以 tcp 连接扫描

-O: 关闭操作系统检测

-T0: 扫描速度最低

25. [单选题] Apple计算机的硬盘可以使用以下分区方案： The following partition schemes can be used for an Apple computer's hard drive: (1分) D

A. Apple Partition Map

B. GUID Partition Table

C. Master Boot Record

D. All of the above

26. [单选题] 参考' Mac OS.img ' 文件回答以下题目 With reference to ' Mac OS.img ' file to answer below question ' Mac OS.img ' 文件中可以找到多少个符号链接？ How many symbolic links can be found in the ' Mac OS.img ' file? (1分) B

A. 0

B. 1

C. 2

D. 3

存疑，因为别人的wp写的是通过alias来判断

但是alias并不等于软链接

当然如果仿真出来的话，确实就只有这一个alias

27. [单选题] 参考' Mac OS.img ' 文件回答以下题目 With reference to ' Mac OS.img ' file to answer below question 在' Mac OS.img ' 档中使用了哪种分区方案？ Which partition scheme was used in the ' Mac OS.img ' ? (2分) B

A. Apple Partition Map

B. GUID Partition Table

C. Master Boot Record

D. HFS+

GPT

28. [单选题] 参考' Mac OS.img ' '文件回答以下题目 With reference to ' Mac OS.img ' file to answer below question ' Mac OS.img ' 档的文件系统的正确描述是什么？ What is the correct description of the file system in the ' Mac OS.img ' ? (1分)

A. HFS+（已启用日志记录）HFS+ (with journaling enabled)

B. HFS+（已启用区分大小写）HFS+ (with case sensitivity enabled)

C. HFS+（已启用日志记录和区分大小写）HFS+ (with journaling and case sensitivity enabled)

D. APFS (已启用区分大小写）APFS (with case sensitivity enabled)

如果直接看xways，就是区分大小写看不到是否启用日志记录

如果仿真挂载

29. [填空题] 参考' Mac OS.img ' 文件回答以下题目 With reference to ' Mac OS.img ' file to answer below question 从文件“Car.rtfd”中删除了哪个文件？ Which file was deleted from the file "Car.rtfd"? 提示:答案需包括副文件名，并以全小写字母作答，例如 answer.docx Tips: The answer must be in lowercase and include file extension. Example: answer.docx (1分)

方法一：看日志

其中yeah.jpg找不到了

方法二：DocumentRevisions-V100 是 Apple 在 OSX Lion 中引入的内部版本控制系统. 它基本上每次保存时都会保存文件的历史副本

对比两个.rtfd文件夹就可以发现一个没有了yeah.jpg

30. [填空题] 题目内容请看题目描述。（30） (1分)

参考' Mac OS.img '文件回答以下题目

With reference to ' Mac OS.img ' file to answer below question

请提供' Mac OS.img ' 映像文件被“fsck”命令检查的具体时间。

Please provide the specific time when the ' Mac OS.img ' was checked by the "fsck" command.

提示:答案格式为YYYYMMDD-HHMMSS,如2023年1月1日1530时30秒则请回答"20230101-153030")

Tips: The answer format should be YYYYMMDD-HHMMSS. If the answer is 2023-01-01 1530 hrs, the answer should be 20230101-153030.

不知道为什么是看最早的时间

31. [单选题] 参考 ' Mac OS.img ' 文件回答以下题目 With reference to ' Mac OS.img ' file to answer below question 在 .dmg 档中删除了多少个文件？ How many files were deleted from the .dmg file? (1分) D

A. 1

B. 2

C. 3

D. 4

回收站

32. [填空题] 参考 ' Window Artifacts.E01 ' 内的Windows 注册表回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question Elvis Chui 总共登入过该计算机多少次? According to the windows registry record of "Window Artifacts.E01", how many times has Elvis Chui logged into this computer? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers (1分) 11

33. [单选题] 参考 ' Window Artifacts.E01 ' 内的Windows 注册表回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question 该计算机的操作系统是在哪一个时区? What is the time zone of the operating system of this computer? (1分) B

A. UTC +4

B. UTC +8

C. UTC -8

D. UTC -4

34. [单选题] 参考 ' Window Artifacts.E01 '内的Windows 注册表回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question 该计算机的操作系统于何时安装? (以计算机系统时区回答) When was the operating system of this computer installed? (Answer in the time zone of the computer system) (1分) B

A. 2023-07-13 19:18:14

B. 2023-07-13 11:18:14

C. 2023-07-13 03:18:14

D. 2023-07-12 19:18:14

同上图

35. [多选题] 参考' Window Artifacts.E01 '内的Windows 注册表回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question 哪(几)个程序会于操作系统启动时自动执行? Which program(s) would be automatically executed upon operating system startup? (1分) ABC

A. Avast

B. Steam

C. OneDrive

D. QQ

36. [单选题] 参考' Window Artifacts.E01 '内的Windows 注册表回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question 该计算机内安装了以下哪一个程序? Which one of the following programs was installed on this computer? (1分)

A. QQ

B. WPS Office

C. Opera

D. Kaspersky

搜一下

37. [填空题] 参考' Window Artifacts.E01 '内的Windows 注册表回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question 计算机内的OneDrive程序版本是什么? What is the version of the OneDrive program installed on this computer? (1分)

21.220.1024.0005

38. [填空题] 参考' Window Artifacts.E01 '内的Windows 注册表回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question 计算机有一个正在连接的网络接口，该接口连接DHCP服务器的IP地址是多少? What is the IP address of DHCP server. ? 提示: 以 IPV4格式回答 Answer: Please answer in IPV4 format. (1分)

192.168.88.129

39. [单选题] 参考' Window Artifacts.E01 '内的Windows 注册表回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question 该计算机何时连接过一只U盘? (以计算机系统时区回答) When was a USB flash drive last connected to this computer? (Answer in the time zone of the computer system) (1分) C

A. 2023-07-13 11:48:26

B. 2023-07-13 03:48:29

C. 2023-07-12 19:48:29

D. 2023-07-13 11:48:29

40. [多选题] 参考' Window Artifacts.E01 '回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question Elvis Chui 将哪几个文本文件放在回收站中? Which text files did Elvis Chui put into the recycle bin? (3分) BE

A. $+D10I76A74P.txt

B. Holiday schedule 2023-07-16.txt

C. Holiday schedule 2023-07-13.txt

D. Minute on 2023-07-01.txt

E. Minute on 2023-07-10.txt

41. [单选题] 参考' Window Artifacts.E01 ' 回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question Elvis Chui在什么时间删除了第一个文本文件? (以计算机系统时区回答) What time did Elvis Chui delete the first text file? (Answer in the time zone of the computer system) (3分) D

A. 2023-07-13 11:50:15

B. 2023-07-13 03:49:45

C. 2023-07-13 03:50:15

D. 2023-07-13 11:49:45

同上图

42. [填空题] 题目内容请看题目描述。（42） (2分)

参考 ' Window Artifacts.E01 '回答以下题目

With reference to ' Window Artifacts.E01 ' file to answer below question

Elvis Chui删除的第一个文本文件的文件名是什么?

What was the name of the first text file Elvis Chui deleted?

Holiday schedule 2023-07-16.txt

同上图

提示: 请用小写字母回答及需列明文件格式。如文件名字内有空格位置，请用_标示。例如: go_to_school.docx

Tips: Please use lowercase to answer the questions and mention the file extension. If a blank space is present, please use _ to represent the blank space. Example: go_to_school.docx

43. [单选题] 参考 ' Window Artifacts.E01 ' 回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question Elvis Chui删除的第一个文本文件在什么时间创建? (以计算机系统时区回答) When was the text file first deleted by Elvis was created? (Answer in the time zone of the computer system) (2分) D

A. 2023-07-13_11:42:39

B. 2023-07-13_11:50:49

C. 2023-07-13_11:49:45

D. 2023-07-13_11:45:22

44. [填空题] 参考 ' Window Artifacts.E01 ' 回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question Elvis Chui计划于2023年7月15日20点5分有什么活动? What is Elvis Chui's plan at 8:05 PM on July 15, 2023? 提示: 答案请与文件内的文字与大细阶相同 Tips: Please answer the exact words and uppercase/lowercase leters shown in the file (1分) Movie

45. [填空题] 参考 ' Window Artifacts.E01 ' 回答以下题目 With reference to ' Window Artifacts.E01 ' file to answer below question 该计算机执行STEAM.EXE总共多少次? How many times has STEAM.EXE been opened on this computer? 提示: 请用阿拉伯数字作答 Tips: Please answer in arabic numbers (1分) 7

46. [单选题] 一个名为“Account”的数据库表拥有5个"列"，以下哪一个指令会产生错误讯息? (提示: 1.数据库是拥有正常默认的系统表格 2.错误信息是关于"超出上限"的错误) A database table called “Account” has 5 columns. Which of the following command will case an error message? (Tips 1. database has default system tables 2. error message is related to "Out of Range".) (1分) C

A. SELECT * from Account WHERE name=‘Alex’ OR ‘1’=1

B. SELECT * FROM Account WHERE name=‘Bill’ UNION SELECT NULL, NULL, NULL, NULL

C. SELECT * from Account WHERE name=‘Candy’ ORDER BY 6

D. SELECT name FROM sys.tables

ORDER BY 6是按照第六列进行排序，错误信息是关于"超出上限"的错误

47. [单选题] 当客户端收到一个页面请求的HTTP状态代码为304时，以下哪种情况最有可能发生？ When a client receives an HTTP Status Code of 304 for a page request, which of the following is most likely to take place? (1分) B

A. 页面将显示错误The page will display with errors

B. 页面将从浏览器缓存中加载The page will be loaded from the browser cache

C. 浏览器将显示“访问被拒绝”The browser will display an “Access Denied”

D. 服务器将复位向客户端到另一个资源The server will redirect the client to another resource

48. [单选题] 在HTML注入攻击中，以下哪种情况最有可能出现？ Which of the following would most likely be found in an HTML Injection attack? (1分) C

A. <form action=“http://1.2.3.4/login.htm”>Password:<input type=“password” name=“pword”> </form>

B. <embed src=“http://demo.com/demo.swf”> </embed>

C. <script>alert(‘Correct’)</script>

D. <?php include(“inc/” .$_GET[‘file’]；?>

49. [单选题] 如何预防HTML注入攻击？ How to prevent HTML injection attacks? (1分) D

A. 密钥管理Key management

B. 同源策略执行Same Origin Policy enforcement

C. 会话验证Session validation

D. 输入过滤Input sanitization

保证输入的内容合法就能防止注入

50. [单选题] 同源策略在浏览器内存中提供Web应用程序安全的目的是什么？ What is the purpose of Same-Origin Policy in providing web application security in a browser’s memory? (3分) C

A. 防止客户端访问恶意网站Preventing the client from accessing a malicious site

B. 禁止Web会话运行外部脚本Prohibiting a web session from running externally sourced scripts

C. 控制来自不同服务器的代码之间的交互Controlling interactions between code from different servers

D. 阻止浏览器运行危险或有害的脚本Stopping a browser from running dangerous or harmful scripts

51. [填空题] 题目内容请看题目描述。（51） (2分)

编写Nmap命令以显示以下结果。

Write the Namp command that will show the following result

Starting Nmap 7.94 (https://nmap.org) at 2023-07-11 18:26 中国标准时间

Nmap scan report for www.baidu.com (220.181.38.149)

Host is up (0.044s latency).

Other addresses for www.baidu.com (not scanned): 220.181.38.150

Not shown: 998 filtered tcp ports (no-response)

PORT STATE SERVICE

80/tcp open http

| http-robots.txt: 10 disallowed entries

| /baidu /s? /ulink? /link? /home/news/data/ /bh /shifen/

|_/homepage/ /cpro /

443/tcp open https

| http-robots.txt: 10 disallowed entries

| /baidu /s? /ulink? /link? /home/news/data/ /bh /shifen/

|_/homepage/ /cpro /

Nmap done: 1 IP address (1 host up) scanned in 6.01 seconds

提示:请输入完整的Nmap指令，例如: nmap --script http-brute -p 80 www.google.com

Tips: Please input the complete nmap command. Example: nmap --script http-brute -p 80 www.google.com

nmap --script http-robots.txt -p 80,443 www.baidu.com

52. [填空题] 除了使用Nmap，还有其他方法可以验证上述结果，其中一种方法是使用Web浏览器浏览URL，编写URL以显示上述结果。（答案不要包含“http://”） Other than using Nmap, there are other methods which can verify the above result. One of the methods is using Web browser to surf the URL. Write the URL that will show the above result. (Answer without “http://”) (2分)

www.baidu.com/robots.com

53. [单选题] 参考' IOS ' 文件夹回答以下题目 With reference to ' IOS ' to answer below question 根据 ' com.apple.ios.StoreKitUIService.plist ' , 这部电话是什么型号? According to ' com.apple.ios.StoreKitUIService.plist ', what is the model of this phone? (1分) C

A. SAMSUNG S23

B. iPhone X

C. iPhone XR

D. iPhone XS

E. iPhone 13

有点抽象

54. [单选题] 参考 ' IOS ' 文件夹回答以下题目 With reference to ' IOS ' to answer below question 根据com.apple.ios.StoreKitUIService.plist，上述电话的文件系统是什么? According to com.apple.ios.StoreKitUIService.plist, what is the file system of the phone in question? (1分) D

A. FAT32

B. NTFS

C. HFS+

D. APFS

E. EXT4

55. [多选题] 参考 ' IOS ' 文件夹回答以下题目 With reference to ' IOS ' folder to answer below question 根据ChatStorage.sqlite，哪些对话已锁定? According to ChatStorage.sqlite where chats are stored, which conversations are locked? (3分)

A. 447380449879@.whatsapp.net

B. 79096209701@.whatsapp.net

C. 923109725619@.whatsapp.net

D. 85256026169@.whatsapp.net

E. status@broadcast

不知道为什么我的数据库里看不到

56. [填空题] 参考 ' IOS ' 文件夹回答以下题目 With reference to ' IOS ' folder to answer below question 根据ChatStorage.sqlite，有多少段录音对话? According to ChatStorage.sqlite, how many recorded conversations are there? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers. (2分)

看来我的数据库不完整

57. [单选题] 参考 ' IOS ' 文件夹回答以下题目 With reference to ' IOS ' folder to answer below question Apple Cocoa Core Data timestamp 是由什么时间开始? From what time does the Apple Cocoa Core Data timestamp start? (1分) A

A. 2001年1月1日

B. 1970年1月1日

C. 2006年1月1日

D. 1960年1月1日

58. [填空题] 参考 ' IOS ' 文件夹回答以下题目 With reference to ' IOS ' folder to answer below question 根据Photos.sqlite数据库中，有多少段视频可能涉及WhatsApp? According to the Photos.sqlite database, how many videos may be related to WhatsApp? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers (2分)

我的数据库还是不完整

59. [多选题] 参考 ' IOS ' 文件夹回答以下题目 With reference to ' IOS ' to answer below question 根据Photos.sqlite数据库中，下列哪个选项对IMG_0008.HEIC的描述是错的? According to the ' Photos.sqlite ' database, which of the following descriptions of IMG_0008.HEIC is incorrect? (3分) ABDE

A. 由第三方软件拍摄

B. 经过修改

C. 由后镜拍摄

D. 用ISO200拍摄

E. 没有储存经纬度

先进行过滤

在zextendedattributes里找到对应的PK值

60. [填空题] 题目内容请看题目描述。（60） (1分)

参考 ' IOS ' 文件夹回答以下题目

With reference to ' IOS ' folder to answer below question

根据 ' sms(ios).db ' 的资料，全局唯一标识符(GUID): DD31C26F-1D72-DE0F-431E-EF98F104402D显示的信息是什么?

According to ' sms(ios).db ', what is the message shown on Globally Unique Identifier (GUID) of DD31C26F-1D72-DE0F-431E-EF98F104402D? 你的 Uber 驗證碼為 3666. 請勿分享此驗證碼.

一样，先过滤

提示:答案需要与信息一样(答案包括中文字、阿拉伯数字与符号)

Tips: Answer should be same as the message (including Chinese words, arabic numbers and symols)

61. [多选题] 参考 ' IOS ' 资料夹回答以下题目 With reference to ' IOS ' folder to answer below question 根据 ' com.burbn.instagram.plist ' 及 ' com.facebook.Facebook.plist ' 手机安装了实时通讯软件Facebook及Instagram的那个版本? (Instant Messaging Apps)? According to 'com.burbn.instagram.plist ' and ' com.facebook.Facebook.plist ', which version of instant messaging apps (Facebook and Instagram) are installed on the phone? (1分) AB

A. Instagram (Version 278.0.0.19.115)

B. Facebook (Version 410.0.0.41.116)

C. Instagram (Version 279.0.0.23.112)

D. Facebook (Version 410.0.0.26.115)

E. Instagram (Version 278.0.0.25.115)

F. Facebook (Version 410.0.0.57.116)

62. [填空题] 题目内容请看题目描述。（62） (2分)

参考 ' IOS ' 文件夹回答以下题目

With reference to ' IOS ' folder to answer below question

根据 ' ChatStorage(ios).sqlite ' , 用户数据Peter Chow (85262012141)在什么日期和时间(以UTC +8时区)曾经通过实时通讯软件送出一个信息(内容为: I am already home)? 2023-04-01_11:21:51

According to ' ChatStorage(ios).sqlite ', on what day and time (in UTC+8 time zone) did Peter Chan (user information 85262012141) send a message via instant messaging? (Hint: Message Content: I am already home)

提示:以UTC +8时区作答,并以YYYY-MM-DD_HH:MM:SS格式作答

例如:2023-01-01_10:01:01 (答案无需输入UTC +8)

Tips: Please answer the question in UTC +8 timezone and use format YYYY-MM-DD_HH:MM:SS to answer. Example: 2023-01-01_10:01:01

很明显应该在zmessage里

时间是基于时间戳，需要转换ds

可以发现如果是unix时间戳很明显不对，结合之前的题目，就应该是cocoa时间戳

63. [填空题] 题目内容请看题目描述。（63） (1分)

参考 ' IOS ' 文件夹回答以下题目

With reference to ' IOS ' folder to answer below question

根据影片IMG_0687.MOV的原数据，找出影片拍摄时间?

According to original data of video IMG_0687.MOV, please find out the taping time?

提示:以UTC +8时区作答,并以YYYY-MM-DD_HH:MM:SS格式作答

例如:2023-01-01_10:01:01 (答案无需输入UTC +8)

Tips: Please answer the question in UTC +8 timezone and use format YYYY-MM-DD_HH:MM:SS to answer. Example: 2023-01-01_10:01:01

不知道为什么没有找到对应的文件

64. [单选题] 参考 ' IOS ' 文件夹回答以下题目 With reference to ' IOS ' folder to answer below question 根据 ' CallHistory(ios).storedata '，哪份表格显示了通话记录? According to ' CallHistory(ios).storedata ',which table(s) containting the data of call record? (2分) B

A. ZCALLBPROPERTIES

B. ZCALLRECORD

C. Z_2REMOTEPARTICIPANTHANDLES

D. Z_METADATA

E. Z_MODELCACHE

F. Z_PRIMARYKEY

65. [填空题] 参考' IOS ' 文件夹回答以下题目 With reference to ' IOS ' folder to answer below question 根据 ' com.apple.sharingd.plist '，这部手机的隔空投送的身份标识号(AirDrop ID)是什么? Accoding to ' com.apple.sharingd.plist ', What is AirDrop ID of the mobile phone? 提示:请以阿拉伯数字与小写字母作答 Tips: Please answer in arabic numbers and lowercase letters. (3分) 2abd0940fbdc

66. [填空题] 参考 ' IOS ' 文件夹回答以下题目 With reference to ' IOS ' folder to answer below question 根据 ' Accounts3.sqlite '，这部手机的苹果使用者账号 (Apple ID) 是什么? According to ' Accounts3.sqlite ', what is the Apple ID of this mobile phone? 提示:请以电邮格式作答(例:jack2023@hotmail.com) Please answer in email format (Example: jasck2023@hotmail.com) (2分) foratcd2023@gmail.com

67. [单选题] 题目内容请看题目描述。（67） (1分)

哪一行代码的是负责更新在GitHub使用中的 .journal 文件的更新历史记录 ?

Which line of code in the script is responsible for updating GitHub with the updated history of the .journal file?

line 1 git config --global user.name "mikesezto"

line 2 git config --global user.email "smike@general.org"

line 3

line 4 cd which-truth

line 5 rm.journal

line 6

line 7 git add.journal

line 8 git commit -m "Remove sensitive data"

line 9 git push

line 10

line 11 git clone --mirror http://github.com/smike/which-truth

line 12

line 13 java -jar bfg.jar --delete-files.journal which-truth

line 14 cd which-truth

line 15 git reflog expire --expire=now --all

line 16 git gc --prune=now --aggressive

line 17 git push --force

A. 08

B. 13

C. 16

D. 17

答案是A ，但是看英文的意思是给GitHub更新

68. [单选题] 题目内容请看题目描述。（68） (1分)

下列哪一行AWS S3 Bucket授权策略中的设置有问题? B

Which line of setting in the following AWS bucket policy statement is in question?

line 1 {

line 2 "Version": "2020-11-12",

line 3 "Statement": [

line 4 {

line 5 "Sid": "PublicReadGetObject",

line 6 "Effect": "Allow",

line 7 "Principal": "*",

line 8 "Action": "s3:GetObject",

line 9 "Resource": "arn:aws:s3:::company-sensitive-14dnid23nfief/*"

line 10 }

line 11 ]

line 12 }

A. 2

B. 7

C. 8

D. 9

69. [单选题] 以下哪项是多重身份验证 (MFA) 的示例 Which of the following is an example of multi-factor authentication (MFA)? (1分) D

A. PIN 码和软件令牌 PIN and software token

B. 指纹和视网膜扫描 fingerprint and retinal scan

C. 用户名和密码username and password

D. 一次性短信代码和硬件令牌one-time SMS code and a hardware token

70. [单选题] 题目内容请看题目描述。（70） (2分)

AWS用家在户口网络进行设定，而这些设定会记录用户或第三者的活动。第 11 行代码中的设定可以找到哪些用户或第三者的活动信息？ B

An AWS user is setting up his AWS account. Those setting will record the activities of the user or third party. What user or third party information could be found in line 11 of code in the script ?

line 1 sudo yum install python-pip -y

line 2 sudo pip install opencanary

line 3

line 4 sudo opencanaryd --copyconfig

line 5

line 6 opencanaryd --start

line 7

line 8

line 9 sudo yun install jq -y

line 10

line 11 jq -r .src_host /var/tmp/opencanary.log | grep -V ^$ | sort | uniq > -/sources.txt

line 12 jq -r .logdata.USERNAME /var/tmp/opencanary.log | grep -V null | sort | uniq > -/usernames.txt

line 13 jq -r .logdata.PASSWORD /var/tmp/opencanary.log | grep -V null | sort | uniq > -/passwords.txt

A. User Name 用户的名称

B. User Source 用户的来源

C. Attacker Name 攻击者的名称

D. Attacker Source 攻击者的来源

71. [单选题] AWS用户设置了一个VPC，IP地址范围为10.0.0.0-10.0.0.24。下列哪个 IP 地址用于 DNS ? An AWS user sets a VPC with IP address space of 10.0.0.0-10.0.0.24，Which of the following IP address is used for DNS? (2分) B

A. 10.0.0.0

B. 10.0.0.1

C. 10.0.0.2

D. 10.0.0.3

72. [单选题] 以下哪种类型的云服务用于操作系统和网络 ? Which of the following type of Cloud service is used for operating systems and network? (1分) C

A. 软件即服务Software as a Service

B. 平台即服务Platform as a Service

C. 基础架构即服务 Infrasture as a Service

D. 数据即服务 Data as a Service

73. [单选题] 以下哪项是Bastionhost的特点？ What is the feature of a bastionhost? (2分) C

A. 包含敏感信息 Contains sensitive information

B. 无法访问内部系统 No access to internal systems

C. 限制暴露的服务 Limits exposed services

D. 没有连接到互联网 No connection to the internet

74. [单选题] 在Linux系统中，哪个命令可以用于创建文件系统？ In Linux system, which command can be used to create file system ? (1分) B

A. mount /dev/sda3 /mnt/usb

B. mkfs-ext4 /dev/sda2

C. mkfs-ext3 /sys/sda1

D. pvcreate /dev/sda

E. genfstab -U -p /mnt

75. [单选题] 题目内容请看题目描述。（75） (2分) D

‘Link’实际上是指向LINUX系统中另一个文件或文件夹的指标。以下哪个命令可以产生下面的结果:

A link is actually a pointer to another file or folder in the Linux system. Which of the following command can generate below result?

> ls -ilas

|total 0

|9731253 0 drwxr-xr-x 1 user users 4096 Jul 14 13:31 .

|1725961 0 drwxr-xr-x 1 user users 4096 Jul 14 13:29 ..

|90371467 0 -rw-r--r-- 2 user users 90 Jul 14 13:30 testing.txt

|90371467 0 -rw-r--r-- 2 user users 90 Jul 14 13:30 shotcut-testing.txt

A. link -s testing.txt shotcut-testing.txt

B. ln -s shotcut.txt testing.txt

C. ln testing.txt shotcut-testing.txt

D. ln -s testing.txt shotcut-testing.txt

E. ln shotcut.txt testing.txt

76. [单选题] 以下哪个命令用于在Linux系统中创建分区？ Which of the following command is used to create partitions in the Linux system? (1分) A

A. gdisk /dev/sde

B. mke2fs /dev/sdb1 -t ext4

C. mount /dev/sdc1 /mnt/fs_home

D. fdisk -lu

E. lvcreate -l +200 /dev/vg00/log/vol-00

77. [单选题] 一个系统管理员要扩展运行在LVM系统中的服务器存储。以下哪个命令可以用于扩展LVM中的逻辑卷？ A system administrator wants to expand the server storage running in LVM system. Which command can be used to expand the logical volume in LVM? (1分) E

A. lvdisplay /dev/vg02/vol-01

B. lvcreate -n /dev/vg02 -l 200

C. lvextend -n /dev/vg02 -l +200

D. lvscan -l +200 /dev/vg02/vol-01

E. lvresize -l +200 /dev/vg02/vol-01

78. [单选题] 题目内容请看题目描述。（78） (2分)

一个系统管理员编写了一个bash代码来构建一个RAID系统，如下所示，将要实现什么类型的RAID？ C

A system administrator has written a bash code to build a RAID system as shown below. What type of RAID is going to be implemented?

| #!/bin/bash

| hd1=/dev/sda1

| hd2=/dev/sdb1

| hd3=/dev/sdc1

| hd4=/dev/sdd1

| mdadm --build /dev/md1 --level=1 --raid-devices=2 $hd1 $hd2

| mdadm --build /dev/md2 --level=1 --raid-devices=2 $hd3 $hd4

| mdadm --build /dev/md3 --level=0 --raid-devices=2 /dev/md2 /dev/md1

A. RAID 0

B. RAID 1

C. RAID 1+0

D. RAID 0+1

E. 这个代码不起作用 (No effect)

79. [单选题] 题目内容请看题目描述。(79) (3分)

以下是运行在LINUX服务器中的服务清单。以下哪个命令可以关闭“bluetooth.service”服务？ D

The following is a list of service running on a Linux server. Which command can be used to turn off the Bluetooth service?

|● vm-production-xabonline.com

| State: running

| Jobs: 0 queued

| Failed: 0 units

| Since: Fri 2023-05-19 08:37:06 UTC; 2 months 11 days ago

| CGroup:

| ├─init.scope

| │ └─ 1 /sbin/init

| ├─system.slice

| │ ├─bluetooth.service

| │ │ └─ 737 /usr/lib/bluetooth/bluetoothd

| │ ├─dbus.service

| │ ├─docker.service

| │ │ └─ 853 /usr/bin/dockerd -H fd://

| │ ├─libvirtd.service

| │ │ └─ 2975 /usr/bin/libvirtd --timeout 120

| │ ├─polkit.service

| │ └─virtlogd.service

| │ └─ 3176 /usr/bin/virtlogd

| └─user.slice

| └─user-1000.slice

A. systemctl kill bluetooth.service

B. systemctl disable bluetooth.service

C. systemctl down bluetooth.service

D. systemctl stop bluetooth.service

E. systemctl rm bluetooth.service

80. [单选题] 题目内容请看题目描述。(80) (1分)

cron服务在LINUX系统中充当作业调度程序。它实际上是在cron表（crontab）中指定的命令行列表。现在准备启动和关闭一个Web服务器（httpd.service），如下所示：

The Cron service acts as a job scheduler in the Linux system. It is actually a list of commands specified in the cron table (crontab). Now, the plan is to start and stop a web server (httpd.service) as below

上午8时30分（启动）- 下午6时06分（关闭）；周一至周五

AM 0830 (start) - PM 0606 (Closed) ; Monday to Friday

以下哪个crontab设置适用于这种情况？ B

Which of the following crontab setting can be used in this situation ?

A. 30 8 * 1-5 * /usr/bin/systemctl start httpd.service 及 06 18 * 1-5 * /usr/bin/systemctl stop httpd.service

B. 30 8 * * 1-5 /usr/bin/systemctl start httpd.service 及 06 18 * * 1-5 /usr/bin/systemctl stop httpd.service

C. 30 8 1-5 * */usr/bin/systemctl start httpd.service 及 06 18 1-5 * */usr/bin/systemctl stop httpd.service

D. 30 8 * * * /usr/bin/systemctl start httpd.service 及 06 18 * * * /usr/bin/systemctl stop httpd.service

E. 以上都不是

81. [单选题] 以下哪个Linux命令可以显示目录中的所有文件，包括隐藏文件？ Which of the following Linux command is able to show all files in a directory, including hidden file? (1分) B

A. ls -ls

B. ls -asl

C. ls -lAs | wc

D. ls -als | grep ssh

E. None

82. [单选题] 如果您想要检查Linux系统上可用的剩余磁盘空间量，您会使用以下哪个命令？ If you want to check the amount of free disk space available on a Linux System, you will use which of the following command? (1分) A

A. df -vh

B. df -sh

C. dl -vh

D. dd -sh

E. dt -vh

83. [单选题] Dockerfile是一个文本文档，用于在Docker架构中生成以下哪个组件？ Dockerfile is a text document that aims to produce which of the following component in docker architecture? (1分) B

A. docker engine

B. image

C. container

D. volumes

E. docker network

84. [单选题] 在Linux系统中，运行中程序的进程并位于内存区域，可以通过检查文件/proc/[pid]/maps来显示这些内存区域。以下哪个不是Linux系统中的内存区？ In Linux system, process is an instance of a running program located in several memory regions that can be revealed by inspecting file /proc/[pid]/maps. Which of the following is not the memory region working in Linux system? (1分) C

A. [heap]

B. [stack]

C. [paging]

D. [vvar]

E. [vdso]

85. [单选题] 以下命令中，哪个命令可以对"export-logs"输出进行排序? Which of the following command can be used to sort the results of export-logs? (1分) D

A. export-logs<sort

B. export-logs>sort

C. export-logs&sort

D. export-logs|sort

E. export-logs<>sort

86. [多选题] 哪些文件会影响Linux主机的名称解析功能？(多选题) Which files will affect the name resolution function of a Linux host? (1分) ABD

A. /etc/resolv.conf

B. /etc/hosts

C. /etc/default/names

D. /etc/nsswitch.conf

E. /etc/inet/hosts

87. [单选题] 哪个系统文件包含了一般的端口、关联的服务和协议？ Which file include the well known ports, associated services and protocol? (1分) A

A. /etc/services

B. /etc/sysconfig/network-scripts

C. /etc/services.conf

D. /etc/inet/hosts

E. Noneofthechoices

88. [填空题] 题目内容请看题目描述。（88） (1分)

参考' Windows 10 ' 文件夹回答以下题目

With reference to ' Windows 10 ' folder to answer below question

在 Windows 10 中 \Users\qqqqq\Downloads，视频文件(mixkit-two-women-laying-together-925-medium.mp4)，在MFT 中分成多少个Data Cluster 储存？

n Windows 10, the video file "mixkit-two-women-laying-together-925-medium.mp4" located at \Users\qqqqq\Downloads is stored in the Master File Table (MFT) using a series of data clusters. The exact number of data clusters used to store the file in the MFT is?

提示: 请以阿拉伯数字作答

Tips: Please answer in arabic numbers

不是很懂，就把大佬的wp贴一下

89. [单选题] 题目内容请看题目描述。（89） (1分)

参考' Windows 10 ' 文件夹回答以下题目

With reference to ' Windows 10 ' folder to answer below question

在 Windows 10 中 \Users\qqqqq\Downloads\ mixkit-two-woman-laying-together-925-medium.mp4 的last Access 时间是多少?

In Windows 10, what is the last Access time of the file ' mixkit-two-woman-laying-together-925-medium.mp4 ' located in ' \Users\qqqqq\Downloads ' ? A

A. 2023/07/10 18:31:32

B. 2023/07/10 18:31:01

C. 2023/07/10 19:31:22

D. 2023/07/11 19:31:22

90. [填空题] 题目内容请看题目描述。（90） (1分)

参考' Windows 7 ' 文件夹回答以下题目

With reference to ' Windows 7 ' folder to answer below question

在 Windows 7 中 \Users\Allen\Desktop，有1个MP3 文件 (例:unlock-me-149058.mp3)，用户使用什么程序打开该MP3 文件? potplayer

In Windows 7, there is 1 MP3 file (unlock-me-149058.mp3) saved under the path ' \Users\Allen\Desktop. What program did the user use to open the mp3 file.

提示:请以小写字母作答

Tips: Please answer in lowercase letters.

仿真一下

91. [单选题] 题目内容请看题目描述。（91） (1分)

参考' Windows 7 ' 文件夹回答以下题目

With reference to ' Windows 7 ' folder to answer below question

在 Windows 7 中 ' \Users\Allen\Desktop '有1个MP3 文件 (unlock-me-149058.mp3)，该文件的Zone identiflier为'3'。上述'3'字代表哪一个security Zone ? B

In Windows 7, there is one MP3 file (unlock-me-149058.mp3) saved under the path ' \Users\Allen\Desktop. The zone identiflier of above file is '3'. What security zone does '3' represent?

A. Local Machine Zone

B. Internet Zone

C. Restricted Zone

D. Trust Site Zone

92. [单选题] 题目内容请看题目描述。（92） (1分)

参考' Windows 7 ' 文件夹回答以下题目

With reference to ' Windows 7 ' folder to answer below question

在 Windows 7 中 \Users\Allen\Desktop有1个MP3 文件 (unlock-me-149058.mp3)，该文件从哪个网站下载? A

In Windows 7, there is a MP3 file (unlock-me-149058.mp3) saved under the path ' \Users\Allen\Desktop. Which website was used to download the file?

A. www.Pixbay.com

B. free-mp3-download.net/

C. https://mp3juices.nu

D. mygomp3.com

仿真能猜

当然直接索引搜索就好了

93. [单选题] 参考' Windows 7 ' 文件夹回答以下题目 With reference to ' Windows 7 ' folder to answer below question 在 Windows 7 中 \Users\Allen\Downloads 内有mp3文件 (miracle.mp3), 更改名称时间? In Windows 7, there is a MP3 file named "miracle.mp3 saved under the path ' \Users\Allen\Downloads." When was the file's name changed? (2分) D

A. 2023-07-13 02:55:20

B. 2023-07-15 10:55:20

C. 2023-07-12 10:58:04

D. 2023-07-13 10:55:20

这里用普通的日志分析看不到，要多分析一次NTFS日志

94. [填空题] 题目内容请看题目描述。（94） (1分)

参考' Windows 7 ' 文件夹回答以下题目

With reference to ' Windows 7 ' folder to answer below question

在 Windows 7 中 \Users\Allen\Downloads 内有mp3文件 (miracle.mp3), mp3文件更改名称前的名称是什么? a-small-miracle-132333.mp3

In Windows 7, there is an MP3 file named "miracle.mp3 saved under the path ' \Users\Allen\Downloads." What was the name of the MP3 file before it was renamed?

提示: 请以与记录相同的名称与文件格式作答

Tips: Please answer the exact name and file extension of the file

同上图

重命名文件或目录(a-small-miracle-132333.mp3->miracle.mp3) ; 关闭文件或目录

95. [单选题] 参考' Windows 7 ' 文件夹回答以下题目 With reference to ' Windows 7 ' folder to answer below question 在 Windows 7中有多少个文件曾被potplayer 播放? In Windows 7, how many files have been played by potplayer? (1分)

A. 7

B. 8

C. 9

D. 10

我认为是去数关了多少次，但是这样超了10次

别人的wp是看最近打开的项目，然后默认所有的媒体文件都是potplayer打开得到，我不是很认可

96. [填空题] 题目内容请看题目描述。（96） (1分)

参考' Windows 7 ' 文件夹回答以下题目

With reference to ' Windows 7 ' folder to answer below question

在 Windows 7中, potplayer最后播放的文件名?

In Windows 7, what is the name of the file name of last file played by PotPlayer?

提示: 请以与记录相同的名称(包括小写字母、阿拉伯数字与符号)与文件格式作答

Tips: Please answer the exact name (including lowercase letters, arabic numbers and symbols) and file extension of the file

降序排列最后访问的时间

别人的wp直接看播放列表，我觉得非常不严谨，而且我的播放列表并不是该答案

97. [单选题] 题目内容请看题目描述。（97） (3分)

事件应急小组 ( IR team)正在处理一起网络事件。调查显示，目标服务器是一个 EC2 Linux 实例，与该事件有关。

该团队打算获取Linux系统的内存（使用SHA256）。与该事件关联的 AWS 账户以用户名“duckman”注册。为了促进内存获取过程，该团队建立了专用的“取证服务器”。并使用“LiME”通过网络获取内存。

以下哪一个指令是设定取证服务器以作取得内存内容的初步步骤? B

The incident response team was handling a cyber incident. The investigation revealed that the target server, an EC2 Linux instance, was implicated in the incident.

The team intends to obtain the memory of the Linux system (with SHA256). The AWS account associated with the incident is registered under the username "duckman." To facilitate the memory acquisition process, the team has established a dedicated "forensic server." and use “LiME” to acquire memory via network.

Which of the following command is the early step to config the “forensic server” for the memory acquisition?

A. nc -l 4444 >mem126.lime.gz

B. Insmod lime.ko “pathtcp:4444 format=lime digest=sha256 compress=1”

C. scp -I ~/DFIRSciAWTest.pem lime.ko ec2-duckman@3.137.169.127:~/scp -I ~/DFIRSciAWTest.pem /usr/bin/nc ec2-duckman@3.137.169.127:~/

D. ssh duckman@<target_server_ip> "sudo dd if=/dev/mem | gzip -1 -" > memory_dump.gz

98. [单选题] 题目内容请看题目描述。（98） (3分)

基于两个 SQLite 数据库文件“cus_202308102034.json”和“date_202308101120.json”。

请编译一个 SQLite 脚本找出谁前往目的地“莫斯科". A

包括

- 所有客户的姓名、

- 目的地、

- “arrival_timestamp_HK”[将时间戳转换为本地时间并将该列命名为“local_time”]。

Based on the two SQLite Database Files “cus_202308102034.json” and "date_202308101120.json".

please compile an SQLite statement to find out who traveled to the destination “Moscow”, with all customers name, destination, “arrival_timestamp_HK” [convert the timestamp to localtime and name the column as “local_time”].

A. SELECT c.customer_name, c.destination, datetime(d.arrival_timestamp_HK, 'unixepoch', 'localtime') AS arrival_time_hkFROM cus cINNER JOIN date d ON c.destination = d.Destination WHERE c.destination = 'Moscow'

B. SELECT cus.customer_name, cus.destination, datetime(date.arrival_timestamp_HK, 'unixepoch', 'localtime') AS arrival_time_hkFROM cusINNER JOIN date ON customer_id = date.id WHERE cus.destination = 'Moscow' AND date.Destination = 'Moscow' AND date.arrival_timestamp_HK IS NOT NULL AND datetime(date.arrival_timestamp_HK, 'unixepoch', 'localtime')

C. SELECT cus.customer_name, cus.destination, date.arrival_timestampFROM cusINNER JOIN date ON cus.destination = date.destination；WHERE cus.destination = 'Moscow' AND date.Destination = 'Moscow'

D. SELECT cus.customer_name, cus.destination, datetime(date.arrival_timestamp_HK, 'unixepoch', 'localtime') AS arrival_time_hkFROM cusINNER JOIN date ON cus.destination = date.Destination WHERE cus.destination = 'Moscow' AND date.Destination = 'Moscow' AND date.arrival_timestamp_HK IS NOT NULL AND datetime(date.arrival_timestamp_HK, 'unixepoch', 'localtime')

99. [填空题] 写一个Powershell的脚本以提取正在连接到Window 11计算机的可移动设备的记录。就每一个装置记录，提取相关的数据如装置名称、制造商、装置详情、硬件编号。及后用 “Write-Host” 指令题示数据。 write a PowerShell script to retrieve all removable device records connected to a Windows 11 desktop, for each device record, extracts relevant information such as the device name, manufacturer, description, and hardware ID. Then, use the “Write-Host” cmdlet to displays such information. (2分)

Get-WmiObject -Query "SELECT * FROM Win32_DiskDrive WHERE DeviceID LIKE '%USB%'" | ForEach-Object {

$device = $_

$deviceName = $device.Caption

$manufacturer = $device.Manufacturer

$description = $device.Description

$hardwareID = $device.PNPDeviceID

Write-Host "设备名称: $deviceName"

Write-Host "制造商: $manufacturer"

Write-Host "描述: $description"

Write-Host "硬件 ID: $hardwareID"

Write-Host ""

}

100. [填空题] 题目内容请看题目描述。（100） (3分)

以下 PowerShell 脚本用于从 Windows Server 2012 R2 获取具有管理员权限的所有使用者活动。

The following PowerShell script is used to retrieve all user activities with admin rights from a Windows Server 2012 R2.

Get-WinEvent -FilterHashtable @{

LogName = 'Security'

ID = 4688

Level = 0

} | Where-Object {+B86

$_.Properties[?].Value -match 'S-1-5-21-\d+-500'

} | Select-Object -Property TimeCreated, Message

使用 "Where-Object" 命令来进一步过滤事件。

事件的属性 "$_.Properties[?]" 中的参数是什么？ 9

如果事件的第 9 个属性与内建的 Administrator 账户的安全标识符（SID：S-1-5-21--500）匹配，则确保只选择与管理员活动相关的事件。

The “Where-Object” cmdlet is used to filter the events further.

What is parameter of the event’s property “$_.Properties[?]”?

if the event's 9th property matches the security identifier (SID) of the built-in Administrator account (SID: S-1-5-21--500). This ensures that only events related to activities by an administrator are selected.