bf789

这个屌丝很懒，什么也没留下！

热门标签

2023年第九届“美亚杯”全国电子数据取证竞赛(个人赛部分)_2023美亚个人赛题目

作者：bf789 | 2024-01-29 20:05:35

踩

2023美亚个人赛题目

年轻人的第一次美亚杯，个人赛线下学生组第八，我是做服务器和流量的，PC和手机不太懂，欢迎加微信 WQZ1127786222 交流

案件基本情况

案情

2023月8月的一天，香港警方在调查一起网络诈骗案件时，发现有三名本地男子，分別为李大輝（李大辉），浩賢(浩贤)和Elvis CHUI，并确信这三名被捕男子均为大学同学。怀疑三人背后涉及一个庞大的电信诈骗集团。于是将这三名本地男子拘捕，扣押了三人相关的电子设备并进行分析。
现在你被委派处理这件案件，请依据以下资料分析上述三人是否涉嫌犯罪，并还原事件经过。

检材资料

1.李大輝的安卓手机镜像 (Android.bin)
2.李大輝的macOS系统镜像(Mac OS.img)
3.来自李大輝计算机的一个文件($MFT Record Nr_ 107115, SeqNr_2.txt)
4.浩賢的个人虚拟机文件(Server.zip)
5.浩賢的Windows 10系统虚拟机文件(Windows10.zip)
6.浩賢的iOS手机系统文件(IOS.zip)
7.来自Elvis Chui计算机的一个网络封包文件(網路.pcapng)
8.来自Elvis Chui计算机的镜像文件 (Windows Artifacts.e01)
9.来自Elvis Chui计算机的数据库文件(SQLITE.zip)
10.Elvis Chui的Windows7虚拟机文件(Windows7.zip)

赛前做的思维导图

容器密码：

3hqGFfT#B*Yjd74t@f%9fDqs6D^$wVjAvxZkA79*4UV*kVRcq^Zu6Xp87W*p#X3XD%*ER!nHzzTnSEMwy8NEGX6A*%P&#rBUkxypAPKwX4mP3WZuHnYKRc7sA33hd@qS
1

题目

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉所用手机移动运营商公司的名称 What is the name of the telecommunication company that Li Dahui’s mobile phone is using. 提示:请所有字母都用大写英文 Tips: Please answer in capital letters. (1 分)

鸭聊佳(mobileduck)是电话卡。
它是中国移动香港推出的一款专为港商、旅游、移民的电话卡，由中国移动公司香港分公司运营，中国移动也是内地的老品牌了，并且技术已经很成熟，资费方面相对来讲也略有优势。鸭聊佳电话卡主要的功能就是网络数据，这也是这张卡的招牌卖点。
1
2

比赛的时候填CMHK了，感觉也不是不行嘛…

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉的手机安装了什么即时通讯软件 (Instant Messaging App)? What instant messaging app is installed on Li Dahui’s mobile phone? (1 分)

A. WhatsApp

B. LINE

C. 微信

D. Signal

E. QQ

火眼解析出微信和WhatsApp，但是题目是单选题，选能解析出更多数据的那个

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉的手机安装了什么反追踪软件? What anti-tracking software is installed on Li Dahui’s mobile phone? 提示: 所有答案字母都用小写字母并用 xxx_xxx_xxxxxxx_xxxxxx_xxxx 格式作答 Tips: Please answer the question as below format in lowercase letters. (1 分)

（做题的时候反追踪软件往vpn那方面去想了）

软件应该是被删掉了，应用列表里找不到

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉的手机是什么时间成功登入 WhatsApp? At what time did Li Dahui’s mobile phone successfully log into WhatsApp? (2 分)

A. 2022-08-18_21:52:30

B. 2022-08-19_21:56:23

C. 2022-08-18_21:56:37

D. 2022-08-19_06:59:07

E. 2022-08-19_07:01:17

根据验证短信可以得到大概的时间范围

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉登入 WHATSAPP 时的认证短码是什么? What was the verification code that Li Dahui used to log into WhatsApp? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers. (1 分)

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉到美丽好化妆品公司的入职时间是何时？ When did Li Dahui join the Beauty Good Cosmetics Company? (2 分)

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉曾于什么时间使用了图像编辑软件? At what time did Li Dahui use image editing software? (2 分)

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk ’ 回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 这个访问服务器使用了哪个端口？ Which port was used for this access server? 提示: 请用阿拉伯数字作答 Tips: Please answer in arabic numbers. (1 分)

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk ’ 回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question “User1”账户最近连接到这个访问服务器时使用的 IP 地址是多少？ What was the latest IP of “User1” account that connected to this access server? 提示: 用 IPV4 格式回答 Answer: Please answer in IPV4 format (1 分)

查看最近访问的文件，发现openvpn的一些文件，确定了是openvpn的一个服务器

192.166.244.167

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk '回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 哪些文件可以找出这个访问服务器的 Ubuntu 版本？ Which files can find out the Ubuntu version of this access server? (1 分)

A. lsb-release

B. issue.net

C. profile

D. console

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk '回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 哪些文件有助于分辨这是一个存储服务器？ Which files could be used to prove this access server? (1 分)

A. auth.log

B. sys.log

C. bash_history

D. idconfig

idconfig不存在排除，bash_history肯定是在的

早期unix 在/usr/adm
较新版本 在/var/adm
solaris&linux&bsd 在 /var/log
lastlog:近期成功登陆记录
loginlog:不良的登陆尝试记录
messages:记录输出到系统主控台以及由syslog系统服务程序产生的消息、
utmp:记录当前登陆的每个用户
utmpx:拓展的utmp
wtmp:记录每一次用户登陆和注销的历史信息 last -f /var/log/wtmp
vold.log:使用外部介质出现的错误
xferkig:记录ftp的存取情况
sulog:记录su命令的使用情况
acct:记录每个用户使用过的命令
last：/var/log/secure 最后登录
1、安全日志 /var/log/secure
作用：安全日志secure包含验证和授权方面信息
分析：是否有IP爆破成功
2、用户信息 /etc/passwd
内容含义：注册名、口令、用户标识号、组标识号、用户名、用户主目录、命令解释程序
分析：是否存在攻击者创建的恶意用户
3、命令执行记录 ~/.bash_history
作用：命令执行记录 ~/.bash_history
分析：是否有账户执行过恶意操作系统命令
4、root邮箱 /var/spool/mail/root
作用：root邮箱 /var/spool/mail/root
分析：root邮箱的一个文件，在该文件中包含大量信息，
当日志被删除可查询本文件
5、中间件日志(Web日志access_log)
nginx、apache、tomcat、jboss、weblogic、websphere作用：
记录访问信息分析：请求次数过大，访问敏感路径的IP位置：/var/log下 access.log文件（apache默认
位置）
位置：/var/log/nginx下 access名称日志（nginx日志位置）
位置：tomcat、weblogic等日志均存放在安装路径下logs文件下
访问日志结构：访问IP---时间---请求方式---请求路径---请求协议----请求状态---字节数
6.登陆日志（可直接使用命令调取该信息，对应命令last/lastb）
位置：/var/log/wtmp #成功连接的IP信息
位置：/var/log/btmp #连接失败的IP信息
7.cron(定制任务日志)日志
位置：/var/log/cron
作用：查看历史计划任务（对该文件进行分析调取恶意病毒执行的计划任务，获取准确时间）
8、history
日志位置：~/.bash_history
作用：操作命令记录，可筛查攻击者执行命令信息
9、其他日志
redis、sql server、mysql、oracle等
作用：记录访问信息分析：敏感操作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

这三个文件通常与系统日志和用户活动有关：

A. auth.log:

该文件通常包含与系统身份验证（authentication）相关的日志信息。这包括用户登录、登出以及身份验证失败的记录。在Linux系统上，这个文件通常位于/var/log/auth.log。

B. sys.log:

sys.log 是一个广义的名称，实际上在不同的系统上可能指代不同的文件。通常，它包含了系统级别的消息、错误和警告。在一些Linux系统中，这可能是/var/log/syslog文件。这个文件记录了系统的一般运行状况和事件。

C. bash_history:

这是用户的命令历史记录文件，包含用户在命令行终端中输入的每个命令。这个文件通常位于用户的家目录下，例如~/.bash_history。它记录了用户执行过的命令，可用于查看用户的活动和了解他们在系统上执行的操作。

请注意，确切的文件路径和名称可能因操作系统的不同而有所不同。上述路径是基于一些常见的Linux系统。在其他系统上，这些文件可能位于不同的位置。

ABC

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk ’ 回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 这个访问服务器所在时区是哪个时区？ What is the time zone of this access server? (2 分)

A. UTC +9

B. UTC +8

C. UTC -7

D. UTC

洛杉矶时间，UTC -7

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk ’ 回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 这个访问服务器的 “openvpn”帐户密码是多少？ What is the password of the “openvpn” account of this access server? 提示:请用大写字母与阿拉伯数字作答 Tips: Please answer in capital letters and arabic numbers. (2 分)

一看网卡，二看保存的密码

TLfAg6l6dssc

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk '回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 在这个访问服务器中，“User1”账户之间的连接所使用的加密算法（密码）是什么？ What is the encryption algorithms (cipher) used for the connections among the “User1” account in this access server? (2 分)

A. Blowfish-CBC

B. 3DES-CBC

C. AES-128-GCM

D. AES-256-CBC

# Automatically generated OpenVPN client config file
# Generated on Wed Jul 12 03:46:56 2023 by ubuntu
# Note: this config file contains inline private keys
#       and therefore should be kept confidential!
#       Certificate serial: 77756693312684857, certificate common name: User1_AUTOLOGIN
#       Expires 2033-07-09 03:46:56
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=User1
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=User1@218.255.242.114/AUTOLOGIN
# OVPN_ACCESS_SERVER_AUTOLOGIN=1

# Default Cipher
cipher AES-256-CBC
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=218.255.242.114:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
# MIIBvzCCAUWgAwIBAgIEZK6A6TAKBggqhkjOPQQDAjA4MTYwNAYDVQQDDC1PcGVu
# VlBOIFdlYiBDQSAyMDIzLjA3LjEyIDAzOjMxOjA1IFBEVCB1YnVudHUwHhcNMjMw
# NzExMDMzMTA1WhcNMzMwNzA5MDMzMTA1WjA4MTYwNAYDVQQDDC1PcGVuVlBOIFdl
# YiBDQSAyMDIzLjA3LjEyIDAzOjMxOjA1IFBEVCB1YnVudHUwdjAQBgcqhkjOPQIB
# BgUrgQQAIgNiAAS1Xvbag+iDwCJIHNIira9Iu0miynzbMPcZxF/41f8M0X+7iaYD
# hU3QxWTtJpusN2vlkkLQ0/48pbJULzbixXbs7LjbTMVSaAudk6wBT6N5nhNVdbSE
# imdFQ1Lrpr+8c1OjIDAeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
# CCqGSM49BAMCA2gAMGUCMBakvI9HGDDRwNhHCxvAB+Gcb1cfYnrD3xFeSiUErjop
# W+7gqdIzd+pbTRZvtjQZawIxAKoY8trsMQsbSg7x2OqIe/nJlzHDdq7ZUvep3gNY
# NuyqLtA9Fq971slNHZ47JaewkQ==
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
client
server-poll-timeout 4
nobind
remote 218.255.242.114 1194 udp
remote 218.255.242.114 1194 udp
remote 218.255.242.114 443 tcp
remote 218.255.242.114 1194 udp
remote 218.255.242.114 1194 udp
remote 218.255.242.114 1194 udp
remote 218.255.242.114 1194 udp
remote 218.255.242.114 1194 udp
dev tun
dev-type tun
remote-cert-tls server
tls-version-min 1.2
reneg-sec 604800
tun-mtu 1420
verb 3
push-peer-info

<ca>
-----BEGIN CERTIFICATE-----
MIIBeTCB/6ADAgECAgRkroDdMAoGCCqGSM49BAMCMBUxEzARBgNVBAMMCk9wZW5W
UE4gQ0EwHhcNMjMwNzExMDMzMDUzWhcNMzMwNzA5MDMzMDUzWjAVMRMwEQYDVQQD
DApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE4sYevi3sxRZOopos
KNvOB7QWgByKq+eksei8P5Ubb+vFXaiDjEBXX/n978PkBDzuxTe1mXyv9x4ODfQG
izUA3zHtGa4MeYl0Mm1ThIILmvqZF6QCXqQhQdZq1VayBJyOoyAwHjAPBgNVHRMB
Af8EBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNpADBmAjEA4FS5ALc5
tsRRA/URqKbvZvSJwHEm425rB2ktAETFTG0SeE2HhJJLH9cGJ37lQHJPAjEAjF9V
sHq/G78OOP9Dv07bOHXaXu4Cy8JowOi5prpFLqqTkJnVM3/ZOcXp8CqZNxq8
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBqDCCAS2gAwIBAgIIARQ/TPPPwzkwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwK
T3BlblZQTiBDQTAeFw0yMzA3MTEwMzQ2NTZaFw0zMzA3MDkwMzQ2NTZaMBoxGDAW
BgNVBAMMD1VzZXIxX0FVVE9MT0dJTjB2MBAGByqGSM49AgEGBSuBBAAiA2IABMhz
ygxCBaI6SV09NxqwxeqyZPsviB5lW65lmSNWSgkQbdsvK2NIZNSaHCDXkPEnqWZ1
wxAEVKml9+D9CKs6r4PM7vu7JdnimuzxhQn2fsEjjmyLoH94okVHTYXho1mvyqNF
MEMwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwEQYJYIZIAYb4QgEBBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYCMQCs3dots8+7
/wdTe52RClooshRmkPaQN+VgttGA3mGpeozObJx/Rww8cHIXEEQG/7kCMQDF/CEP
opNhfTqP2aqKCy17YDbW7SwR/QCVjEY0g6A8nJhrP2W51Ozd21mtliDtPIU=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDABRms3pRF6Aqgm6t93
CAQNRPBb+mJlMzrlHUt/z1grXBKQilEzBc3+M9W3Mg7XjFKhZANiAATIc8oMQgWi
OkldPTcasMXqsmT7L4geZVuuZZkjVkoJEG3bLytjSGTUmhwg15DxJ6lmdcMQBFSp
pffg/QirOq+DzO77uyXZ4prs8YUJ9n7BI45si6B/eKJFR02F4aNZr8o=
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
97ab89de01030525d88a2db787f4a455
d3acca61fb32f24bb1f33a19718a7d5a
fc5048326509df5d4084aaeb433569fc
6038c1d9ab4a6dfcdbe1ec05c4befc84
c1d4470b37119586032c7bd6ead51e96
bba42b69cdd44589f7f9485e57d840ce
bf92a6894032106dee9f1babf22b8ac6
299d7c62d40f58d743771f9149e0620e
58b350b60d51d02cca87b970179c0879
cbaee0d76e841a3c31c871f9c4c90d79
491dea8ca80d5323a64de64f4600ec9b
f702cadf68adad2c408688a3b0c48635
758940e59e99a465c22ba18d1f8aeaed
03d4256d054fb5d1259587bd57fa514e
6d58b129c0608862e85d5df5409d0b08
ad39886f83a7e4e24bbd0ea20a874e55
-----END OpenVPN Static key V1-----
</tls-crypt>
## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256
## MGUCMGazH108JenEu1AAEeeD5VSArzcGhWrciqf8AJfIBNZ1/v
## o3c8qsDmOCG2GDnw587wIxAI+VI5KWLWMOgcg2zxhCOLt1vH12
## nde+FRvW14uJsKKaGTDh3ReYz7EDi8uG1yJLCg==
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## MIIB0TCCAVagAwIBAgIFAMlebb4wCgYIKoZIzj0EAwIwODE2MDQGA1UEAwwtT3Bl
## blZQTiBXZWIgQ0EgMjAyMy4wNy4xMiAwMzozMTowNSBQRFQgdWJ1bnR1MB4XDTIz
## MDcxMTAzMzk1MFoXDTI0MDcxMTAzMzk1MFowGjEYMBYGA1UEAwwPMjE4LjI1NS4y
## NDIuMTE0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+w8aNZvP0gQvNj7jnYUnkYdd
## BgXBljZR8m8+xWRbX2W/Sn1W0o/VPpeFKbCv42XG/kZA8yO7fpozO0nBaZI9ajh4
## Lvv7z5l7cJrgxoc7MJ05MNkSTeRxJrWxse+z42duo04wTDAMBgNVHRMBAf8EAjAA
## MAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAaBgNVHREEEzARgg8y
## MTguMjU1LjI0Mi4xMTQwCgYIKoZIzj0EAwIDaQAwZgIxALhJtw5v/R1+SNDhx69h
## EivXjVY2q9ShQxupPy9Z2MlJVWqFLLAoJbPkYtSwygV/JAIxALpqeBgFOdwvot7n
## Gz/YaxarwOqUYsBJqo58/RF1yrio0P5Di2BPLTR8VkBsKgCJJg==
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## MIIBvzCCAUWgAwIBAgIEZK6A6TAKBggqhkjOPQQDAjA4MTYwNAYDVQQDDC1PcGVu
## VlBOIFdlYiBDQSAyMDIzLjA3LjEyIDAzOjMxOjA1IFBEVCB1YnVudHUwHhcNMjMw
## NzExMDMzMTA1WhcNMzMwNzA5MDMzMTA1WjA4MTYwNAYDVQQDDC1PcGVuVlBOIFdl
## YiBDQSAyMDIzLjA3LjEyIDAzOjMxOjA1IFBEVCB1YnVudHUwdjAQBgcqhkjOPQIB
## BgUrgQQAIgNiAAS1Xvbag+iDwCJIHNIira9Iu0miynzbMPcZxF/41f8M0X+7iaYD
## hU3QxWTtJpusN2vlkkLQ0/48pbJULzbixXbs7LjbTMVSaAudk6wBT6N5nhNVdbSE
## imdFQ1Lrpr+8c1OjIDAeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
## CCqGSM49BAMCA2gAMGUCMBakvI9HGDDRwNhHCxvAB+Gcb1cfYnrD3xFeSiUErjop
## W+7gqdIzd+pbTRZvtjQZawIxAKoY8trsMQsbSg7x2OqIe/nJlzHDdq7ZUvep3gNY
## NuyqLtA9Fq971slNHZ47JaewkQ==
## -----END CERTIFICATE-----

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

AES-256-CBC

参考’ 网络题目.pcapng ’ 文件回答以下题目 With reference to ’ 网络题目.pcapng ’ file to answer below question 给出正在进行 Nmap 扫瞄的计算机互联网协议地址? What is the source IP of the nmap scanning? 提示: 以 IPV4 格式给出答案 Answer: Please answer in IPV4 format. (1 分)

准备陇剑杯的时候学习过nmap流量了从一道题分析Nmap SYN/半连接/半开放扫描流量_nmap tcp 全开扫描和半开扫描-CSDN博客，所以比赛的时候流量基本是一把梭的

nmap文档贴在下面，可以随时查看

Nmap 7.94SVN ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
  -sL: List Scan - simply list targets to scan
  -sn: Ping Scan - disable port scan
  -Pn: Treat all hosts as online -- skip host discovery
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -PO[protocol list]: IP Protocol Ping
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
  --system-dns: Use OS's DNS resolver
  --traceroute: Trace hop path to each host
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  --scanflags <flags>: Customize TCP scan flags
  -sI <zombie host[:probeport]>: Idle scan
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
  -sO: IP protocol scan
  -b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
  -p <port ranges>: Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
  --exclude-ports <port ranges>: Exclude the specified ports from scanning
  -F: Fast mode - Scan fewer ports than the default scan
  -r: Scan ports sequentially - don't randomize
  --top-ports <number>: Scan <number> most common ports
  --port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
  --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
  --version-light: Limit to most likely probes (intensity 2)
  --version-all: Try every single probe (intensity 9)
  --version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
  -sC: equivalent to --script=default
  --script=<Lua scripts>: <Lua scripts> is a comma separated list of
           directories, script-files or script-categories
  --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
  --script-args-file=filename: provide NSE script args in a file
  --script-trace: Show all data sent and received
  --script-updatedb: Update the script database.
  --script-help=<Lua scripts>: Show help about scripts.
           <Lua scripts> is a comma-separated list of script-files or
           script-categories.
OS DETECTION:
  -O: Enable OS detection
  --osscan-limit: Limit OS detection to promising targets
  --osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
  Options which take <time> are in seconds, or append 'ms' (milliseconds),
  's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
  -T<0-5>: Set timing template (higher is faster)
  --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
  --min-parallelism/max-parallelism <numprobes>: Probe parallelization
  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
      probe round trip time.
  --max-retries <tries>: Caps number of port scan probe retransmissions.
  --host-timeout <time>: Give up on target after this long
  --scan-delay/--max-scan-delay <time>: Adjust delay between probes
  --min-rate <number>: Send packets no slower than <number> per second
  --max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
  -f; --mtu <val>: fragment packets (optionally w/given MTU)
  -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
  -S <IP_Address>: Spoof source address
  -e <iface>: Use specified interface
  -g/--source-port <portnum>: Use given port number
  --proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
  --data <hex string>: Append a custom payload to sent packets
  --data-string <string>: Append a custom ASCII string to sent packets
  --data-length <num>: Append random data to sent packets
  --ip-options <options>: Send packets with specified ip options
  --ttl <val>: Set IP time-to-live field
  --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
  --badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
     and Grepable format, respectively, to the given filename.
  -oA <basename>: Output in the three major formats at once
  -v: Increase verbosity level (use -vv or more for greater effect)
  -d: Increase debugging level (use -dd or more for greater effect)
  --reason: Display the reason a port is in a particular state
  --open: Only show open (or possibly open) ports
  --packet-trace: Show all packets sent and received
  --iflist: Print host interfaces and routes (for debugging)
  --append-output: Append to rather than clobber specified output files
  --resume <filename>: Resume an aborted scan
  --noninteractive: Disable runtime interactions via keyboard
  --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
  --webxml: Reference stylesheet from Nmap.Org for more portable XML
  --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
  -6: Enable IPv6 scanning
  -A: Enable OS detection, version detection, script scanning, and traceroute
  --datadir <dirname>: Specify custom Nmap data file location
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sn 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

先放着，做到后面就知道了

192.168.186.132

参考’ 网络题目 pcapng’ 文件回答以下题目 With reference to ’ 网络题目.pcapng ’ file to answer below question 有多少个 Nmap 扫瞄正在同时进行? How many nmap scanning(s) is/are conducting at the same time? 提示:请给出阿拉伯数字作答 Tips: Please answer in number (1 分)

先放着，做到后面就知道了

参考网络题目.pcapng 文件回答以下题目 With reference to ’ 网络题目.pcapng ’ file to answer below question 当计算机正在扫瞄 8.8.8.8，namp 相关的指令是什么 The computer is scanning 8.8.8.8. What is the corresponding nmap command? (1 分)

A. nmap -sT 8.8.8.8

B. nmap -sU 8.8.8.8

C. nmap -sn -PR 8.8.8.8

D. nmap -sn -PU 8.8.8.8

协议都是TCP，查一下nmap -h就知道了

参考网络题目.pcapng 文件回答以下题目 With reference to ’ 网络题目.pcapng ’ file to answer below question 当计算机正在扫瞄 45.33.32.156，namp 相关的指令是什么 The computer is scanning 45.33.32.156. What is the corresponding nmap command? (1 分)

A. nmap -sT 45.33.32.156

B. nmap -sU 45.33.32.156

C. nmap -sn -45.33.32.156

D. nmap -sn -45.33.32.156

协议都是UDP，查一下nmap -h就知道了

国强被指派设定一个 DHCP 服务器，该服务器需借出最后 100 个的 IP 地址，以下哪个 IP 地址会是被借出的 IP 地址? Kwok-keung was assinged to configure a DHCP server. The server must lease the last 100 IP addresses. Which of the following IP address will be leased ? (1 分)

A. 10.1.4.255

B. 10.1.4.100

C. 10.1.4.254

D. 10.1.4.1

DHCP（Dynamic Host Configuration Protocol）服务器通常按照子网中可用IP地址的顺序进行分配。考虑到这一点，"最后100个IP地址"可能是指在子网范围内的最后100个地址。

如果子网是 10.1.4.0/24（即子网掩码为255.255.255.0），那么最后100个IP地址将是从 10.1.4.155 到 10.1.4.254。

在给出的选项中，只有一个IP地址在这个范围内：

C. 10.1.4.254

因此，答案是 C. 10.1.4.254。

以下那个协议是属于 TCP/IP 协议? Which of the following protocols belong to TCP/IP protocol? i: DHCP ii: HTTP iii: RTP iv: Telnet (1 分)

A. i & iii

B. ii & iv

C. 所有皆是 (All answers belong to TCP/IP protocol)

D. 所有皆否(All answers don’t belong to TCP/IP protocol)

TCP、UDP、RTP(RTCP)异同与区别 - 知乎 (zhihu.com)

计算机网络基础知识总结 | 菜鸟教程 (runoob.com)

志伟是浩贤的主管，他发现浩贤的设定错误，浩贤应作怎样的更正？ Chi-wai is the supervisor of Ho-yin. He discovers Hoyin made mistake in the settings. What correction should Ho-yin do?(2 分)

浩贤为一间公司的网络管理员，他需要把一个路由器作出以下设定
1) 允许 192.168.26.3 连上互联网
2) 允许 192.168.26.2 作 UDP 连接
Ho-yin is the network administrator of a company. He needs to
那年烟花绚烂时，为何没有遇见你
叶任成
configure a router to below conditions
1) Permit 192.168.26.3 to connect internet
2) Permit 192.168.26.2 to make UDP connection
现在浩贤把路由器作以下设定:-
Ho-yin now makes the router as following settings:-
access-list 119 deny udp any any
access-list 121 permit udp host 192.168.26.2 any
access-list 120 deny tcp any any
access-list 122 permit tcp host 192.168.26.3 eq www any
access-list 123 permit tcp any eq ftp any
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

A. 'access-list 123 permit tcp any eq ftp any ’ 更正为(change) 'access-list 123 permit udp any eq ftp any ’

B. 'access-list 122 permit tcp host 192.168.26.3 eq www any ’ 更正为(change) 'access-list 122 permit udp host 192.168.26.3 eq www any ’

C. 删除(Delete)‘access-list 120 deny tcp any any’ 与’access-list 119 deny udp any any’

D. 删除(Delete)'access-list 123 permit tcp any eq ftp any ’

deny tcp udp那个直接给整断网了，一眼丁真

根据以下 ping 指令的结果，你会估计 192.168.186.132 是哪一个操作系统 According to below ping commands, what is the operation system of the target IP address 192.168.186.132?(2 分)

A. Linux

B. Windows XP

C. Windows 7

D. iOS 12.4 (Cisco Routers)

Ping 192.168.186.132 (使用 32 字节的数据):
回复自 192.168.186.132: 字节=32 时间<1ms TTL=64
回复自 192.168.186.132: 字节=32 时间<1ms TTL=64
回复自 192.168.186.132: 字节=32 时间<1ms TTL=64
回复自 192.168.186.132: 字节=32 时间<1ms TTL=64
Ping 192.168.186.132 with 32 bytes of data
Reply from 192.168.186.132: byte=32 time<1ms TTL=64
Reply from 192.168.186.132: byte=32 time<1ms TTL=64
Reply from 192.168.186.132: byte=32 time<1ms TTL=64
Reply from 192.168.186.132: byte=32 time<1ms TTL=64)
192.168.186.132 的 Ping 统计资料:
 封包: 已传送 = 4，已收到 = 4, 已遗失 = 0 (0% 遗失)，
大约的来回时间 (毫秒):
 最小值 = 0ms，最大值 = 0ms，平均 = 0ms
Ping statistics for 192.168.186.132:
Packet: Sent = 4，Received = 4, Lost = 0 (0% loss)，
Approximate round trip times in milli-seconds:
 Minimum = 0ms，Maximum = 0ms，Average = 0ms
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

windows

linux

macos

根据ttl大小，应该是A

当使用 nmap 扫瞄目标后，nmap 内出现以下信息 After scanning the target by nmap, below messags is shown in nmap “Note: Host seems down. If it is really up, but blocking our ping probes” (主机似乎关机。如果它是开启的，它正在阻挡 ping 探测。) 应用哪一个指令找出开放的端口? Which command should be used to find out open port? (2 分)

A. nmap -sT

B. nmap -sN

C. nmap -sX

D. nmap -Pn

查一下文档就行了

  -Pn: Treat all hosts as online -- skip host discovery
1

以下哪一个Nmap指令可以减低被侦测的可能性 Which nmap command can be used to lower the possibility of being dectected ? (2分)

A. nmap -sT -O -T5

B. nmap -sT -O -T0

C. nmap -sU

D. nmap -A --host-timeout 99-T1

主要看-T参数

  -T<0-5>: Set timing template (higher is faster)
1

减低被侦测的可能性肯定是越慢越好

Apple 计算机的硬盘可以使用以下分区方案： The following partition schemes can be used for an Apple computer’s hard drive: (1 分)

A. Apple Partition Map

B. GUID Partition Table

C. Master Boot Record

D. All of the above

这三种分区方案（Apple Partition Map，GUID Partition Table，Master Boot Record）是用于在硬盘驱动器上组织和管理数据存储的不同方法。它们在不同的计算机系统和操作系统之间有一些差异。

Apple Partition Map:
- 这是一种旧的苹果（Apple）计算机使用的分区方案。它是一种基于32位标识符的分区表，支持最多16个分区。由于其限制和较早的设计，较新的Mac系统已经转向使用其他更现代的分区方案。
GUID Partition Table (GPT):
- GPT是一种现代的分区方案，适用于较新的Mac系统以及其他操作系统，如Windows和Linux。它使用全球唯一标识符（GUID）来标识分区，支持更大的磁盘容量，提供更多的分区和数据保护功能。
Master Boot Record (MBR):
- MBR是一种较旧的分区方案，通常在Windows系统中使用。它使用32位标识符来标识分区，支持最多四个主分区。由于限制，MBR对较大磁盘的支持有限，并且不支持较新的引导和安全特性。

由于苹果计算机可以运行不同的操作系统，并且与其他计算机系统进行互操作，因此支持多种分区方案，即Apple Partition Map、GUID Partition Table和Master Boot Record。因此，选项 D. All of the above 表示所有这三种分区方案都可以在苹果计算机的硬盘上使用。

参考’ Mac OS.img ’ 文件回答以下题目 With reference to ’ Mac OS.img ’ file to answer below question ’ Mac OS.img ’ 文件中可以找到多少个符号链接？ How many symbolic links can be found in the ’ Mac OS.img ’ file? (1 分)

A. 0

B. 1

C. 2

D. 3

参考’ Mac OS.img ’ 文件回答以下题目 With reference to ’ Mac OS.img ’ file to answer below question 在’ Mac OS.img ’ 档中使用了哪种分区方案？ Which partition scheme was used in the ’ Mac OS.img ’ ? (2 分)

A. Apple Partition Map

B. GUID Partition Table

C. Master Boot Record

D. HFS+

看到HFS+就选D了

还是得会原始方法

参考’ Mac OS.img ’ '文件回答以下题目 With reference to ’ Mac OS.img ’ file to answer below question ’ Mac OS.img ’ 档的文件系统的正确描述是什么？ What is the correct description of the file system in the ’ Mac OS.img ’ ? (1 分)

A. HFS+（已启用日志记录）

B. HFS+（已启用区分大小写）

C. HFS+（已启用日志记录和区分大小写）

D. APFS (已启用区分大小写）

仿真

参考’ Mac OS.img ’ 文件回答以下题目 With reference to ’ Mac OS.img ’ file to answer below question 从文件“Car.rtfd”中删除了哪个文件？ Which file was deleted from the file “Car.rtfd”? 提示:答案需包括副文件名，并以全小写字母作答，例如 answer.docx Tips: The answer must be in lowercase and include file extension. Example: answer.docx (1 分)

.DocumentRevisions-V100 是 macOS 操作系统中的一个文件夹，用于存储应用程序和用户文档的版本历史记录信息。这个文件夹通常位于用户的主目录下，具体路径为 ~/.DocumentRevisions-V100。这个文件夹是与版本控制系统相关的，它可以帮助用户跟踪文件的修改历史，查看以前的版本，并在需要时还原到先前的状态。

macOS 使用版本控制系统来实现“版本历史”和“自动保存”功能。当用户编辑文档时，系统会定期保存文档的版本历史，以便用户可以回溯到之前的版本。这有助于防止数据丢失，并提供了一种方便的方式来管理文件的不同状态。.DocumentRevisions-V100 文件夹包含了这些版本历史的信息。

需要注意的是，用户通常无需直接访问或修改这个文件夹，因为版本历史和自动保存是由系统自动处理的。如果你对 macOS 中的版本历史有特定的问题或需求，可以提供更多的上下文，我将尽力提供帮助。

删了yeah.jpg

参考’ Mac OS.img ‘文件回答以下题目 With reference to ’ Mac OS.img ’ file to answer below question 请提供’ Mac OS.img ’ 映像文件被“fsck”命令检查的具体时间。 Please provide the specific time when the ’ Mac OS.img ’ was checked by the "fsck " command. 提示:答案格式为 YYYYMMDD-HHMMSS,如 2023 年 1 月 1 日 1530 时 30 秒则请回答 “20230101-153030”) Tips: The answer format should be YYYYMMDD-HHMMSS. If the answer is 2023- 01-01 1530 hrs, the answer should be 20230101-153030. (1 分)

最早的创建时间

参考 ’ Mac OS.img ’ 文件回答以下题目 With reference to ’ Mac OS.img ’ file to answer below question 在 .dmg 档中删除了多少个文件？ How many files were deleted from the .dmg file? (1 分)

A. 1

B. 2

C. 3

D. 4

Mac 上的 .DS_Store 究竟是什么文件？如何删除？ - 简书 (jianshu.com)

参考 ’ Window Artifacts.E01 ’ 内的 Windows 注册表回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question Elvis Chui 总共登入过该计算机多少次? According to the windows registry record of “Window Artifacts.E01”, how many times has Elvis Chui logged into this computer? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers (1 分)

参考 ’ Window Artifacts.E01 ’ 内的 Windows 注册表回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question 该计算机的操作系统是在哪一个时区? What is the time zone of the operating system of this computer? (1 分)

A. UTC +4

B. UTC +8

C. UTC -8

D. UTC -4

参考 ’ Window Artifacts.E01 '内的 Windows 注册表回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question 该计算机的操作系统于何时安装? (以计算机系统时区回答) When was the operating system of this computer installed? (Answer in the time zone of the computer system) (1 分)

A. 2023-07-13 19:18:14

B. 2023-07-13 11:18:14

C. 2023-07-13 03:18:14

D. 2023-07-12 19:18:14

参考’ Window Artifacts.E01 '内的 Windows 注册表回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question 哪(几)个程序会于操作系统启动时自动执行? Which program(s) would be automatically executed upon operating system startup? (1 分)

A. Avast

B. Steam

C. OneDrive

D. QQ

参考’ Window Artifacts.E01 '内的 Windows 注册表回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question 该计算机内安装了以下哪一个程序? Which one of the following programs was installed on this computer? (1 分)

A. QQ

B. WPS Office

C. Opera

D. Kaspersky

参考’ Window Artifacts.E01 '内的 Windows 注册表回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question 计算机内的 OneDrive 程序版本是什么? What is the version of the OneDrive program installed on this computer? (1 分)

参考’ Window Artifacts.E01 '内的 Windows 注册表回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question 计算机有一个正在连接的网络接口，该接口连接 DHCP 服务器的 IP 地址是多少? What is the IP address of DHCP server. ? 提示: 以 IPV4 格式回答 Answer: Please answer in IPV4 format. (1 分)

参考’ Window Artifacts.E01 '内的 Windows 注册表回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question 该计算机何时连接过一只 U 盘? (以计算机系统时区回答) When was a USB flash drive last connected to this computer? (Answer in the time zone of the computer system) (1 分)

A. 2023-07-13 11:48:26

B. 2023-07-13 03:48:29

C. 2023-07-12 19:48:29

D. 2023-07-13 11:48:29

参考’ Window Artifacts.E01 '回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question Elvis Chui 将哪几个文本文件放在回收站中? Which text files did Elvis Chui put into the recycle bin? (3 分)

A. $+D10I76A74P.txt

B. Holiday schedule 2023-07-16.txt

C. Holiday schedule 2023-07-13.txt

D. Minute on 2023-07-01.txt

E. Minute on 2023-07-10.txt

参考’ Window Artifacts.E01 ’ 回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question Elvis Chui 在什么时间删除了第一个文本文件? (以计算机系统时区回答) What time did Elvis Chui delete the first text file? (Answer in the time zone of the computer system) (3 分)

A. 2023-07-13 11:50:15

B. 2023-07-13 03:49:45

C. 2023-07-13 03:50:15

D. 2023-07-13 11:49:45

参考 ’ Window Artifacts.E01 '回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question Elvis Chui 删除的第一个文本文件的文件名是什么? What was the name of the first text file Elvis Chui deleted? 提示: 请用小写字母回答及需列明文件格式。如文件名字内有空格位置，请用_标示。例如: go_to_school.docx Tips: Please use lowercase to answer the questions and mention the file extension . If a blank space is present, please use _ to represent the blank space. Example: g o_to_school.docx

见上

参考 ’ Window Artifacts.E01 ’ 回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question Elvis Chui 删除的第一个文本文件在什么时间创建? (以计算机系统时区回答) When was the text file first deleted by Elvis was created? (Answer in the time zone of the computer system) (2 分)

参考 ’ Window Artifacts.E01 ’ 回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question Elvis Chui 计划于 2023 年 7 月 15 日 20 点 5 分有什么活动? What is Elvis Chui’s plan at 8:05 PM on July 15, 2023? 提示: 答案请与文件内的文字与大细阶相同 Tips: Please answer the exact words and uppercase/lowercase leters shown in the file (1 分)

参考 ’ Window Artifacts.E01 ’ 回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question 该计算机执行 STEAM.EXE 总共多少次? How many times has STEAM.EXE been opened on this computer? 提示: 请用阿拉伯数字作答 Tips: Please answer in arabic numbers (1 分)

一个名为“Account”的数据库表拥有 5 个"列"，以下哪一个指令会产生错误讯息? (提示: 1.数据库是拥有正常默认的系统表格 2.错误信息是关于"超出上限"的错误) A database table called “Account” has 5 columns. Which of the following command will case an error message? (Tips 1. database has default system tables 2. error message is related to “Out of Range”.) (1 分)

A. SELECT * from Account WHERE name=‘Alex’ OR ‘1’=1

B. SELECT * FROM Account WHERE name=‘Bill’ UNION SELECT NULL, NULL, NULL, NULL

C. SELECT * from Account WHERE name=‘Candy’ ORDER BY 6

D. SELECT name FROM sys.tables

C，sql注入入门题

当客户端收到一个页面请求的 HTTP 状态代码为 304 时，以下哪种情况最有可能发生？ When a client receives an HTTP Status Code of 304 for a page request, which of the following is most likely to take place? (1 分)

A. 页面将显示错误

B. 页面将从浏览器缓存中加载

C. 浏览器将显示“访问被拒绝”

D. 服务器将复位向客户端到另一个资源

HTTP 304 Not Modified 说明无需再次传输请求的内容，也就是说可以使用缓存的内容。

在 HTML 注入攻击中，以下哪种情况最有可能出现？ Which of the following would most likely be found in an HTML Injection attack? (1 分)

A. <form action=“http://1.2.3.4/login.htm”>Password:<input type=“password” name=“pword”> </form>

B. <embed src=“http://demo.com/demo.swf”> </embed>

C. <script>alert(‘Correct’)</script>

D.<?php include(“inc/” .$_GET[‘file’]；?>

感觉AC都可以

在给定的 HTML 表单中，存在潜在的 HTML 注入漏洞。具体来说，这是因为在表单的 action 属性中使用了用户提供的输入，而且没有对该输入进行充分的过滤或转义。这可能导致攻击者通过在输入中插入恶意的 HTML 或脚本代码，从而执行潜在危险的操作。

一个简单的示例是，如果攻击者将以下内容输入到密码字段中：

"><script>alert('XSS');</script><br name="test
1

那么最终生成的 HTML 代码可能会变成：

<form action="http://1.2.3.4/login.htm">Password:<input type="password" name="pword">
"><script>alert('XSS');</script><br name="test"></form>
1
2

这样，当表单被提交时，嵌入其中的 JavaScript 代码就会在用户浏览器中执行，弹出一个对话框，显示 “XSS”。这是一种典型的 HTML 注入攻击，被称为跨站脚本（XSS）攻击。

要防范这类攻击，开发者应该对用户输入进行严格的验证和过滤，以确保输入不包含任何恶意代码。这可以通过使用输入验证和安全的输出编码等最佳实践来实现。

如何预防HTML注入攻击？ How to prevent HTML injection attacks? (1分)

A. 密钥管理

B. 同源策略执行

C. 会话验证

D. 输入过滤

比赛的时候把CSRF和XSS搞混了…

同源策略（Same-Origin Policy）是一种Web浏览器安全策略，设计用于防止一个网页文档或脚本从一个源加载的内容与来自另一个源的资源进行交互。同源策略有助于防御以下安全威胁：

跨站脚本攻击 (XSS)： 同源策略能够阻止恶意脚本在一个域中运行并访问另一个域的敏感信息。如果一个网站成功注入脚本到另一个域的页面中，同源策略将防止这个脚本访问其他域的信息。
跨站请求伪造 (CSRF)： 同源策略防止不同源之间的网页发生不经意的交互，从而降低了CSRF攻击的风险。CSRF攻击依赖于用户的身份验证信息被发送到攻击者控制的站点，而同源策略会阻止这种跨站点的请求。
跨站点数据泄露： 同源策略防止一个站点通过脚本访问另一个站点的敏感信息，从而减少了数据泄露的风险。
恶意广告注入： 同源策略可以防止恶意广告或第三方内容提供商注入的恶意脚本与页面上的其他域进行交互，保护用户免受恶意广告的攻击。
窃取 Cookie： 同源策略可以防止脚本从一个源读取另一个源的 Cookie，从而降低了身份验证凭证被窃取的风险。

需要注意的是，同源策略仅在浏览器端实施，服务器端同源策略并不强制执行。因此，开发人员仍然需要在服务器端实施适当的安全措施，如验证和授权，以防范其他类型的攻击。

答案应该是D

同源策略在浏览器内存中提供Web应用程序安全的目的是什么？ What is the purpose of Same-Origin Policy in providing web application security in a browser’s memory? (3分)

A. 防止客户端访问恶意网站

B. 禁止Web会话运行外部脚本

C. 控制来自不同服务器的代码之间的交互

D. 阻止浏览器运行危险或有害的脚本

C，上面写了

编写Nmap命令以显示以下结果。 Write the Namp command that will show the following result (2分)

Starting Nmap 7.94 (https://nmap.org) at 2023-07-11 18:26 中国标准时间
Nmap scan report for www.baidu.com (220.181.38.149)
Host is up (0.044s latency).
Other addresses for www.baidu.com (not scanned): 220.181.38.150
Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
| http-robots.txt: 10 disallowed entries
| /baidu /s? /ulink? /link? /home/news/data/ /bh /shifen/
|_/homepage/ /cpro /
443/tcp open https
| http-robots.txt: 10 disallowed entries
| /baidu /s? /ulink? /link? /home/news/data/ /bh /shifen/
|_/homepage/ /cpro /
Nmap done: 1 IP address (1 host up) scanned in 6.01 seconds
提示:请输入完整的 Nmap 指令，例如: nmap --script http-brute -
p 80 www.google.com
Tips: Please input the complete nmap command. Example: nmap --script httpbrute -p 80 www.google.com

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

要显示上述结果，可以使用以下 Nmap 命令：

nmap -p 80,443 --script http-robots.txt www.baidu.com
1

该命令的含义是：

-p 80,443: 指定要扫描的端口，包括80和443。
--script http-robots.txt: 使用 Nmap 的 http-robots.txt 脚本，该脚本会检查目标网站的 robots.txt 文件，从而获取有关禁止访问的路径的信息。
www.baidu.com: 目标主机的域名或IP地址。

请注意，具体的扫描结果可能会因为目标主机的网络配置而有所不同。

下面是http-robots.txt.nse脚本的源码

local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local strbuf = require "strbuf"
local table = require "table"

description = [[
Checks for disallowed entries in <code>/robots.txt</code> on a web server.

The higher the verbosity or debug level, the more disallowed entries are shown.
]]

---
--@output
-- 80/tcp  open   http    syn-ack
-- |  http-robots.txt: 156 disallowed entries (40 shown)
-- |  /news?output=xhtml& /search /groups /images /catalogs
-- |  /catalogues /news /nwshp /news?btcid=*& /news?btaid=*&
-- |  /setnewsprefs? /index.html? /? /addurl/image? /pagead/ /relpage/
-- |  /relcontent /sorry/ /imgres /keyword/ /u/ /univ/ /cobrand /custom
-- |  /advanced_group_search /googlesite /preferences /setprefs /swr /url /default
-- |  /m? /m/? /m/lcb /m/news? /m/setnewsprefs? /m/search? /wml?
-- |_ /wml/? /wml/search?



author = "Eddie Bell"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}

portrule = shortport.http
local last_len = 0

-- split the output in 50 character length lines
local function buildOutput(output, w)
  local nl

  if w:len() == 0 then
    return nil
  end

  -- check for duplicates
  for i,v in ipairs(output) do
    if w == v or w == v:sub(2, v:len()) then
      return nil
    end
  end

  -- format lines
  if last_len == 0 or last_len + w:len() <= 50 then
    last_len = last_len + w:len()
    nl = ''
  else
    last_len = 0
    nl = '\n'
  end

  output = output .. (nl .. w)
end

-- parse all disallowed entries in body and add them to a strbuf
local function parse_robots(body, output)
  for line in body:gmatch("[^\r\n]+") do
    for w in line:gmatch('[Dd]isallow:%s*(.*)') do
      w = w:gsub("%s*#.*", "")
      buildOutput(output, w)
    end
  end

  return #output
end

action = function(host, port)
  local dis_count, noun
  local answer = http.get(host, port, "/robots.txt" )

  if answer.status ~= 200 then
    return nil
  end

  local v_level = nmap.verbosity() + (nmap.debugging()*2)
  local output = strbuf.new()
  local detail = 15

  dis_count = parse_robots(answer.body, output)

  if dis_count == 0 then
    return
  end

  -- verbose/debug mode, print 50 entries
  if v_level > 1 and v_level < 5 then
    detail = 40
  -- double debug mode, print everything
  elseif v_level >= 5 then
    detail = dis_count
  end

  -- check we have enough entries
  if detail > dis_count then
    detail = dis_count
  end

  noun = dis_count == 1 and "entry " or "entries "

  local shown = (detail == 0 or detail == dis_count)
    and "\n" or '(' .. detail .. ' shown)\n'

  return  dis_count .. " disallowed " .. noun ..
    shown .. table.concat(output, ' ', 1, detail)
end

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

除了使用 Nmap，还有其他方法可以验证上述结果，其中一种方法是使用 Web 浏览器浏览 URL，编写 URL 以显示上述结果。（答案不要包含“http://”） Other than using Nmap, there are other methods which can verify the above result. One of the methods is using Web browser to surf the URL. Write the URL that will show the above result. (Answer without “http://”) (2 分)

www.baidu.com/robots.txt

参考’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ to answer below question 根据 ’ com.apple.ios.StoreKitUIService.plist ’ , 这部电话是什么型号? According to ’ com.apple.ios.StoreKitUIService.plist ', what is the model of this phone? (1 分)

火眼能解析出的内容是有限的，必须自己手搓了（这才是真正的取证

目录下有个com.apple.ios.StoreKitUIService.plist文件

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>SSDeviceType</key>
        <dict>
            <key>buildVersion</key>
            <string>19F77</string>
            <key>deviceTypeNumber</key>
            <integer>194</integer>
            <key>hardwareModel</key>
            <string>N841AP</string>
        </dict>
        <key>WebDatabaseDirectory</key>
        <string>/var/mobile/Containers/Data/Application/2E0808ED-6CB6-4432-9A51-C1C0B4FA60C2/Library/Caches</string>
        <key>WebKitLocalStorageDatabasePathPreferenceKey</key>
        <string>/var/mobile/Containers/Data/Application/2E0808ED-6CB6-4432-9A51-C1C0B4FA60C2/Library/Caches</string>
        <key>WebKitOfflineWebApplicationCacheEnabled</key>
        <true/>
        <key>WebKitShrinksStandaloneImagesToFit</key>
        <true/>
    </dict>
</plist>

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

参考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ to answer below question 根据 com.apple.ios.StoreKitUIService.plist，上述电话的文件系统是什么? According to com.apple.ios.StoreKitUIService.plist, what is the file system of the phone in question? (1 分

A. FAT32

B. NTFS

C. HFS+

D. APFS

E. EXT4

FAT32： FAT32通常用于可移动存储设备，而不是iOS设备的文件系统。
NTFS： NTFS通常用于Windows操作系统，而不是iOS设备。
HFS+： HFS+曾经是苹果的文件系统，但在最新版本的iOS中已被APFS取代。
APFS： APFS（Apple File System）是苹果在iOS 10.3及更高版本中引入的文件系统。
EXT4： EXT4是Linux系统上使用的文件系统，而iOS使用的是基于Unix的操作系统，并不直接采用EXT4。

参考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ folder to answer below question 根据 ChatStorage.sqlite，哪些对话已锁定? According to ChatStorage.sqlite where chats are stored, which conversations are locked? (3 分)

A. 447380449879@.whatsapp.net

B. 79096209701@.whatsapp.net

C. 923109725619@.whatsapp.net

D. 85256026169@.whatsapp.net

E. status@broadcast

1. Z_PK — seems like a serial number
2. Z_ENT to ZFILTEREDRECIPIENTCOUNT — seem less important
3. ZFLAGS — seems to indicate message state
4. ZGROUPEVENTTYPE — seems to be related to group chats
5. ZISFROMME — message is from me… it is 1 for messages sent by this user and 0 for messages received
6. ZMESSAGEERRORSTATUS to ZSPOTLIGHTSTATUS — seems like general statuses
7. ZSTARRED — did we star the message
8. ZCHATSESSION — unique identifier denoting a chat session
9. ZGROUPMEMBER — haven’t gotten to look at this one yet
10. ZLASTSESSION — last chat session? didn’t dig into it
11. ZMEDIAITEM — seems related to media item indexing, might be an identifier to one of the other tables
12. ZMESSAGEINFO and ZPARENTMESSAGE — seem simple enough to figure out from the names
13. ZMESSAGEDATE — message creation date probably (see date format discussion below)
14. ZSENTDATE — message sent date probably (see date format discussion below)
15. ZFROMJID — from who did we get it (if it is an incoming message)
16. ZMEDIASECTIONID — seems related to media storage for media messages, doesn’t show in messages without media
17. ZPHASH - hmmm... not sure
18. ZPUSHNAME — seems like the contact name on your phone
19. ZSTANZAID — some conversation / media id indicator. Format seems different in media messages and text messages
20. ZTEXT — message text
21. ZTOJID — to whom did we send it (if it is an outgoing message)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ folder to answer below question 根据 ChatStorage.sqlite，有多少段录音对话? According to ChatStorage.sqlite, how many recorded conversations are there? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers. (2 分)

SELECT COUNT(1)
FROM ZWAMEDIAITEM
WHERE ZVCARDSTRING like '%audio%'
1
2
3

答案里去掉了audio/mpeg这一项，是45

参考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ folder to answer below question Apple Cocoa Core Data timestamp 是由什么时间开始? From what time does the Apple Cocoa Core Data timestamp start? (1 分)

Cocoa Core Data Timestamp Converter (epochconverter.com)

参考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ folder to answer below question 根据 Photos.sqlite 数据库中，有多少段视频可能涉及 WhatsApp? According to the Photos.sqlite database, how many videos may be related to WhatsApp? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers (2 分)

Inside and Out of Apple’s Photos for Mac | Medium — Apple Mac 版照片的内里外外 |中等的

muxcmux/apple-photos-forensics: Docs repo with my findings on how Apple Photos app works. — muxcmux/apple-photos-forensics：文档存储库，其中包含我对 Apple 照片应用程序如何工作的发现。 (github.com)

赛前刷过ios的题

SELECT COUNT(1) 
FROM ZCLOUDMASTER 
WHERE ZIMPORTEDBYDISPLAYNAME like '%WhatsApp%' AND ZUNIFORMTYPEIDENTIFIER like '%mpeg%';
1
2
3

参考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ to answer below question 根据 Photos.sqlite 数据库中，下列哪个选项对 IMG_0008.HEIC 的描述是错的? According to the ’ Photos.sqlite ’ database, which of the following descriptions of IMG_0008.HEIC is incorrect? (3 分)

A. 由第三方软件拍摄

B. 经过修改

C. 由后镜拍摄

D. 用ISO200拍摄

E. 没有储存经纬度

iOS_Local_PL_Photos.sqlite_Queries/iOS15/iOS15_LPL_Phsql_Basic.txt at main · ScottKjr3347/iOS_Local_PL_Photos.sqlite_Queries (github.com)

SELECT b.*
FROM ZEXTENDEDATTRIBUTES b
JOIN ZASSET a ON b.Z_PK = a.Z_PK
WHERE a.ZFILENAME = 'IMG_0008.HEIC';

1
2
3
4
5

ZEXTENDEDATTRIBUTES的字段我Fuzz了一下

Z_PK
Z_ENT
Z_OPT
ZFLASHFIRED 闪光灯
ZFOCALLENGTHIN35MM 焦距相关
ZISO ISO
ZMETERINGMODE 测光模式
ZSAMPLERATE 采样率
ZSLUSHPRESET
ZSLUSHVERSION
ZTRACKFORMAT 格式相关
ZWHITEBALANCE 白平衡
ZASSET
ZAPERTURE 光圈
ZBITRATE 比特率
ZDIGITALZOOMRATIO 数字变焦比
ZDURATION
ZEXPOSUREBIAS 曝光偏差
ZFOCALLENGTH 焦距
ZFPS 帧率
ZLATITUDE 纬度
ZLONGITUDE 经度
ZSHUTTERSPEED 快门速度
ZSLUSHSCENEBIAS
ZSLUSHWARMTHBIAS
ZCAMERAMAKE 相机制造商
ZCAMERAMODEL 相机型号
ZCODEC 编解码器
ZLENSMODEL 镜头型号
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

在这张表中，我可以知道它是手机后镜拍摄的，A错误，C正确

ISO不是200，D错误

存储了经纬度，E错误

那么还差一个是否经过修改不知道，讲道理是可以查ZADDITIONALASSETATTRIBUTES的，但是我用了iOS_Local_PL_Photos.sqlite_Queries/iOS15/iOS15_LPL_Phsql_Basic.txt at main · ScottKjr3347/iOS_Local_PL_Photos.sqlite_Queries (github.com)里的sql语句，并修改了一下

SELECT zAsset.ZSORTTOKEN AS 'zAsset-Sort Token',
  zAsset.ZPROMOTIONSCORE AS 'zAsset-Promotion Score',
  CASE zAsset.ZCOMPLETE
    WHEN 1 THEN '1-Yes-1'
  END AS 'zAsset Complete',
  zAsset.Z_PK AS 'zAsset-zPK',
  zAddAssetAttr.Z_PK AS 'zAddAssetAttr-zPK',
  zCldMast.Z_PK AS 'zCldMast-zPK=zAsset-Master',
  zAsset.ZMASTER AS 'zAsset-Master=zCldMast-zPK',
  zAsset.ZEXTENDEDATTRIBUTES AS 'zAsset-Extended Attributes=zExtAttr-zPK',
  zExtAttr.Z_PK AS 'zExtAttr-zPK=zAsset-zExtendedAttributes',
  CMzCldMastMedData.ZCLOUDMASTER AS 'CMzCldMastMedData-CldMast=zCldMast-zPK',
  zCldMast.ZMEDIAMETADATA AS 'zCldMast-Media Metadata Key=zCldMastMedData.zPK',
  CMzCldMastMedData.Z_PK AS 'CMzCldMastMedData-zPK=zAddAssetAttr&zCldMast-MediaMetaData Key',
  CMzCldMastMedData.Z_ENT AS 'CMzCldMastMedData-zENT',
  zAsset.ZUUID AS 'zAsset-UUID = store.cloudphotodb',
  zAsset.ZCLOUDASSETGUID AS 'zAsset-Cloud_Asset_GUID = store.cloudphotodb',
  zAsset.ZCLOUDCOLLECTIONGUID AS 'zAsset.Cloud Collection GUID',
  zCldMast.ZCLOUDMASTERGUID AS 'zCldMast-Cloud_Master_GUID = store.cloudphotodb',
  zGenAlbum.ZCLOUDGUID AS 'zGenAlbum-Cloud_GUID = store.cloudphotodb',
  zShare.ZSCOPEIDENTIFIER AS 'zShare-Scope ID = store.cloudphotodb',
  zAddAssetAttr.ZORIGINALASSETSUUID AS 'zAddAssetAttr-Original Assets UUID',
  zAddAssetAttr.ZPUBLICGLOBALUUID AS 'zAddAssetAttr-Public Global UUID',
  zAddAssetAttr.ZMASTERFINGERPRINT AS 'zAddAssetAttr-Master Fingerprint',
  zAddAssetAttr.ZORIGINATINGASSETIDENTIFIER AS 'zAddAssetAttr-Originating Asset Identifier',
  zCldMast.ZORIGINATINGASSETIDENTIFIER AS 'zCldMast-Originating Asset ID',
  zIntResou.ZFINGERPRINT AS 'zIntResou-Fingerprint',
  zAddAssetAttr.ZADJUSTEDFINGERPRINT AS 'zAddAssetAttr.Adjusted Fingerprint',
  zUnmAdj.ZOTHERADJUSTMENTSFINGERPRINT AS 'zUnmAdj-Other Adjustments Fingerprint',
  zUnmAdj.ZSIMILARTOORIGINALADJUSTMENTSFINGERPRINT AS 'zUnmAdj-Similar to Orig Adjustments Fingerprint',
  CASE ParentzGenAlbum.ZCLOUDLOCALSTATE
    WHEN 0 THEN '0-iCldPhotos-ON=Asset_In_Shared/Other-Album/iCldPhotos-OFF=Generic_Album-0'
    WHEN 1 THEN '1-iCldPhotos-ON=Asset_In_Generic Album-1'
    ELSE 'Unknown-New-Value!: ' || ParentzGenAlbum.ZCLOUDLOCALSTATE || ''
  END AS 'ParentzGenAlbum-Cloud-Local-State-4Start',
  ParentzGenAlbum.ZTITLE AS 'ParentzGenAlbum-Title-4Start',
  DateTime(ParentzGenAlbum.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'ParentzGenAlbum-Creation Date-4Start',
  DateTime(zGenAlbum.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'zGenAlbum-Creation Date-4Start',
  CASE zGenAlbum.ZCLOUDLOCALSTATE
    WHEN 0 THEN '0-iCldPhotos-ON=Asset_In_Shared/Other-Album/iCldPhotos-OFF=Generic_Album-0'
    WHEN 1 THEN '1-iCldPhotos-ON=Asset_In_Generic_ Album-1'
    ELSE 'Unknown-New-Value!: ' || zGenAlbum.ZCLOUDLOCALSTATE || ''
  END AS 'zGenAlbum-Cloud_Local_State-4Start',
  zGenAlbum.ZTITLE AS 'zGenAlbum-Title-4Start',
  CASE zAsset.ZBUNDLESCOPE
    WHEN 0 THEN '0-iCldPhotos-ON=Not-In-Shared-Album_iCldPhotos-OFF=On-Local-Device-0'
    WHEN 1 THEN '1-SWY-Syndication_CMMAsset-1'
    WHEN 2 THEN '2-iCldPhotos-ON=Asset-In-Cloud-Shared-Album-2'
    WHEN 3 THEN '3-iCldPhotos-ON=SWY-Syndication-Asset-3'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZBUNDLESCOPE || ''
  END AS 'zAsset-Bundle Scope',
  CASE zAsset.ZCLOUDISMYASSET
    WHEN 0 THEN '0-Not_My_Asset_in_Shared_Album-0'
    WHEN 1 THEN '1-My_Asset_in_Shared_Album-1'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZCLOUDISMYASSET || ''
  END AS 'zAsset-Cloud is My Asset',
  CASE zAsset.ZCLOUDISDELETABLE
    WHEN 0 THEN '0-No-0'
    WHEN 1 THEN '1-Yes-1'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZCLOUDISDELETABLE || ''
  END AS 'zAsset-Cloud is deletable/Asset',
  CASE zAsset.ZCLOUDLOCALSTATE
    WHEN 0 THEN 'iCldPhotos ON=Asset_In_Shared-or-OtherAlbum/iCldPhotos_OFF=Not_Synced-0'
    WHEN 1 THEN 'iCldPhotos ON=Asset_Can-Be-or-Has-Been_Synced_with_iCloud-1'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZCLOUDLOCALSTATE || ''
  END AS 'zAsset-Cloud_Local_State',
  CASE zAsset.ZVISIBILITYSTATE
    WHEN 0 THEN '0-Visible-Photo-Library-0'
    WHEN 2 THEN '2-Not-Visible-Photo-Library-2'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZVISIBILITYSTATE || ''
  END AS 'zAsset-Visibility State',
  zExtAttr.ZCAMERAMAKE AS 'zExtAttr-Camera Make',
  zExtAttr.ZCAMERAMODEL AS 'zExtAttr-Camera Model',
  zExtAttr.ZLENSMODEL AS 'zExtAttr-Lens Model',
  CASE zExtAttr.ZFLASHFIRED
    WHEN 0 THEN '0-No Flash-0'
    WHEN 1 THEN '1-Flash Fired-1'
    ELSE 'Unknown-New-Value!: ' || zExtAttr.ZFLASHFIRED || ''
  END AS 'zExtAttr-Flash Fired',
  zExtAttr.ZFOCALLENGTH AS 'zExtAttr-Focal Lenght',
  zExtAttr.ZFOCALLENGTHIN35MM AS 'zExtAttr-Focal Lenth in 35MM',
  zExtAttr.ZDIGITALZOOMRATIO AS 'zExtAttr-Digital Zoom Ratio',
  CASE zAsset.ZDERIVEDCAMERACAPTUREDEVICE
    WHEN 0 THEN '0-Back-Camera/Other-0'
    WHEN 1 THEN '1-Front-Camera-1'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZDERIVEDCAMERACAPTUREDEVICE || ''
  END AS 'zAsset-Derived Camera Capture Device',
  CASE zAddAssetAttr.ZCAMERACAPTUREDEVICE
    WHEN 0 THEN '0-Back-Camera/Other-0'
    WHEN 1 THEN '1-Front-Camera-1'
    ELSE 'Unknown-New-Value!: ' || zAddAssetAttr.ZCAMERACAPTUREDEVICE || ''
  END AS 'zAddAssetAttr-Camera Captured Device',
  CASE zAddAssetAttr.ZIMPORTEDBY
    WHEN 0 THEN '0-Cloud-Other-0'
    WHEN 1 THEN '1-Native-Back-Camera-1'
    WHEN 2 THEN '2-Native-Front-Camera-2'
    WHEN 3 THEN '3-Third-Party-App-3'
    WHEN 4 THEN '4-StillTesting-4'
    WHEN 5 THEN '5-PhotoBooth_PL-Asset-5'
    WHEN 6 THEN '6-Third-Party-App-6'
    WHEN 7 THEN '7-iCloud_Share_Link-CMMAsset-7'
    WHEN 8 THEN '8-System-Package-App-8'
    WHEN 9 THEN '9-Native-App-9'
    WHEN 10 THEN '10-StillTesting-10'
    WHEN 11 THEN '11-StillTesting-11'
    WHEN 12 THEN '12-SWY_Syndication_PL-12'
    ELSE 'Unknown-New-Value!: ' || zAddAssetAttr.ZIMPORTEDBY || ''
  END AS 'zAddAssetAttr-Imported by',
  CASE zCldMast.ZIMPORTEDBY
    WHEN 0 THEN '0-Cloud-Other-0'
    WHEN 1 THEN '1-Native-Back-Camera-1'
    WHEN 2 THEN '2-Native-Front-Camera-2'
    WHEN 3 THEN '3-Third-Party-App-3'
    WHEN 4 THEN '4-StillTesting-4'
    WHEN 5 THEN '5-PhotoBooth_PL-Asset-5'
    WHEN 6 THEN '6-Third-Party-App-6'
    WHEN 7 THEN '7-iCloud_Share_Link-CMMAsset-7'
    WHEN 8 THEN '8-System-Package-App-8'
    WHEN 9 THEN '9-Native-App-9'
    WHEN 10 THEN '10-StillTesting-10'
    WHEN 11 THEN '11-StillTesting-11'
    WHEN 12 THEN '12-SWY_Syndication_PL-12'
    ELSE 'Unknown-New-Value!: ' || zCldMast.ZIMPORTEDBY || ''
  END AS 'zCldMast-Imported By',
  zAddAssetAttr.ZIMPORTEDBYBUNDLEIDENTIFIER AS 'zAddAssetAttr.Imported by Bundle Identifier',
  zAddAssetAttr.ZIMPORTEDBYDISPLAYNAME AS 'zAddAssetAttr-Imported By Display Name',
  zCldMast.ZIMPORTEDBYBUNDLEIDENTIFIER AS 'zCldMast-Imported by Bundle ID',
  zCldMast.ZIMPORTEDBYDISPLAYNAME AS 'zCldMast-Imported by Display Name',
  zAsset.ZIMAGEREQUESTHINTS AS 'zAsset-ImageRequestHints/HEX-Path',
  CASE zAsset.ZSAVEDASSETTYPE
    WHEN 0 THEN '0-Saved-via-other-source-0'
    WHEN 1 THEN '1-StillTesting-1'
    WHEN 2 THEN '2-StillTesting-2'
    WHEN 3 THEN '3-Local-Photo-Library-Asset-3'
    WHEN 4 THEN '4-Photo-Cloud-Sharing-Data-Asset-4'
    WHEN 5 THEN '5-PhotoBooth_Photo-Library-Asset-5'
    WHEN 6 THEN '6-Cloud-Photo-Library-Asset-6'
    WHEN 7 THEN '7-StillTesting-7'
    WHEN 8 THEN '8-iCloudLink_CloudMasterMomentAsset-8'
    WHEN 12 THEN '12-SWY-Syndication-PL-Asset/Auto-Displayed_in_LPL-12'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZSAVEDASSETTYPE || ''
  END AS 'zAsset-Saved Asset Type-LPL',
  zAsset.ZDIRECTORY AS 'zAsset-Directory/Path',
  zAsset.ZFILENAME AS 'zAsset-Filename',
  zAddAssetAttr.ZORIGINALFILENAME AS 'zAddAssetAttr-Original Filename',
  zCldMast.ZORIGINALFILENAME AS 'zCldMast-Orig Filename',
  zAddAssetAttr.ZSYNDICATIONIDENTIFIER AS 'zAddAssetAttr-Syndication Identifier',
  DateTime(zAsset.ZADDEDDATE + 978307200, 'UNIXEPOCH') AS 'zAsset-Add Date',
  CASE zAddAssetAttr.ZDATECREATEDSOURCE
    WHEN 0 THEN '0-Cloud-Asset-0'
    WHEN 1 THEN '1-Local_Asset_EXIF-1'
    WHEN 3 THEN '3-Local_Asset_No_EXIF-3'
    ELSE 'Unknown-New-Value!: ' || zAddAssetAttr.ZDATECREATEDSOURCE || ''
  END AS 'zAddAssetAttr-Date Created Source',
  DateTime(zAsset.ZDATECREATED + 978307200, 'UNIXEPOCH') AS 'zAsset-Date Created',
  DateTime(zCldMast.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'zCldMast-Creation Date',
  DateTime(zIntResou.ZCLOUDMASTERDATECREATED + 978307200, 'UNIXEPOCH') AS 'zIntResou-CldMst Date Created',
  zAddAssetAttr.ZTIMEZONENAME AS 'zAddAssetAttr-Time Zone Name',
  zAddAssetAttr.ZTIMEZONEOFFSET AS 'zAddAssetAttr-Time Zone Offset',
  zAddAssetAttr.ZINFERREDTIMEZONEOFFSET AS 'zAddAssetAttr-Inferred Time Zone Offset',
  zAddAssetAttr.ZEXIFTIMESTAMPSTRING AS 'zAddAssetAttr-EXIF-String',
  DateTime(zAsset.ZMODIFICATIONDATE + 978307200, 'UNIXEPOCH') AS 'zAsset-Modification Date',
  CASE zCldMast.ZCLOUDLOCALSTATE
    WHEN 0 THEN '0-Not Synced with Cloud-0'
    WHEN 1 THEN '1-Pending Upload-1'
    WHEN 2 THEN '2-StillTesting'
    WHEN 3 THEN '3-Synced with Cloud-3'
    ELSE 'Unknown-New-Value!: ' || zCldMast.ZCLOUDLOCALSTATE || ''
  END AS 'zCldMast-Cloud Local State',
  DateTime(zCldMast.ZIMPORTDATE + 978307200, 'UNIXEPOCH') AS 'zCldMast-Import Date',
  zAsset.ZIMPORTSESSION AS 'zAsset-Import Session',
  zAddAssetAttr.ZIMPORTSESSIONID AS 'zAddAssetAttr-Import Session ID',
  DateTime(zAddAssetAttr.ZALTERNATEIMPORTIMAGEDATE + 978307200, 'UNIXEPOCH') AS 'zAddAssetAttr-Alt Import Image Date',
  zCldMast.ZIMPORTSESSIONID AS 'zCldMast-Import Session ID',
  DateTime(zAsset.ZCLOUDBATCHPUBLISHDATE + 978307200, 'UNIXEPOCH') AS 'zAsset-Cloud Batch Publish Date',
  DateTime(zAsset.ZCLOUDSERVERPUBLISHDATE + 978307200, 'UNIXEPOCH') AS 'zAsset-Cloud Server Publish Date',
  zAsset.ZCLOUDDOWNLOADREQUESTS AS 'zAsset-Cloud Download Requests',
  zAsset.ZCLOUDBATCHID AS 'zAsset-Cloud Batch ID',
  DateTime(zAddAssetAttr.ZLASTUPLOADATTEMPTDATE + 978307200, 'UNIXEPOCH') AS 'zAddAssetAttr-Last Upload Attempt Date-SWY',
  zAddAssetAttr.ZUPLOADATTEMPTS AS 'zAddAssetAttr-Upload Attempts',
  CASE zAsset.ZLATITUDE
    WHEN -180.0 THEN '-180.0'
    ELSE zAsset.ZLATITUDE
  END AS 'zAsset-Latitude',
  zExtAttr.ZLATITUDE AS 'zExtAttr-Latitude',
  CASE zAsset.ZLONGITUDE
    WHEN -180.0 THEN '-180.0'
    ELSE zAsset.ZLONGITUDE
  END AS 'zAsset-Longitude',
  zExtAttr.ZLONGITUDE AS 'zExtAttr-Longitude',
  CASE zAddAssetAttr.ZGPSHORIZONTALACCURACY
    WHEN -1.0 THEN '-1.0'
    ELSE zAddAssetAttr.ZGPSHORIZONTALACCURACY
  END AS 'zAddAssetAttr-GPS Horizontal Accuracy',
  zAsset.ZLOCATIONDATA AS 'zAsset-Location Data/HEX',
  zAddAssetAttr.ZREVERSELOCATIONDATA AS 'zAddAssetAttr-Reverse Location Data/Orig-Asset/HEX NSKeyed Plist',
  CASE zAddAssetAttr.ZSHIFTEDLOCATIONISVALID
    WHEN 0 THEN '0-Shifted Location Not Valid-0'
    WHEN 1 THEN '1-Shifted Location Valid-1'
  END AS 'zAddAssetAttr-Shifted Location Valid',
  zAddAssetAttr.ZSHIFTEDLOCATIONDATA AS 'zAddAssetAttr-Shifted Location Data',
  zAddAssetAttr.ZLOCATIONHASH AS 'zAddAssetAttr-Location Hash',
  CASE AAAzCldMastMedData.Z_OPT
    WHEN 1 THEN '1-StillTesting-Cloud-1'
    WHEN 2 THEN '2-StillTesting-This Device-2'
    WHEN 3 THEN '3-StillTesting-Muted-3'
    WHEN 4 THEN '4-StillTesting-Unknown-4'
    WHEN 5 THEN '5-StillTesting-Unknown-5'
    ELSE 'Unknown-New-Value!: ' || AAAzCldMastMedData.Z_OPT || ''
  END AS 'AAAzCldMastMedData-zOPT',
  zAddAssetAttr.ZMEDIAMETADATATYPE AS 'zAddAssetAttr-Media Metadata Type',
  AAAzCldMastMedData.ZDATA AS 'AAAzCldMastMedData-Data/HEX',
  CASE CMzCldMastMedData.Z_OPT
    WHEN 1 THEN '1-StillTesting-Has_CldMastAsset-1'
    WHEN 2 THEN '2-StillTesting-Local_Asset-2'
    WHEN 3 THEN '3-StillTesting-Muted-3'
    WHEN 4 THEN '4-StillTesting-Unknown-4'
    WHEN 5 THEN '5-StillTesting-Unknown-5'
    ELSE 'Unknown-New-Value!: ' || CMzCldMastMedData.Z_OPT || ''
  END AS 'CldMasterzCldMastMedData-zOPT',
  zCldMast.ZMEDIAMETADATATYPE AS 'zCldMast-Media Metadata Type',
  CMzCldMastMedData.ZDATA AS 'CMzCldMastMedData-Data/HEX',
  CASE zAsset.ZORIENTATION
    WHEN 1 THEN '1-Video-Default/Adjustment/Horizontal-Camera-(left)-1'
    WHEN 2 THEN '2-Horizontal-Camera-(right)-2'
    WHEN 3 THEN '3-Horizontal-Camera-(right)-3'
    WHEN 4 THEN '4-Horizontal-Camera-(left)-4'
    WHEN 5 THEN '5-Vertical-Camera-(top)-5'
    WHEN 6 THEN '6-Vertical-Camera-(top)-6'
    WHEN 7 THEN '7-Vertical-Camera-(bottom)-7'
    WHEN 8 THEN '8-Vertical-Camera-(bottom)-8'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZORIENTATION || ''
  END AS 'zAsset-Orientation',
  CASE zAddAssetAttr.ZORIGINALORIENTATION
    WHEN 1 THEN '1-Video-Default/Adjustment/Horizontal-Camera-(left)-1'
    WHEN 2 THEN '2-Horizontal-Camera-(right)-2'
    WHEN 3 THEN '3-Horizontal-Camera-(right)-3'
    WHEN 4 THEN '4-Horizontal-Camera-(left)-4'
    WHEN 5 THEN '5-Vertical-Camera-(top)-5'
    WHEN 6 THEN '6-Vertical-Camera-(top)-6'
    WHEN 7 THEN '7-Vertical-Camera-(bottom)-7'
    WHEN 8 THEN '8-Vertical-Camera-(bottom)-8'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZORIENTATION || ''
  END AS 'zAddAssetAttr-Original Orientation',
  CASE zIntResou.ZORIENTATION
    WHEN 0 THEN '0-NA-0'
    WHEN 1 THEN '1-Video-Default/Adjustment/Horizontal-Camera-(left)-1'
    WHEN 2 THEN '2-Horizontal-Camera-(right)-2'
    WHEN 3 THEN '3-Horizontal-Camera-(right)-3'
    WHEN 4 THEN '4-Horizontal-Camera-(left)-4'
    WHEN 5 THEN '5-Vertical-Camera-(top)-5'
    WHEN 6 THEN '6-Vertical-Camera-(top)-6'
    WHEN 7 THEN '7-Vertical-Camera-(bottom)-7'
    WHEN 8 THEN '8-Vertical-Camera-(bottom)-8'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZORIENTATION || ''
  END AS 'zIntResou-Orientation',
  CASE zAsset.ZKIND
    WHEN 0 THEN '0-Photo-0'
    WHEN 1 THEN '1-Video-1'
  END AS 'zAsset-Kind',
  CASE zAsset.ZKINDSUBTYPE
    WHEN 0 THEN '0-Still-Photo-0'
    WHEN 2 THEN '2-Live-Photo-2'
    WHEN 10 THEN '10-SpringBoard-Screenshot-10'
    WHEN 100 THEN '100-Video-100'
    WHEN 101 THEN '101-Slow-Mo-Video-101'
    WHEN 102 THEN '102-Time-lapse-Video-102'
    WHEN 103 THEN '103-Replay_Screen_Recording-103'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZKINDSUBTYPE || ''
  END AS 'zAsset-Kind-Sub-Type',
  CASE zAddAssetAttr.ZCLOUDKINDSUBTYPE
    WHEN 0 THEN '0-Still-Photo-0'
    WHEN 1 THEN '1-StillTesting'
    WHEN 2 THEN '2-Live-Photo-2'
    WHEN 3 THEN '3-Screenshot-3'
    WHEN 10 THEN '10-SpringBoard-Screenshot-10'
    WHEN 100 THEN '100-Video-100'
    WHEN 101 THEN '101-Slow-Mo-Video-101'
    WHEN 102 THEN '102-Time-lapse-Video-102'
    WHEN 103 THEN '103-Replay_Screen_Recording-103'
    ELSE 'Unknown-New-Value!: ' || zAddAssetAttr.ZCLOUDKINDSUBTYPE || ''
  END AS 'zAddAssetAttr-Cloud Kind Sub Type',
  CASE zAsset.ZPLAYBACKSTYLE
    WHEN 1 THEN '1-Image-1'
    WHEN 2 THEN '2-Image-Animated-2'
    WHEN 3 THEN '3-Live-Photo-3'
    WHEN 4 THEN '4-Video-4'
    WHEN 5 THEN '5-Video-Looping-5'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZPLAYBACKSTYLE || ''
  END AS 'zAsset-Playback Style',
  zAsset.ZPLAYBACKVARIATION AS 'zAsset-Playback Variation',
  zAsset.ZDURATION AS 'zAsset-Video Duration',
  zExtAttr.ZDURATION AS 'zExtAttr-Duration',
  zAsset.ZVIDEOCPDURATIONVALUE AS 'zAsset-Video CP Duration',
  zAddAssetAttr.ZVIDEOCPDURATIONTIMESCALE AS 'zAddAssetAttr-Video CP Duration Time Scale',
  zAsset.ZVIDEOCPVISIBILITYSTATE AS 'zAsset-Video CP Visibility State',
  zAddAssetAttr.ZVIDEOCPDISPLAYVALUE AS 'zAddAssetAttr-Video CP Display Value',
  zAddAssetAttr.ZVIDEOCPDISPLAYTIMESCALE AS 'zAddAssetAttr-Video CP Display Time Scale',
  zIntResou.ZASSET AS 'zIntResou-Asset=zAsset.zPK',
  zIntResou.Z_PK AS 'zIntResou-zPK',
  zIntResou.Z_ENT AS 'zIntResou-zENT',
  zIntResou.Z_OPT AS 'zIntResou-zOPT',
  zIntResou.ZQUALITYSORTVALUE AS 'zIntResou-Quality Sort Value Key',
  CASE zIntResou.ZDATASTORECLASSID
    WHEN 0 THEN '0-LPL-Asset_CPL-Asset-0'
    WHEN 1 THEN '1-StillTesting-1'
    WHEN 2 THEN '2-Photo-Cloud-Sharing-Asset-2'
    WHEN 3 THEN '3-SWY_Syndication_Asset-3'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZDATASTORECLASSID || ''
  END AS 'zIntResou-Datastore Class ID',
  CASE zAsset.ZCLOUDPLACEHOLDERKIND
    WHEN 0 THEN '0-Local&CloudMaster Asset-0'
    WHEN 1 THEN '1-StillTesting-1'
    WHEN 2 THEN '2-StillTesting-2'
    WHEN 3 THEN '3-JPG-Asset_Only_PhDa/Thumb/V2-3'
    WHEN 4 THEN '4-LPL-JPG-Asset_CPLAsset-OtherType-4'
    WHEN 5 THEN '5-Asset_synced_CPL_2_Device-5'
    WHEN 6 THEN '6-StillTesting-6'
    WHEN 7 THEN '7-LPL-poster-JPG-Asset_CPLAsset-MP4-7'
    WHEN 8 THEN '8-LPL-JPG_Asset_CPLAsset-LivePhoto-MOV-8'
    WHEN 9 THEN '9-CPL_MP4_Asset_Saved_2_LPL-9'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZCLOUDPLACEHOLDERKIND || ''
  END AS 'zAsset-Cloud Placeholder Kind',
  CASE zIntResou.ZLOCALAVAILABILITY
    WHEN -1 THEN '(-1)-IR_Asset_Not_Avail_Locally(-1)'
    WHEN 1 THEN '1-IR_Asset_Avail_Locally-1'
    WHEN -32768 THEN '(-32768)_IR_Asset-SWY-Linked_Asset(-32768)'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZLOCALAVAILABILITY || ''
  END AS 'zIntResou-Local Availability',
  CASE zIntResou.ZLOCALAVAILABILITYTARGET
    WHEN 0 THEN '0-StillTesting-0'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZLOCALAVAILABILITYTARGET || ''
  END AS 'zIntResou-Local Availability Target',
  CASE zIntResou.ZCLOUDLOCALSTATE
    WHEN 0 THEN '0-IR_Asset_Not_Synced_No_IR-CldMastDateCreated-0'
    WHEN 1 THEN '1-IR_Asset_Pening-Upload-1'
    WHEN 2 THEN '2-IR_Asset_Photo_Cloud_Share_Asset_On-Local-Device-2'
    WHEN 3 THEN '3-IR_Asset_Synced_iCloud-3'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZCLOUDLOCALSTATE || ''
  END AS 'zIntResou-Cloud Local State',
  CASE zIntResou.ZREMOTEAVAILABILITY
    WHEN 0 THEN '0-IR_Asset-Not-Avail-Remotely-0'
    WHEN 1 THEN '1-IR_Asset_Avail-Remotely-1'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZREMOTEAVAILABILITY || ''
  END AS 'zIntResou-Remote Availability',
  CASE zIntResou.ZREMOTEAVAILABILITYTARGET
    WHEN 0 THEN '0-StillTesting-0'
    WHEN 1 THEN '1-StillTesting-1'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZREMOTEAVAILABILITYTARGET || ''
  END AS 'zIntResou-Remote Availability Target',
  zIntResou.ZTRANSIENTCLOUDMASTER AS 'zIntResou-Transient Cloud Master',
  zIntResou.ZSIDECARINDEX AS 'zIntResou-Side Car Index',
  zIntResou.ZFILEID AS 'zIntResou- File ID',
  CASE zIntResou.ZVERSION
    WHEN 0 THEN '0-IR_Asset_Standard-0'
    WHEN 1 THEN '1-StillTesting-1'
    WHEN 2 THEN '2-IR_Asset_Adjustments-Mutation-2'
    WHEN 3 THEN '3-IR_Asset_No_IR-CldMastDateCreated-3'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZVERSION || ''
  END AS 'zIntResou-Version',
  zAddAssetAttr.ZORIGINALFILESIZE AS 'zAddAssetAttr- Original-File-Size',
  CASE zIntResou.ZRESOURCETYPE
    WHEN 0 THEN '0-Photo-0'
    WHEN 1 THEN '1-Video-1'
    WHEN 3 THEN '3-Live-Photo-3'
    WHEN 5 THEN '5-Adjustement-Data-5'
    WHEN 6 THEN '6-Screenshot-6'
    WHEN 9 THEN '9-AlternatePhoto-3rdPartyApp-StillTesting-9'
    WHEN 13 THEN '13-Movie-13'
    WHEN 14 THEN '14-Wallpaper-14'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZRESOURCETYPE || ''
  END AS 'zIntResou-Resource Type',
  zIntResou.ZDATASTOREKEYDATA AS 'zIntResou-DataStoreKeyData/HEX',
  CASE zIntResou.ZDATASTORESUBTYPE
    WHEN 0 THEN '0-No Cloud Inter Resource-0'
    WHEN 1 THEN '1-Main-Asset-Orig-Size-1'
    WHEN 2 THEN '2-Photo-with-Adjustments-2'
    WHEN 3 THEN '3-JPG-Large-Thumb-3'
    WHEN 4 THEN '4-JPG-Med-Thumb-4'
    WHEN 5 THEN '5-JPG-Small-Thumb-5'
    WHEN 6 THEN '6-Video-Med-Data-6'
    WHEN 7 THEN '7-Video-Small-Data-7'
    WHEN 8 THEN '8-MP4-Cloud-Share-8'
    WHEN 9 THEN '9-StillTesting'
    WHEN 10 THEN '10-3rdPartyApp_thumb-StillTesting-10'
    WHEN 11 THEN '11-StillTesting'
    WHEN 12 THEN '12-StillTesting'
    WHEN 13 THEN '13-PNG-Optimized_CPLAsset-13'
    WHEN 14 THEN '14-Wallpaper-14'
    WHEN 15 THEN '15-Has-Markup-and-Adjustments-15'
    WHEN 16 THEN '16-Video-with-Adjustments-16'
    WHEN 17 THEN '17-RAW_Photo-17_RT'
    WHEN 18 THEN '18-Live-Photo-Video_Optimized_CPLAsset-18'
    WHEN 19 THEN '19-Live-Photo-with-Adjustments-19'
    WHEN 20 THEN '20-StillTesting'
    WHEN 21 THEN '21-MOV-Optimized_HEVC-4K_video-21'
    WHEN 22 THEN '22-Adjust-Mutation_AAE_Asset-22'
    WHEN 23 THEN '23-StillTesting'
    WHEN 24 THEN '24-StillTesting'
    WHEN 25 THEN '25-StillTesting'
    WHEN 26 THEN '26-MOV-Optimized_CPLAsset-26'
    WHEN 27 THEN '27-StillTesting'
    WHEN 28 THEN '28-MOV-Med-hdr-Data-28'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZDATASTORESUBTYPE || ''
  END AS 'zIntResou-Datastore Sub-Type',
  CASE zIntResou.ZCLOUDSOURCETYPE
    WHEN 0 THEN '0-NA-0'
    WHEN 1 THEN '1-Main-Asset-Orig-Size-1'
    WHEN 2 THEN '2-Photo-with-Adjustments-2'
    WHEN 3 THEN '3-JPG-Large-Thumb-3'
    WHEN 4 THEN '4-JPG-Med-Thumb-4'
    WHEN 5 THEN '5-JPG-Small-Thumb-5'
    WHEN 6 THEN '6-Video-Med-Data-6'
    WHEN 7 THEN '7-Video-Small-Data-7'
    WHEN 8 THEN '8-MP4-Cloud-Share-8'
    WHEN 9 THEN '9-StillTesting'
    WHEN 10 THEN '10-3rdPartyApp_thumb-StillTesting-10'
    WHEN 11 THEN '11-StillTesting'
    WHEN 12 THEN '12-StillTesting'
    WHEN 13 THEN '13-PNG-Optimized_CPLAsset-13'
    WHEN 14 THEN '14-Wallpaper-14'
    WHEN 15 THEN '15-Has-Markup-and-Adjustments-15'
    WHEN 16 THEN '16-Video-with-Adjustments-16'
    WHEN 17 THEN '17-RAW_Photo-17_RT'
    WHEN 18 THEN '18-Live-Photo-Video_Optimized_CPLAsset-18'
    WHEN 19 THEN '19-Live-Photo-with-Adjustments-19'
    WHEN 20 THEN '20-StillTesting'
    WHEN 21 THEN '21-MOV-Optimized_HEVC-4K_video-21'
    WHEN 22 THEN '22-Adjust-Mutation_AAE_Asset-22'
    WHEN 23 THEN '23-StillTesting'
    WHEN 24 THEN '24-StillTesting'
    WHEN 25 THEN '25-StillTesting'
    WHEN 26 THEN '26-MOV-Optimized_CPLAsset-26'
    WHEN 27 THEN '27-StillTesting'
    WHEN 28 THEN '28-MOV-Med-hdr-Data-28'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZCLOUDSOURCETYPE || ''
  END AS 'zIntResou-Cloud Source Type',
  zIntResou.ZDATALENGTH AS 'zIntResou-Data Length',
  CASE zIntResou.ZRECIPEID
    WHEN 0 THEN '0-OrigFileSize_match_DataLength_or_Optimized-0'
    WHEN 65737 THEN '65737-full-JPG_Orig-ProRAW_DNG-65737'
    WHEN 65739 THEN '65739-JPG_Large_Thumb-65739'
    WHEN 65741 THEN '65741-Various_Asset_Types-or-Thumbs-65741'
    WHEN 65743 THEN '65743-ResouType-Photo_5003-or-5005-JPG_Thumb-65743'
    WHEN 65749 THEN '65749-LocalVideoKeyFrame-JPG_Thumb-65749'
    WHEN 65938 THEN '65938-FullSizeRender-Photo-or-plist-65938'
    WHEN 131072 THEN '131072-FullSizeRender-Video-or-plist-131072'
    WHEN 131077 THEN '131077-medium-MOV_HEVC-4K-131077'
    WHEN 131079 THEN '131079-medium-MP4_Adj-Mutation_Asset-131079'
    WHEN 131081 THEN '131081-ResouType-Video_5003-or-5005-JPG_Thumb-131081'
    WHEN 131272 THEN '131272-FullSizeRender-Video_LivePhoto_Adj-Mutation-131272'
    WHEN 131275 THEN '131275-medium-MOV_LivePhoto-131275'
    WHEN 131277 THEN '131277-No-IR-Asset_LivePhoto-iCloud_Sync_Asset-131277'
    WHEN 131475 THEN '131475-medium-hdr-MOV-131475'
    WHEN 327683 THEN '327683-JPG-Thumb_for_3rdParty-StillTesting-327683'
    WHEN 327687 THEN '627687-WallpaperComputeResource-627687'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZRECIPEID || ''
  END AS 'zIntResou-Recipe ID',
  CASE zIntResou.ZCLOUDLASTPREFETCHDATE
    WHEN 0 THEN '0-NA-0'
    ELSE DateTime(zIntResou.ZCLOUDLASTPREFETCHDATE + 978307200, 'UNIXEPOCH')
  END AS 'zIntResou-Cloud Last Prefetch Date',
  zIntResou.ZCLOUDPREFETCHCOUNT AS 'zIntResou-Cloud Prefetch Count',
  DateTime(zIntResou.ZCLOUDLASTONDEMANDDOWNLOADDATE + 978307200, 'UNIXEPOCH') AS 'zIntResou- Cloud-Last-OnDemand Download-Date',
  CASE zIntResou.ZUTICONFORMANCEHINT
    WHEN 0 THEN '0-NA/Doesnt_Conform-0'
    WHEN 1 THEN '1-UTTypeImage-1'
    WHEN 2 THEN '2-UTTypeProRawPhoto-2'
    WHEN 3 THEN '3-UTTypeMovie-3'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZUTICONFORMANCEHINT || ''
  END AS 'zIntResou-UniformTypeID_UTI_Conformance_Hint',
  CASE zIntResou.ZCOMPACTUTI
    WHEN 1 THEN '1-JPEG/THM-1'
    WHEN 3 THEN '3-HEIC-3'
    WHEN 6 THEN '6-PNG-6'
    WHEN 7 THEN '7-StillTesting'
    WHEN 9 THEN '9-DNG-9'
    WHEN 23 THEN '23-JPEG/HEIC/quicktime-mov-23'
    WHEN 24 THEN '24-MPEG4-24'
    WHEN 36 THEN '36-Wallpaper-36'
    WHEN 37 THEN '37-Adj/Mutation_Data-37'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZCOMPACTUTI || ''
  END AS 'zIntResou-Compact-UTI',
  zAsset.ZUNIFORMTYPEIDENTIFIER AS 'zAsset-Uniform Type ID',
  zAsset.ZORIGINALCOLORSPACE AS 'zAsset-Original Color Space',
  zCldMast.ZUNIFORMTYPEIDENTIFIER AS 'zCldMast-Uniform_Type_ID',
  CASE zCldMast.ZFULLSIZEJPEGSOURCE
    WHEN 0 THEN '0-CldMast-JPEG-Source-Video Still-Testing-0'
    WHEN 1 THEN '1-CldMast-JPEG-Source-Other- Still-Testing-1'
    ELSE 'Unknown-New-Value!: ' || zCldMast.ZFULLSIZEJPEGSOURCE || ''
  END AS 'zCldMast-Full Size JPEG Source',
  zAsset.ZHDRGAIN AS 'zAsset-HDR Gain',
  CASE zAsset.ZHDRTYPE
    WHEN 0 THEN '0-No-HDR-0'
    WHEN 3 THEN '3-HDR_Photo-3_RT'
    WHEN 4 THEN '4-Non-HDR_Version-4_RT'
    WHEN 5 THEN '5-HEVC_Movie-5'
    WHEN 6 THEN '6-Panorama-6_RT'
    WHEN 10 THEN '10-HDR-Gain-10'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZHDRTYPE || ''
  END AS 'zAsset-zHDR_Type',
  zExtAttr.ZCODEC AS 'zExtAttr-Codec',
  zIntResou.ZCODECFOURCHARCODENAME AS 'zIntResou-Codec Four Char Code Name',
  zCldMast.ZCODECNAME AS 'zCldMast-Codec Name',
  zCldMast.ZVIDEOFRAMERATE AS 'zCldMast-Video Frame Rate',
  zCldMast.ZPLACEHOLDERSTATE AS 'zCldMast-Placeholder State',
  CASE zAsset.ZDEPTHTYPE
    WHEN 0 THEN '0-Not_Portrait-0_RT'
    ELSE 'Portrait: ' || zAsset.ZDEPTHTYPE || ''
  END AS 'zAsset-Depth_Type',
  zAsset.ZAVALANCHEUUID AS 'zAsset-Avalanche UUID',
  CASE zAsset.ZAVALANCHEPICKTYPE
    WHEN 0 THEN '0-NA/Single_Asset_Burst_UUID-0_RT'
    WHEN 2 THEN '2-Burst_Asset_Not_Selected-2_RT'
    WHEN 4 THEN '4-Burst_Asset_PhotosApp_Picked_KeyImage-4_RT'
    WHEN 8 THEN '8-Burst_Asset_Selected_for_LPL-8_RT'
    WHEN 16 THEN '16-Top_Burst_Asset_inStack_KeyImage-16_RT'
    WHEN 32 THEN '32-StillTesting-32_RT'
    WHEN 52 THEN '52-Burst_Asset_Visible_LPL-52'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZAVALANCHEPICKTYPE || ''
  END AS 'zAsset-Avalanche_Pick_Type/BurstAsset',
  CASE zAddAssetAttr.ZCLOUDAVALANCHEPICKTYPE
    WHEN 0 THEN '0-NA/Single_Asset_Burst_UUID-0_RT'
    WHEN 2 THEN '2-Burst_Asset_Not_Selected-2_RT'
    WHEN 4 THEN '4-Burst_Asset_PhotosApp_Picked_KeyImage-4_RT'
    WHEN 8 THEN '8-Burst_Asset_Selected_for_LPL-8_RT'
    WHEN 16 THEN '16-Top_Burst_Asset_inStack_KeyImage-16_RT'
    WHEN 32 THEN '32-StillTesting-32_RT'
    WHEN 52 THEN '52-Burst_Asset_Visible_LPL-52'
    ELSE 'Unknown-New-Value!: ' || zAddAssetAttr.ZCLOUDAVALANCHEPICKTYPE || ''
  END AS 'zAddAssetAttr-Cloud_Avalanche_Pick_Type/BurstAsset',
  CASE zAddAssetAttr.ZCLOUDRECOVERYSTATE
    WHEN 0 THEN '0-StillTesting-0'
    WHEN 1 THEN '1-StillTesting-1'
    ELSE 'Unknown-New-Value!: ' || zAddAssetAttr.ZCLOUDRECOVERYSTATE || ''
  END AS 'zAddAssetAttr-Cloud Recovery State',
  zAddAssetAttr.ZCLOUDSTATERECOVERYATTEMPTSCOUNT AS 'zAddAssetAttr-Cloud State Recovery Attempts Count',
  zAsset.ZDEFERREDPROCESSINGNEEDED AS 'zAsset-Deferred Processing Needed',
  zAsset.ZVIDEODEFERREDPROCESSINGNEEDED AS 'zAsset-Video Deferred Processing Needed',
  zAddAssetAttr.ZDEFERREDPHOTOIDENTIFIER AS 'zAddAssetAttr-Deferred Photo Identifier',
  zAddAssetAttr.ZDEFERREDPROCESSINGCANDIDATEOPTIONS AS 'zAddAssetAttr-Deferred Processing Candidate Options',
  CASE zAsset.ZHASADJUSTMENTS
    WHEN 0 THEN '0-No-Adjustments-0'
    WHEN 1 THEN '1-Yes-Adjustments-1'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZHASADJUSTMENTS || ''
  END AS 'zAsset-Has Adjustments/Camera-Effects-Filters',
  zUnmAdj.ZASSETATTRIBUTES AS 'zUnmAdj-Asset Attributes=zAddAssetAttr.zPK',
  zAddAssetAttr.ZUNMANAGEDADJUSTMENT AS 'zAddAssetAttr-UnmanAdjust Key=zUnmAdj.zPK',
  zUnmAdj.Z_PK AS 'zUnmAdj-zPK=zAddAssetAttr.ZUnmanAdj Key',
  zUnmAdj.ZUUID AS 'zUnmAdj-UUID',
  DateTime(zAsset.ZADJUSTMENTTIMESTAMP + 978307200, 'UNIXEPOCH') AS 'zAsset-Adjustment Timestamp',
  DateTime(zUnmAdj.ZADJUSTMENTTIMESTAMP + 978307200, 'UNIXEPOCH') AS 'zUnmAdj-Adjustment Timestamp',
  zAddAssetAttr.ZEDITORBUNDLEID AS 'zAddAssetAttr-Editor Bundle ID',
  zUnmAdj.ZEDITORLOCALIZEDNAME AS 'zUnmAdj-Editor Localized Name',
  zUnmAdj.ZADJUSTMENTFORMATIDENTIFIER AS 'zUnmAdj-Adjustment Format ID',
  zAddAssetAttr.ZMONTAGE AS 'zAddAssetAttr-Montage',
  CASE zUnmAdj.ZADJUSTMENTRENDERTYPES
    WHEN 0 THEN '0-Standard or Portrait with erros-0'
    WHEN 1 THEN '1-StillTesting-1'
    WHEN 2 THEN '2-Portrait-2'
    WHEN 3 THEN '3-StillTesting-3'
    WHEN 4 THEN '4-StillTesting-4'
    ELSE 'Unknown-New-Value!: ' || zUnmAdj.ZADJUSTMENTRENDERTYPES || ''
  END AS 'zUnmAdj-Adjustment Render Types',
  CASE zUnmAdj.ZADJUSTMENTFORMATVERSION
    WHEN 1.0 THEN '1.0-Markup-1.0'
    WHEN 1.1 THEN '1.1-Slow-Mo-1.1'
    WHEN 1.2 THEN '1.2-StillTesting'
    WHEN 1.3 THEN '1.3-StillTesting'
    WHEN 1.4 THEN '1.4-Filter-1.4'
    WHEN 1.5 THEN '1.5-Adjust-1.5'
    WHEN 1.6 THEN '1.6-Video-Trim-1.6'
    WHEN 1.7 THEN '1.7-StillTesting'
    WHEN 1.8 THEN '1.8-StillTesting'
    WHEN 1.9 THEN '1.9-StillTesting'
    WHEN 2.0 THEN '2.0-ScreenshotServices'
    ELSE 'Unknown-New-Value!: ' || zUnmAdj.ZADJUSTMENTFORMATVERSION || ''
  END AS 'zUnmAdj-Adjustment Format Version',
  zUnmAdj.ZADJUSTMENTBASEIMAGEFORMAT AS 'zUnmAdj-Adjustment Base Image Format',
  CASE zAsset.ZFAVORITE
    WHEN 0 THEN '0-Asset Not Favorite-0'
    WHEN 1 THEN '1-Asset Favorite-1'
  END AS 'zAsset-Favorite',
  CASE zAsset.ZHIDDEN
    WHEN 0 THEN '0-Asset Not Hidden-0'
    WHEN 1 THEN '1-Asset Hidden-1'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZHIDDEN || ''
  END AS 'zAsset-Hidden',
  CASE zAsset.ZTRASHEDSTATE
    WHEN 0 THEN '0-Asset Not In Trash/Recently Deleted-0'
    WHEN 1 THEN '1-Asset In Trash/Recently Deleted-1'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZTRASHEDSTATE || ''
  END AS 'zAsset-Trashed State/LocalAssetRecentlyDeleted',
  DateTime(zAsset.ZTRASHEDDATE + 978307200, 'UNIXEPOCH') AS 'zAsset-Trashed Date',
  CASE zIntResou.ZTRASHEDSTATE
    WHEN 0 THEN '0-zIntResou-Not In Trash/Recently Deleted-0'
    WHEN 1 THEN '1-zIntResou-In Trash/Recently Deleted-1'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZTRASHEDSTATE || ''
  END AS 'zIntResou-Trash State',
  DateTime(zIntResou.ZTRASHEDDATE + 978307200, 'UNIXEPOCH') AS 'zIntResou-Trashed Date',
  CASE zAsset.ZCLOUDDELETESTATE
    WHEN 0 THEN '0-Cloud Asset Not Deleted-0'
    WHEN 1 THEN '1-Cloud Asset Deleted-1'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZCLOUDDELETESTATE || ''
  END AS 'zAsset-Cloud Delete State',
  CASE zIntResou.ZCLOUDDELETESTATE
    WHEN 0 THEN '0-Cloud IntResou Not Deleted-0'
    WHEN 1 THEN '1-Cloud IntResou Deleted-1'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZCLOUDDELETESTATE || ''
  END AS 'zIntResou-Cloud Delete State',
  CASE zAddAssetAttr.ZPTPTRASHEDSTATE
    WHEN 0 THEN '0-PTP Not in Trash-0'
    WHEN 1 THEN '1-PTP In Trash-1'
    ELSE 'Unknown-New-Value!: ' || zAddAssetAttr.ZPTPTRASHEDSTATE || ''
  END AS 'zAddAssetAttr-PTP Trashed State',
  CASE zIntResou.ZPTPTRASHEDSTATE
    WHEN 0 THEN '0-PTP IntResou Not in Trash-0'
    WHEN 1 THEN '1-PTP IntResou In Trash-1'
    ELSE 'Unknown-New-Value!: ' || zIntResou.ZPTPTRASHEDSTATE || ''
  END AS 'zIntResou-PTP Trashed State',
  zIntResou.ZCLOUDDELETEASSETUUIDWITHRESOURCETYPE AS 'zIntResou-Cloud Delete Asset UUID With Resource Type',
  DateTime(zMedAnlyAstAttr.ZMEDIAANALYSISTIMESTAMP + 978307200, 'UNIXEPOCH') AS 'zMedAnlyAstAttr-Media Analysis Timestamp',
  DateTime(zAsset.ZANALYSISSTATEMODIFICATIONDATE + 978307200, 'UNIXEPOCH') AS 'zAsset-Analysis State Modificaion Date',
  zAddAssetAttr.ZPENDINGVIEWCOUNT AS 'zAddAssetAttr-Pending View Count',
  zAddAssetAttr.ZVIEWCOUNT AS 'zAddAssetAttr-View Count',
  zAddAssetAttr.ZPENDINGPLAYCOUNT AS 'zAddAssetAttr-Pending Play Count',
  zAddAssetAttr.ZPLAYCOUNT AS 'zAddAssetAttr-Play Count',
  zAddAssetAttr.ZPENDINGSHARECOUNT AS 'zAddAssetAttr-Pending Share Count',
  zAddAssetAttr.ZSHARECOUNT AS 'zAddAssetAttr-Share Count',
  DateTime(zAsset.ZLASTSHAREDDATE + 978307200, 'UNIXEPOCH') AS 'zAsset-Last Shared Date',
  zAddAssetAttr.ZSHAREORIGINATOR AS 'zAddAssetAttr-Share Originator',
  CASE zAsset.ZSYNDICATIONSTATE
    WHEN 0 THEN '0-Local-PL_Asset_Syndication_State_NA-0'
    ELSE 'Unknown-New-Value!: ' || zAsset.ZSYNDICATIONSTATE || ''
  END AS 'zAsset-Syndication State-LPL',
  zAddAssetAttr.ZSYNDICATIONHISTORY AS 'zAddAssetAttr-Syndication History',
  zMedAnlyAstAttr.ZSYNDICATIONPROCESSINGVERSION AS 'zMedAnlyAstAttr-Syndication Processing Version',
  CASE zMedAnlyAstAttr.ZSYNDICATIONPROCESSINGVALUE
    WHEN 0 THEN '0-NA-0'
    WHEN 1 THEN '1-STILLTESTING_Wide-Camera_JPG-1'
    WHEN 2 THEN '2-STILLTESTING_Telephoto_Camear_Lens-2'
    WHEN 4 THEN '4-STILLTESTING_SWY_Asset_OrigAssetImport_SystemPackageApp-4'
    WHEN 16 THEN '16-STILLTESTING-16'
    WHEN 1024 THEN '1024-STILLTESTING_SWY_Asset_OrigAssetImport_NativeCamera-1024'
    WHEN 2048 THEN '2048-STILLTESTING-2048'
    WHEN 4096 THEN '4096-STILLTESTING_SWY_Asset_Manually_Saved-4096'
    ELSE 'Unknown-New-Value!: ' || zMedAnlyAstAttr.ZSYNDICATIONPROCESSINGVALUE || ''
  END AS 'zMedAnlyAstAttr-Syndication Processing Value',
  CASE zAddAssetAttr.ZALLOWEDFORANALYSIS
    WHEN 0 THEN '0-Asset Not Allowed For Analysis-0'
    WHEN 1 THEN '1-Asset Allowed for Analysis-1'
    ELSE 'Unknown-New-Value!: ' || zAddAssetAttr.ZALLOWEDFORANALYSIS || ''
  END AS 'zAddAssetAttr-Allowed for Analysis',
  zAddAssetAttr.ZSCENEANALYSISVERSION AS 'zAddAssetAttr-Scene Analysis Version',
  CASE zAddAssetAttr.ZSCENEANALYSISISFROMPREVIEW
    WHEN 0 THEN '0-No-0'
    ELSE 'Unknown-New-Value!: ' || zAddAssetAttr.ZSCENEANALYSISISFROMPREVIEW || ''
  END AS 'zAddAssetAttr-Scene Analysis is From Preview',
  DateTime(zAddAssetAttr.ZSCENEANALYSISTIMESTAMP + 978307200, 'UNIXEPOCH') AS 'zAddAssetAttr-Scene Analysis Timestamp',
  CASE zAddAssetAttr.ZDESTINATIONASSETCOPYSTATE
    WHEN 0 THEN '0-No Copy-0'
    WHEN 1 THEN '1-Has A Copy-1'
    WHEN 2 THEN '2-Has A Copy-2'
    ELSE 'Unknown-New-Value!: ' || zAddAssetAttr.ZDESTINATIONASSETCOPYSTATE || ''
  END AS 'zAddAssetAttr-Destination Asset Copy State',
  zSceneP.ZDATA AS 'zSceneP-Data/HEX NSKeyed Plist',
  zAddAssetAttr.ZSOURCEASSETFORDUPLICATIONSCOPEIDENTIFIER AS 'zAddAssetAttr-Source Asset for Duplication Scope ID',
  zCldMast.ZSOURCEMASTERFORDUPLICATIONSCOPEIDENTIFIER AS 'zCldMast-Source Master For Duplication Scope ID',
  zAddAssetAttr.ZSOURCEASSETFORDUPLICATIONIDENTIFIER AS 'zAddAssetAttr-Source Asset For Duplication ID',
  zCldMast.ZSOURCEMASTERFORDUPLICATIONIDENTIFIER AS 'zCldMast-Source Master for Duplication ID'
FROM ZASSET zAsset
  LEFT JOIN ZADDITIONALASSETATTRIBUTES zAddAssetAttr ON zAddAssetAttr.Z_PK = zAsset.ZADDITIONALATTRIBUTES
  LEFT JOIN ZEXTENDEDATTRIBUTES zExtAttr ON zExtAttr.Z_PK = zAsset.ZEXTENDEDATTRIBUTES
  LEFT JOIN ZINTERNALRESOURCE zIntResou ON zIntResou.ZASSET = zAsset.Z_PK
  LEFT JOIN ZSCENEPRINT zSceneP ON zSceneP.Z_PK = zAddAssetAttr.ZSCENEPRINT
  LEFT JOIN Z_27ASSETS z27Assets ON z27Assets.Z_3ASSETS = zAsset.Z_PK
  LEFT JOIN ZGENERICALBUM zGenAlbum ON zGenAlbum.Z_PK = z27Assets.Z_27ALBUMS
  LEFT JOIN ZUNMANAGEDADJUSTMENT zUnmAdj ON zAddAssetAttr.ZUNMANAGEDADJUSTMENT = zUnmAdj.Z_PK
  LEFT JOIN Z_26ALBUMLISTS z26AlbumLists ON z26AlbumLists.Z_26ALBUMS = zGenAlbum.Z_PK
  LEFT JOIN ZALBUMLIST zAlbumList ON zAlbumList.Z_PK = z26AlbumLists.Z_2ALBUMLISTS
  LEFT JOIN ZGENERICALBUM ParentzGenAlbum ON ParentzGenAlbum.Z_PK = zGenAlbum.ZPARENTFOLDER
  LEFT JOIN ZCLOUDMASTER zCldMast ON zAsset.ZMASTER = zCldMast.Z_PK
  LEFT JOIN ZCLOUDMASTERMEDIAMETADATA AAAzCldMastMedData ON AAAzCldMastMedData.Z_PK = zAddAssetAttr.ZMEDIAMETADATA
  LEFT JOIN ZCLOUDMASTERMEDIAMETADATA CMzCldMastMedData ON CMzCldMastMedData.Z_PK = zCldMast.ZMEDIAMETADATA
  LEFT JOIN ZMEDIAANALYSISASSETATTRIBUTES zMedAnlyAstAttr ON zAsset.ZMEDIAANALYSISATTRIBUTES = zMedAnlyAstAttr.Z_PK
  LEFT JOIN ZSHARE zShare ON zShare.Z_PK = zAsset.ZMOMENTSHARE
WHERE zCldMast.ZORIGINALFILENAME = 'IMG_0008.HEIC';
ORDER BY zAsset.ZADDEDDATE

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689

这两个字段的值不一样，所以我合理怀疑经过修改了（如果有不同见解请联系我~）

参考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ folder to answer below question 根据 ’ sms(ios).db ’ 的资料，全局唯一标识符(GUID): DD31C26F-1D72-DE0F-431EEF98F104402D 显示的信息是什么? According to ’ sms(ios).db ', what is the message shown on Globally Unique Identifier (GUID) of DD31C26F-1D72-DE0F-431E-EF98F104402D? 提示:答案需要与信息一样(答案包括中文字、阿拉伯数字与符号) Tips: Answer should be same as the message (including Chinese words, arabic nu mbers and symols) (1 分)

SELECT text
FROM message
WHERE guid='DD31C26F-1D72-DE0F-431E-EF98F104402D'
1
2
3

你的 Uber 驗證碼為 3666. 請勿分享此驗證碼.

参考 ’ IOS ’ 资料夹回答以下题目 With reference to ’ IOS ’ folder to answer below question 根据 ’ com.burbn.instagram.plist ’ 及 ’ com.facebook.Facebook.plist ’ 手机安装了实时通讯软件 Facebook 及 Instagram 的那个版本? (Instant Messaging Apps)? According to 'com.burbn.instagram.plist ’ and ’ com.facebook.Facebook.plist ', which version of instant messaging apps (Facebook and Instagram) are installed on the phone? (1 分)

A. Instagram (Version 278.0.0.19.115)

B. Facebook (Version 410.0.0.41.116)

C. Instagram (Version 279.0.0.23.112)

D. Facebook (Version 410.0.0.26.115)

E. Instagram (Version 278.0.0.25.115)

F. Facebook (Version 410.0.0.57.116)

参考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ folder to answer below question 根据 ’ ChatStorage(ios).sqlite ’ , 用户数据 Peter Chow (85262012141)在什么日期和时间(以 UTC +8 时区)曾经通过实时通讯软件送出一个信息(内容为: I am already home)? According to ’ ChatStorage(ios).sqlite ', on what day and time (in UTC+8 time zone ) did Peter Chan (user information 85262012141) send a message via instant mess aging? (Hint: Message Content: I am already home) 提示:以 UTC +8 时区作答,并以 YYYY-MM-DD_HH:MM:SS 格式作答例如:2023-01-01_10:01:01 (答案无需输入 UTC +8) Tips: Please answer the question in UTC +8 timezone and use format YYYY-MMDD_HH:MM:SS to answer. Example: 2023-01-01_10:01:01 (2 分)

SELECT ZSENTDATE
FROM ZWAMESSAGE
WHERE ZFROMJID like '%85262012141%' AND ZTEXT='I am already home'
1
2
3

在线方法

离线方法

from datetime import datetime

date_string = "2001-01-01"
date_object = datetime.strptime(date_string, "%Y-%m-%d")
start_timestamp = int(date_object.timestamp())

now_apple_timestamp = 702012111.637933
now_timestamp = now_apple_timestamp + start_timestamp

now_date = datetime.fromtimestamp(now_timestamp)
print(now_date)

1
2
3
4
5
6
7
8
9
10
11
12

最后的结果加上8小时就好了

参考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ folder to answer below question 根据影片 IMG_0687.MOV 的原数据，找出影片拍摄时间? According to original data of video IMG_0687.MOV, please find out the taping tim e? 提示:以 UTC +8 时区作答,并以 YYYY-MM-DD_HH:MM:SS 格式作答例如:2023-01-01_10:01:01 (答案无需输入 UTC +8) Tips: Please answer the question in UTC +8 timezone and use format YYYY-MMDD_HH:MM:SS to answer. Example: 2023-01-01_10:01:01 (2 分)

妹找到

参考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ folder to answer below question 根据 ’ CallHistory(ios).storedata '，哪份表格显示了通话记录? According to ’ CallHistory(ios).storedata ',which table(s) containting the data of call record? (2 分)

A. ZCALLBPROPERTIES

B. ZCALLRECORD

C. Z_2REMOTEPARTICIPANTHANDLES

D. Z_METADATA

E. Z_MODELCACHE

F. Z_PRIMARYKEY

参考’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ folder to answer below question 根据 ’ com.apple.sharingd.plist '，这部手机的隔空投送的身份标识号 (AirDrop ID)是什么? Accoding to ’ com.apple.sharingd.plist ', What is AirDrop ID of the mobile phone? 提示:请以阿拉伯数字与小写字母作答 Tips: Please answer in arabic numbers and lowercase letters. (3 分)

参考 ’ IOS ’ 文件夹回答以下题目 With reference to ’ IOS ’ folder to answer below question 根据 ’ Accounts3.sqlite '，这部手机的苹果使用者账号 (Apple ID) 是什么? According to ’ Accounts3.sqlite ', what is the Apple ID of this mobile phone? 提示: 请以电邮格式作答(例:jack2023@hotmail.com) Please answer in email format (Example: jasck2023@hotmail.com) (2 分)

哪一行代码的是负责更新在 GitHub 使用中的 .journal 文件的更新历史记录 ? Which line of code in the script is responsible for updating GitHub with the updat ed history of the .journal file? (1 分)

line 1 git config --global user.name "mikesezto"
line 2 git config --global user.email "smike@general.org"
line 3
line 4 cd which-truth
line 5 rm.journal
line 6
line 7 git add.journal
line 8 git commit -m "Remove sensitive data"
line 9 git push
line 10
line 11 git clone --mirror http://github.com/smike/which-truth
line 12
line 13 java -jar bfg.jar --delete-files.journal which-truth
line 14 cd which-truth
line 15 git reflog expire --expire=now --all
line 16 git gc --prune=now --aggressive
line 17 git push --force
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

A. 08

B. 13

C. 16

D. 17

暑假给导师出信息收集的时候，就用了github信息泄露这个知识点，熟悉了一遍git操作

A 提交先前添加的文件变更，包括删除敏感数据，并添加一条提交消息：“Remove sensitive data”。

B 使用 BFG Repo-Cleaner 工具，删除仓库中名为 .journal 的文件。

C 执行 Git 垃圾回收，清理无用的对象，并通过 --aggressive 标志执行更彻底的清理。

D 强制推送更改到远程仓库，包括删除 .journal 文件以及垃圾回收操作。--force 标志用于覆盖远程仓库的历史记录。

下列哪一行 AWS S3 Bucket 授权策略中的设置有问题? Which line of setting in the following AWS bucket policy statement is in question? (1 分)

line 1 {
line 2 "Version": "2020-11-12",
line 3 "Statement": [
line 4 {
line 5 "Sid": "PublicReadGetObject",
line 6 "Effect": "Allow",
line 7 "Principal": "*",
line 8 "Action": "s3:GetObject",
line 9 "Resource": "arn:aws:s3:::company-sensitive-14dnid23nfief/*"
line 10 }
line 11 ]
line 12 }

1
2
3
4
5
6
7
8
9
10
11
12
13

A. 2

B. 7

C. 8

D. 9

这看起来像一个 AWS Identity and Access Management (IAM) 或 AWS S3 存储桶策略（Bucket Policy）的 JSON 格式的片段。这段 JSON 描述了一个允许公共读取对象的 S3 存储桶访问策略。

让我们逐行解释：

line 1: {
- 表示 JSON 对象的开始。
line 2: "Version": "2020-11-12",
- 定义了策略的版本，这里是 “2020-11-12”。
line 3: `“Statement”: [
- 定义了一个语句数组，表示可以包含多个访问控制语句。
line 4: {
- 表示一个语句的开始。
line 5: "Sid": "PublicReadGetObject",
- 提供了语句的唯一标识符（SID），这里是 “PublicReadGetObject”。
line 6: "Effect": "Allow",
- 定义了语句的效果，这里是 “Allow”，表示允许指定的操作。
line 7: "Principal": "*",
- 定义了哪个主体（用户、角色或实体）被授予权限，这里是 “*”，表示所有主体。
line 8: "Action": "s3:GetObject",
- 定义了允许的操作，这里是 “s3:GetObject”，表示允许获取对象。
line 9: "Resource": "arn:aws:s3:::company-sensitive-14dnid23nfief/*"
- 指定了允许操作的资源，这里是一个 S3 存储桶中对象的 ARN（Amazon 资源命名），表示所有在 company-sensitive-14dnid23nfief 存储桶下的对象。
line 10: }
- 表示语句的结束。
line 11: ]
- 表示语句数组的结束。
line 12: }
- 表示整个 JSON 对象的结束。

总体来说，这个策略允许任何人（"*"）对指定 S3 存储桶中以 company-sensitive-14dnid23nfief/ 为前缀的所有对象进行读取操作。这种配置通常用于实现公共读取权限，例如用于托管静态网站的 S3 存储桶。

以下哪项是多重身份验证 (MFA) 的示例 Which of the following is an example of multi-factor authentication (MFA)? (1 分)

A. PIN 码和软件令牌

B. 指纹和视网膜扫描

C. 用户名和密码

D. 一次性短信代码和硬件令牌

前段时间刚刚Github用过MFA还是选错了，，，

AWS 用家在户口网络进行设定，而这些设定会记录用户或第三者的活动。第 11 行代码中的设定可以找到哪些用户或第三者的活动信息？ An AWS user is setting up his AWS account. Those setting will record the activitie s of the user or third party. What user or third party information could be found i n line 11 of code in the script ? (2 分)

line 1 sudo yum install python-pip -y
line 2 sudo pip install opencanary
line 3
line 4 sudo opencanaryd --copyconfig
line 5
line 6 opencanaryd --start
line 7
line 8
line 9 sudo yun install jq -y
line 10
line 11 jq -r .src_host /var/tmp/opencanary.log | grep -V ^$ | sort | uniq > -
/sources.txt
line 12 jq -r .logdata.USERNAME /var/tmp/opencanary.log | grep -
V null | sort | uniq > -/usernames.txt
line 13 jq -r .logdata.PASSWORD /var/tmp/opencanary.log | grep -
V null | sort | uniq > -/passwords.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

A. User Name 用户的名称

B. User Source 用户的来源

C. Attacker Name 攻击者的名称

D. Attacker Source 攻击者的来源

sources.txt推断是B

AWS 用户设置了一个 VPC，IP 地址范围为 10.0.0.0-10.0.0.24。下列哪个 IP 地址用于 DNS ? An AWS user sets a VPC with IP address space of 10.0.0.0-10.0.0.24，Which of the following IP address is used for DNS? (2 分)

A. 10.0.0.0

B. 10.0.0.1

C. 10.0.0.2

D. 10.0.0.3

AWS VPC 如何设计与划分子网 - 宋某人 - 博客园 (cnblogs.com)

没玩过AWS，做题的时候完全是懵的

以下哪种类型的云服务用于操作系统和网络 ? Which of the following type of Cloud service is used for operating systems and network? (1 分)

A. 软件即服务

B. 平台即服务

C. 基础架构即服务

D. 数据即服务

C. 基础架构即服务

基础架构即服务 (IaaS) 提供的是基础计算资源，包括虚拟机、存储和网络。用户可以在这个基础上构建和运行自己的操作系统、应用程序和服务。因此，IaaS 通常用于操作系统和网络的管理。

以下哪项是 Bastionhost 的特点？ What is the feature of a bastionhost? (2 分)

A. 包含敏感信息

B. 无法访问内部系统

C. 限制暴露的服务

D. 没有连接到互联网

2023-q2内部比武接触过堡垒机

C. 限制暴露的服务

Bastion host（堡垒主机）通常用于增强网络的安全性。其主要特点之一是限制暴露给公共网络的服务。Bastion host充当受信任的入口点，仅允许特定的安全访问，从而降低网络攻击的风险。其他选项不太适用于描述Bastion host的特点。

在 Linux 系统中，哪个命令可以用于创建文件系统？ In Linux system, which command can be used to create file system ? (1 分)

A. mount /dev/sda3 /mnt/usb

B. mkfs-ext4 /dev/sda2

C. mkfs-ext3 /sys/sda1

D. pvcreate /dev/sda

E. genfstab -U -p /mnt

让我为你解释每一行的含义：

A. mount /dev/sda3 /mnt/usb

这个命令用于将设备 /dev/sda3 挂载到目录 /mnt/usb。它将文件系统（可能是 ext4、ext3 等）连接到指定的目录，使得目录中的文件对该文件系统可见。

B. mkfs-ext4 /dev/sda2

这个命令用于在设备 /dev/sda2 上创建 ext4 文件系统。mkfs-ext4 是一个假设的命令，实际上应该是 mkfs.ext4。

C. mkfs-ext3 /sys/sda1

这个命令存在错误。正确的命令应该是 mkfs.ext3 /dev/sda1，用于在设备 /dev/sda1 上创建 ext3 文件系统。

D. pvcreate /dev/sda

这个命令用于创建物理卷，将设备 /dev/sda 初始化为 LVM（逻辑卷管理）物理卷。它是创建 LVM 卷组的第一步。

E. genfstab -U -p /mnt

这个命令用于生成文件系统表（fstab）的条目，并将结果输出到标准输出。 -U 选项表示使用UUID，-p 选项表示打印结果而不写入 /etc/fstab 文件。结果基于 /mnt 目录中的已挂载文件系统。

需要注意的是，命令中存在一些错误，特别是选项或命令的拼写错误。正确的命令应该是：

mkfs.ext4 而不是 mkfs-ext4。
mkfs.ext3 /dev/sda1 而不是 mkfs-ext3 /sys/sda1。

做题的时候A mount是挂载肯定排除

B 肯定是的

C /sys/sda1不存在

D 创建PV卷

E fstab是看挂载点的

‘Link’实际上是指向 LINUX 系统中另一个文件或文件夹的指标。以下哪个命令可以产生下面的结果: A link is actually a pointer to another file or folder in the Linux system. Which of t he following command can generate below result?

> ls -ilas
|total 0
|9731253 0 drwxr-xr-x 1 user users 4096 Jul 14 13:31 .
|1725961 0 drwxr-xr-x 1 user users 4096 Jul 14 13:29 ..
|90371467 0 -rw-r--r-- 2 user users 90 Jul 14 13:30 testing.txt
|90371467 0 -rw-r--r-- 2 user users 90 Jul 14 13:30 shotcut-testing.txt

1
2
3
4
5
6
7

A. link -s testing.txt shotcut-testing.txt

B. ln -s shotcut.txt testing.txt

C. ln testing.txt shotcut-testing.txt

D. ln -s testing.txt shotcut-testing.txt

E. ln shotcut.txt testing.txt

┌──(root㉿b3nguang)-[~/桌面/meiya]
└─# touch 1.txt
                                                                                                      
┌──(root㉿b3nguang)-[~/桌面/meiya]
└─# ln -s 1.txt 2.txt                               
                                                                                                      
┌──(root㉿b3nguang)-[~/桌面/meiya]
└─# ln 1.txt 3.txt
                                                                                                      
┌──(root㉿b3nguang)-[~/桌面/meiya]
└─# ls            
1.txt  2.txt  3.txt
                                                                                                      
┌──(root㉿b3nguang)-[~/桌面/meiya]
└─# ls -liah
总计 8.0K
2884087 drwxr-xr-x 2 root root 4.0K 11月24日 17:47 .
2752535 drwxr-xr-x 8 root root 4.0K 11月24日 17:47 ..
2901441 -rw-r--r-- 2 root root    0 11月24日 17:47 1.txt
2901445 lrwxrwxrwx 1 root root    5 11月24日 17:47 2.txt -> 1.txt
2901441 -rw-r--r-- 2 root root    0 11月24日 17:47 3.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

自己操作一下就好了

以下哪个命令用于在 Linux 系统中创建分区？ Which of the following command is used to create partitions in the Linux system? (1 分)

A. gdisk /dev/sde

B. mke2fs /dev/sdb1 -t ext4

C. mount /dev/sdc1 /mnt/fs_home

D. fdisk -lu

E. lvcreate -l +200 /dev/vg00/log/vol-00

断网可以把资料准备好

创建分区的命令通常是使用磁盘分区工具，根据提供的选项来看，正确的命令是：

D. `fdisk -lu`

fdisk 是一个用于磁盘分区的常用命令行工具，-l 选项用于显示已安装的磁盘的分区表，-u 选项用于以单位为扇区显示大小。

其他选项的解释：

A. gdisk /dev/sde - gdisk 用于 GUID Partition Table (GPT) 磁盘，不是创建分区的命令。
B. mke2fs /dev/sdb1 -t ext4 - mke2fs 用于创建 ext2, ext3 或 ext4 文件系统，而不是创建分区的命令。
C. mount /dev/sdc1 /mnt/fs_home - mount 用于挂载文件系统，而不是创建分区的命令。
E. lvcreate -l +200 /dev/vg00/log/vol-00 - lvcreate 用于创建逻辑卷，不是创建分区的命令。

一个系统管理员要扩展运行在 LVM 系统中的服务器存储。以下哪个命令可以用于扩展 LVM 中的逻辑卷？ A system administrator wants to expand the server storage running in LVM system. Which command can be used to expand the logical volume in LVM? (1 分)

A. lvdisplay /dev/vg02/vol-01

B. lvcreate -n /dev/vg02 -l 200

C. lvextend -n /dev/vg02 -l +200

D. lvscan -l +200 /dev/vg02/vol-01

E. lvresize -l +200 /dev/vg02/vol-01

暑假实习的时候这些命令基本上都看过一遍，心里有个印象，比赛的时候本地-h看看就行了

lvresize命令 – 调整LVM逻辑卷空间大小 – Linux命令大全(手册) (linuxcool.com)

一个系统管理员编写了一个 bash 代码来构建一个 RAID 系统，如下所示，将要实现什么类型的 RAID？ A system administrator has written a bash code to build a RAID system as shown below. What type of RAID is going to be implemented? (2 分)

| #!/bin/bash
| hd1=/dev/sda1
| hd2=/dev/sdb1
| hd3=/dev/sdc1
| hd4=/dev/sdd1
| mdadm --build /dev/md1 --level=1 --raid-devices=2 $hd1 $hd2
| mdadm --build /dev/md2 --level=1 --raid-devices=2 $hd3 $hd4
| mdadm --build /dev/md3 --level=0 --raid-devices=2 /dev/md2 /dev/md1
1
2
3
4
5
6
7
8

A. RAID 0

B. RAID 1

C. RAID 1+0

D. RAID 0+1

E. 这个代码不起作用 (No effect)

让我们逐行解释这段 Bash 代码：

#!/bin/bash
- 这是一个 shebang 行，指定了脚本解释器的路径。在这里，它指定了使用 Bash 解释器来执行脚本。
hd1=/dev/sda1
- 定义了一个变量 hd1，其值是 /dev/sda1。这是硬盘1的第一个分区的设备路径。
hd2=/dev/sdb1
- 同样，定义了一个变量 hd2，其值是 /dev/sdb1。这是硬盘2的第一个分区的设备路径。
hd3=/dev/sdc1
- 定义了一个变量 hd3，其值是 /dev/sdc1。这是硬盘3的第一个分区的设备路径。
hd4=/dev/sdd1
- 定义了一个变量 hd4，其值是 /dev/sdd1。这是硬盘4的第一个分区的设备路径。
mdadm --build /dev/md1 --level=1 --raid-devices=2 $hd1 $hd2
- 使用 mdadm 命令创建 RAID 1 阵列 /dev/md1，级别为 1，包含两个设备，即 $hd1 和 $hd2。
mdadm --build /dev/md2 --level=1 --raid-devices=2 $hd3 $hd4
- 使用 mdadm 命令创建另一个 RAID 1 阵列 /dev/md2，级别为 1，包含两个设备，即 $hd3 和 $hd4。
mdadm --build /dev/md3 --level=0 --raid-devices=2 /dev/md2 /dev/md1
- 使用 mdadm 命令创建 RAID 0 阵列 /dev/md3，级别为 0，包含两个设备，即 /dev/md2 和 /dev/md1。

综合起来，这段脚本的目的是创建一个混合 RAID 系统，包括两个级别为 1 的 RAID 1 阵列，并将它们放置在一个级别为 0 的 RAID 0 阵列中，形成一个 RAID 10 阵列。

以下是运行在 LINUX 服务器中的服务清单。以下哪个命令可以关闭 “bluetooth.service”服务？ The following is a list of service running on a Linux server. Which command can b e used to turn off the Bluetooth service? (3 分)

● vm-production-xabonline.com
| State: running
| Jobs: 0 queued
| Failed: 0 units
| Since: Fri 2023-05-19 08:37:06 UTC; 2 months 11 days ago
| CGroup:
| ├─init.scope
| │ └─ 1 /sbin/init
| ├─system.slice
| │ ├─bluetooth.service
| │ │ └─ 737 /usr/lib/bluetooth/bluetoothd
| │ ├─dbus.service
| │ ├─docker.service
| │ │ └─ 853 /usr/bin/dockerd -H fd://
| │ ├─libvirtd.service
| │ │ └─ 2975 /usr/bin/libvirtd --timeout 120
| │ ├─polkit.service
| │ └─virtlogd.service
| │ └─ 3176 /usr/bin/virtlogd
| └─user.slice
| └─user-1000.slice

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

A. systemctl kill bluetooth.service

B. systemctl disable bluetooth.service

C. systemctl down bluetooth.service

D. systemctl stop bluetooth.service

E. systemctl rm bluetooth.service

常识题，D

cron 服务在 LINUX 系统中充当作业调度程序。它实际上是在 cron 表（crontab）中指定的命令行列表。现在准备启动和关闭一个 Web 服务器（httpd.service），如下所示： The Cron service acts as a job scheduler in the Linux system. It is actually a list of commands specified in the cron table (crontab). Now, the plan is to start and stop a web server (httpd.service) as below 上午 8 时 30 分（启动）- 下午 6 时 06 分（关闭）；周一至周五 AM 0830 (start) - PM 0606 (Closed) ; Monday to Friday 以下哪个 crontab 设置适用于这种情况？ Which of the following crontab setting can be used in this situation ?(1 分)

A. 30 8 * 1-5 * /usr/bin/systemctl start httpd.service 及 06 18 * 1-5 * /usr/bin/systemctl stop httpd.service

B. 30 8 * * 1-5 /usr/bin/systemctl start httpd.service 及 06 18 * * 1-5 /usr/bin/systemctl stop httpd.service

C. 30 8 1-5 * /usr/bin/systemctl start httpd.service 及 06 18 1-5 */usr/bin/systemctl stop httpd.service

D. 30 8 * * * /usr/bin/systemctl start httpd.service 及 06 18 * * * /usr/bin/systemctl stop httpd.service

E. 以上都不是

┌──(root㉿b3nguang)-[~/桌面/meiya]
└─# cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed
17 *	* * *	root	cd / && run-parts --report /etc/cron.hourly
25 6	* * *	root	test -x /usr/sbin/anacron || { cd / && run-parts --report /etc/cron.daily; }
47 6	* * 7	root	test -x /usr/sbin/anacron || { cd / && run-parts --report /etc/cron.weekly; }
52 6	1 * *	root	test -x /usr/sbin/anacron || { cd / && run-parts --report /etc/cron.monthly; }
#

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

我们断网的时候可以对应这这个进行操作

以下哪个 Linux 命令可以显示目录中的所有文件，包括隐藏文件？ Which of the following Linux command is able to show all files in a directory, including hidden file? (1 分)

A. ls -ls

B. ls -asl

C. ls -lAs | wc

D. ls -als | grep ssh

E. None

-a展示所有，也算一道常识题了，B

如果您想要检查 Linux 系统上可用的剩余磁盘空间量，您会使用以下哪个命令？ If you want to check the amount of free disk space available on a Linux System, you will use which of the following command? (1 分)

A. df -vh

B. df -sh

C. dl -vh

D. dd -sh

E. dt -vh

┌──(root㉿b3nguang)-[~/桌面/meiya]
└─# df -vh
文件系统        大小  已用  可用 已用% 挂载点
udev            3.9G     0  3.9G    0% /dev
tmpfs           791M  1.3M  789M    1% /run
/dev/sda1        58G   19G   37G   34% /
tmpfs           3.9G     0  3.9G    0% /dev/shm
tmpfs           5.0M     0  5.0M    0% /run/lock
vmhgfs-fuse     729G  652G   77G   90% /mnt/hgfs/share
tmpfs           791M  124K  791M    1% /run/user/0
tmpfs           791M  120K  791M    1% /run/user/125

1
2
3
4
5
6
7
8
9
10
11
12

依旧是本地调试

Dockerfile 是一个文本文档，用于在 Docker 架构中生成以下哪个组件？ Dockerfile is a text document that aims to produce which of the following component in docker architecture? (1 分)

A. docker engine

B. image

C. container

D. volumes

E. docker network

前段时间出题刚刚学会写dockerfile，选B

在 Linux 系统中，运行中程序的进程并位于内存区域，可以通过检查文件 /proc/[pid]/maps 来显示这些内存区域。以下哪个不是 Linux 系统中的内存区？ In Linux system, process is an instance of a running program located in several memory regions that can be revealed by inspecting file /proc/[pid]/maps. Which of the following is not the memory region working in Linux system? (1 分)

A. [heap]

B. [stack]

C. [paging]

D. [vvar]

E. [vdso]

┌──(root㉿b3nguang)-[~/桌面/meiya]
└─# cat /proc/1/maps
5574b74d6000-5574b74dc000 r--p 00000000 08:01 3027618                    /usr/lib/systemd/systemd
5574b74dc000-5574b74e6000 r-xp 00006000 08:01 3027618                    /usr/lib/systemd/systemd
5574b74e6000-5574b74ec000 r--p 00010000 08:01 3027618                    /usr/lib/systemd/systemd
5574b74ec000-5574b74ed000 r--p 00016000 08:01 3027618                    /usr/lib/systemd/systemd
5574b74ed000-5574b74ee000 rw-p 00017000 08:01 3027618                    /usr/lib/systemd/systemd
5574b8ed5000-5574b9120000 rw-p 00000000 00:00 0                          [heap]
7f4590565000-7f4590567000 r--p 00000000 08:01 3023414                    /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2
7f4590567000-7f45905d3000 r-xp 00002000 08:01 3023414                    /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2
7f45905d3000-7f45905fe000 r--p 0006e000 08:01 3023414                    /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2
7f45905fe000-7f45905ff000 r--p 00099000 08:01 3023414                    /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2
7f45905ff000-7f4590600000 rw-p 0009a000 08:01 3023414                    /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2
7f4590600000-7f45906c5000 r--p 00000000 08:01 3016840                    /usr/lib/x86_64-linux-gnu/libcrypto.so.3
7f45906c5000-7f4590943000 r-xp 000c5000 08:01 3016840                    /usr/lib/x86_64-linux-gnu/libcrypto.so.3
7f4590943000-7f4590a20000 r--p 00343000 08:01 3016840                    /usr/lib/x86_64-linux-gnu/libcrypto.so.3
7f4590a20000-7f4590a81000 r--p 00420000 08:01 3016840                    /usr/lib/x86_64-linux-gnu/libcrypto.so.3
7f4590a81000-7f4590a84000 rw-p 00481000 08:01 3016840                    /usr/lib/x86_64-linux-gnu/libcrypto.so.3
7f4590a84000-7f4590a87000 rw-p 00000000 00:00 0 
7f4590ad2000-7f4590ad7000 r--p 00000000 08:01 3042484                    /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0
7f4590ad7000-7f4590aed000 r-xp 00005000 08:01 3042484                    /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0
7f4590aed000-7f4590af8000 r--p 0001b000 08:01 3042484                    /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0
7f4590af8000-7f4590af9000 r--p 00025000 08:01 3042484                    /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0
7f4590af9000-7f4590afa000 rw-p 00026000 08:01 3042484                    /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0
7f4590afa000-7f4590aff000 r--p 00000000 08:01 3016273                    /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.5
7f4590aff000-7f4590ba5000 r-xp 00005000 08:01 3016273                    /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.5
7f4590ba5000-7f4590bb9000 r--p 000ab000 08:01 3016273                    /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.5
7f4590bb9000-7f4590bba000 r--p 000be000 08:01 3016273                    /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.5
7f4590bba000-7f4590bbb000 rw-p 000bf000 08:01 3016273                    /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.5
7f4590bbb000-7f4590bbf000 r--p 00000000 08:01 3014767                    /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.4
7f4590bbf000-7f4590bdd000 r-xp 00004000 08:01 3014767                    /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.4
7f4590bdd000-7f4590be9000 r--p 00022000 08:01 3014767                    /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.4
7f4590be9000-7f4590bea000 r--p 0002e000 08:01 3014767                    /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.4
7f4590bea000-7f4590beb000 rw-p 0002f000 08:01 3014767                    /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.4
7f4590beb000-7f4590bee000 r--p 00000000 08:01 3015083                    /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
7f4590bee000-7f4590c0c000 r-xp 00003000 08:01 3015083                    /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
7f4590c0c000-7f4590c0f000 r--p 00021000 08:01 3015083                    /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
7f4590c0f000-7f4590c10000 r--p 00023000 08:01 3015083                    /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
7f4590c10000-7f4590c11000 rw-p 00024000 08:01 3015083                    /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
7f4590c11000-7f4590c20000 r--p 00000000 08:01 3016831                    /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.2
7f4590c20000-7f4590d0c000 r-xp 0000f000 08:01 3016831                    /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.2
7f4590d0c000-7f4590d4e000 r--p 000fb000 08:01 3016831                    /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.2
7f4590d4e000-7f4590d53000 r--p 0013d000 08:01 3016831                    /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.2
7f4590d53000-7f4590d57000 rw-p 00142000 08:01 3016831                    /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.2
7f4590d57000-7f4590d58000 rw-p 00000000 00:00 0 
7f4590d58000-7f4590d5a000 r--p 00000000 08:01 3016628                    /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
7f4590d5a000-7f4590d70000 r-xp 00002000 08:01 3016628                    /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
7f4590d70000-7f4590d8a000 r--p 00018000 08:01 3016628                    /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
7f4590d8a000-7f4590d8b000 r--p 00031000 08:01 3016628                    /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
7f4590d8b000-7f4590d8c000 rw-p 00032000 08:01 3016628                    /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
7f4590d8c000-7f4590d94000 rw-p 00000000 00:00 0 
7f4590d94000-7f4590d9d000 r--p 00000000 08:01 3016808                    /usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0
7f4590d9d000-7f4590dd7000 r-xp 00009000 08:01 3016808                    /usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0
7f4590dd7000-7f4590de9000 r--p 00043000 08:01 3016808                    /usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0
7f4590de9000-7f4590def000 r--p 00055000 08:01 3016808                    /usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0
7f4590def000-7f4590df0000 rw-p 0005b000 08:01 3016808                    /usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0
7f4590df0000-7f4590df7000 r--p 00000000 08:01 3016220                    /usr/lib/x86_64-linux-gnu/libselinux.so.1
7f4590df7000-7f4590e12000 r-xp 00007000 08:01 3016220                    /usr/lib/x86_64-linux-gnu/libselinux.so.1
7f4590e12000-7f4590e1a000 r--p 00022000 08:01 3016220                    /usr/lib/x86_64-linux-gnu/libselinux.so.1
7f4590e1a000-7f4590e1b000 r--p 00029000 08:01 3016220                    /usr/lib/x86_64-linux-gnu/libselinux.so.1
7f4590e1b000-7f4590e1c000 rw-p 0002a000 08:01 3016220                    /usr/lib/x86_64-linux-gnu/libselinux.so.1
7f4590e1c000-7f4590e1e000 rw-p 00000000 00:00 0 
7f4590e1e000-7f4590e44000 r--p 00000000 08:01 3020903                    /usr/lib/x86_64-linux-gnu/libc.so.6
7f4590e44000-7f4590f99000 r-xp 00026000 08:01 3020903                    /usr/lib/x86_64-linux-gnu/libc.so.6
7f4590f99000-7f4590fed000 r--p 0017b000 08:01 3020903                    /usr/lib/x86_64-linux-gnu/libc.so.6
7f4590fed000-7f4590ff1000 r--p 001cf000 08:01 3020903                    /usr/lib/x86_64-linux-gnu/libc.so.6
7f4590ff1000-7f4590ff3000 rw-p 001d3000 08:01 3020903                    /usr/lib/x86_64-linux-gnu/libc.so.6
7f4590ff3000-7f4591000000 rw-p 00000000 00:00 0 
7f4591000000-7f4591070000 r--p 00000000 08:01 3016621                    /usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-254.so
7f4591070000-7f4591289000 r-xp 00070000 08:01 3016621                    /usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-254.so
7f4591289000-7f4591358000 r--p 00289000 08:01 3016621                    /usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-254.so
7f4591358000-7f4591376000 r--p 00357000 08:01 3016621                    /usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-254.so
7f4591376000-7f4591377000 rw-p 00375000 08:01 3016621                    /usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-254.so
7f4591377000-7f4591379000 rw-p 00000000 00:00 0 
7f4591385000-7f4591387000 r--p 00000000 08:01 3016256                    /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
7f4591387000-7f459138a000 r-xp 00002000 08:01 3016256                    /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
7f459138a000-7f459138b000 r--p 00005000 08:01 3016256                    /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
7f459138b000-7f459138c000 r--p 00006000 08:01 3016256                    /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
7f459138c000-7f459138d000 rw-p 00007000 08:01 3016256                    /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
7f459138d000-7f4591399000 r--p 00000000 08:01 3016815                    /usr/lib/x86_64-linux-gnu/libmount.so.1.1.0
7f4591399000-7f45913e5000 r-xp 0000c000 08:01 3016815                    /usr/lib/x86_64-linux-gnu/libmount.so.1.1.0
7f45913e5000-7f45913fc000 r--p 00058000 08:01 3016815                    /usr/lib/x86_64-linux-gnu/libmount.so.1.1.0
7f45913fc000-7f45913ff000 r--p 0006e000 08:01 3016815                    /usr/lib/x86_64-linux-gnu/libmount.so.1.1.0
7f45913ff000-7f4591400000 rw-p 00071000 08:01 3016815                    /usr/lib/x86_64-linux-gnu/libmount.so.1.1.0
7f4591400000-7f459144b000 r--p 00000000 08:01 3015511                    /usr/lib/x86_64-linux-gnu/systemd/libsystemd-core-254.so
7f459144b000-7f4591550000 r-xp 0004b000 08:01 3015511                    /usr/lib/x86_64-linux-gnu/systemd/libsystemd-core-254.so
7f4591550000-7f45915b9000 r--p 00150000 08:01 3015511                    /usr/lib/x86_64-linux-gnu/systemd/libsystemd-core-254.so
7f45915b9000-7f4591613000 r--p 001b8000 08:01 3015511                    /usr/lib/x86_64-linux-gnu/systemd/libsystemd-core-254.so
7f4591613000-7f4591614000 rw-p 00212000 08:01 3015511                    /usr/lib/x86_64-linux-gnu/systemd/libsystemd-core-254.so
7f4591614000-7f459161d000 rw-p 00000000 00:00 0 
7f459161d000-7f459161f000 r--p 00000000 08:01 3019305                    /usr/lib/x86_64-linux-gnu/libip4tc.so.2.0.0
7f459161f000-7f4591623000 r-xp 00002000 08:01 3019305                    /usr/lib/x86_64-linux-gnu/libip4tc.so.2.0.0
7f4591623000-7f4591625000 r--p 00006000 08:01 3019305                    /usr/lib/x86_64-linux-gnu/libip4tc.so.2.0.0
7f4591625000-7f4591626000 r--p 00007000 08:01 3019305                    /usr/lib/x86_64-linux-gnu/libip4tc.so.2.0.0
7f4591626000-7f4591627000 rw-p 00008000 08:01 3019305                    /usr/lib/x86_64-linux-gnu/libip4tc.so.2.0.0
7f4591627000-7f459162a000 r--p 00000000 08:01 3021504                    /usr/lib/x86_64-linux-gnu/libcap.so.2.66
7f459162a000-7f459162f000 r-xp 00003000 08:01 3021504                    /usr/lib/x86_64-linux-gnu/libcap.so.2.66
7f459162f000-7f4591631000 r--p 00008000 08:01 3021504                    /usr/lib/x86_64-linux-gnu/libcap.so.2.66
7f4591631000-7f4591632000 r--p 0000a000 08:01 3021504                    /usr/lib/x86_64-linux-gnu/libcap.so.2.66
7f4591632000-7f4591633000 rw-p 0000b000 08:01 3021504                    /usr/lib/x86_64-linux-gnu/libcap.so.2.66
7f4591633000-7f4591635000 r--p 00000000 08:01 3015262                    /usr/lib/x86_64-linux-gnu/libacl.so.1.1.2301
7f4591635000-7f459163a000 r-xp 00002000 08:01 3015262                    /usr/lib/x86_64-linux-gnu/libacl.so.1.1.2301
7f459163a000-7f459163c000 r--p 00007000 08:01 3015262                    /usr/lib/x86_64-linux-gnu/libacl.so.1.1.2301
7f459163c000-7f459163d000 r--p 00008000 08:01 3015262                    /usr/lib/x86_64-linux-gnu/libacl.so.1.1.2301
7f459163d000-7f459163e000 rw-p 00009000 08:01 3015262                    /usr/lib/x86_64-linux-gnu/libacl.so.1.1.2301
7f459163e000-7f4591640000 rw-p 00000000 00:00 0 
7f4591640000-7f4591642000 r--p 00000000 08:01 3019507                    /usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.4
7f4591642000-7f4591650000 r-xp 00002000 08:01 3019507                    /usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.4
7f4591650000-7f459165e000 r--p 00010000 08:01 3019507                    /usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.4
7f459165e000-7f459165f000 r--p 0001e000 08:01 3019507                    /usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.4
7f459165f000-7f4591660000 rw-p 0001f000 08:01 3019507                    /usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.4
7f4591660000-7f4591663000 r--p 00000000 08:01 3014679                    /usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
7f4591663000-7f459166c000 r-xp 00003000 08:01 3014679                    /usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
7f459166c000-7f4591670000 r--p 0000c000 08:01 3014679                    /usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
7f4591670000-7f4591671000 r--p 0000f000 08:01 3014679                    /usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
7f4591671000-7f4591672000 rw-p 00010000 08:01 3014679                    /usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
7f4591672000-7f4591682000 r--p 00000000 08:01 3027285                    /usr/lib/x86_64-linux-gnu/libm.so.6
7f4591682000-7f45916f5000 r-xp 00010000 08:01 3027285                    /usr/lib/x86_64-linux-gnu/libm.so.6
7f45916f5000-7f459174f000 r--p 00083000 08:01 3027285                    /usr/lib/x86_64-linux-gnu/libm.so.6
7f459174f000-7f4591750000 r--p 000dc000 08:01 3027285                    /usr/lib/x86_64-linux-gnu/libm.so.6
7f4591750000-7f4591751000 rw-p 000dd000 08:01 3027285                    /usr/lib/x86_64-linux-gnu/libm.so.6
7f4591751000-7f4591755000 r--p 00000000 08:01 3015560                    /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
7f4591755000-7f4591766000 r-xp 00004000 08:01 3015560                    /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
7f4591766000-7f459176c000 r--p 00015000 08:01 3015560                    /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
7f459176c000-7f459176d000 r--p 0001a000 08:01 3015560                    /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
7f459176d000-7f459176e000 rw-p 0001b000 08:01 3015560                    /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
7f459176e000-7f4591770000 rw-p 00000000 00:00 0 
7f4591770000-7f4591773000 r--p 00000000 08:01 3016252                    /usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
7f4591773000-7f459177b000 r-xp 00003000 08:01 3016252                    /usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
7f459177b000-7f4591790000 r--p 0000b000 08:01 3016252                    /usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
7f4591790000-7f4591791000 r--p 0001f000 08:01 3016252                    /usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
7f4591791000-7f4591792000 rw-p 00020000 08:01 3016252                    /usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
7f4591792000-7f45917a2000 rw-p 00000000 00:00 0 
7f45917a2000-7f45917a5000 r--p 00000000 08:01 3047260                    /usr/lib/x86_64-linux-gnu/libapparmor.so.1.8.6
7f45917a5000-7f45917ad000 r-xp 00003000 08:01 3047260                    /usr/lib/x86_64-linux-gnu/libapparmor.so.1.8.6
7f45917ad000-7f45917b4000 r--p 0000b000 08:01 3047260                    /usr/lib/x86_64-linux-gnu/libapparmor.so.1.8.6
7f45917b4000-7f45917b5000 r--p 00011000 08:01 3047260                    /usr/lib/x86_64-linux-gnu/libapparmor.so.1.8.6
7f45917b5000-7f45917b6000 rw-p 00012000 08:01 3047260                    /usr/lib/x86_64-linux-gnu/libapparmor.so.1.8.6
7f45917cd000-7f45917cf000 rw-p 00000000 00:00 0 
7f45917cf000-7f45917d0000 r--p 00000000 08:01 3017680                    /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
7f45917d0000-7f45917f5000 r-xp 00001000 08:01 3017680                    /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
7f45917f5000-7f45917ff000 r--p 00026000 08:01 3017680                    /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
7f45917ff000-7f4591801000 r--p 00030000 08:01 3017680                    /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
7f4591801000-7f4591803000 rw-p 00032000 08:01 3017680                    /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
7ffcbb769000-7ffcbb78a000 rw-p 00000000 00:00 0                          [stack]
7ffcbb7df000-7ffcbb7e3000 r--p 00000000 00:00 0                          [vvar]
7ffcbb7e3000-7ffcbb7e5000 r-xp 00000000 00:00 0                          [vdso]
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

依旧是本地调试，下面是GPT的解释

在 Linux 系统中，通过检查 /proc/[pid]/maps 文件，我们可以查看进程的内存映射信息。关于给定的选项：

A. [heap]: 通常表示堆区，用于动态分配内存。
B. [stack]: 表示栈区，用于处理函数调用和本地变量。
C. [paging]: 不是标准的 Linux 内存区域，可能是一个虚构的选项。
D. [vvar]: 通常表示 vvar 区域，包含一些变量和时间信息。
E. [vdso]: 表示 vdso 区域，包含一些系统调用的函数，用于提高性能。

因此，选项 C. [paging] 不是 Linux 系统中通常表示的内存区域，可能是一个误导性的选项。其他选项都与 Linux 进程的内存区域相关。

以下命令中，哪个命令可以对"export-logs"输出进行排序? Which of the following command can be used to sort the results of export-logs? (1 分)

A. export-logs<sort

B. export-logs>sort

C. export-logs&sort

D. export-logs|sort

E. export-logs<>sort

考管道符，D

哪些文件会影响 Linux 主机的名称解析功能？(多选题) Which files will affect the name resolution function of a Linux host? (1 分)

A. /etc/resolv.conf

B. /etc/hosts

C. /etc/default/names

D. /etc/nsswitch.conf

E. /etc/inet/hosts

A是DNS服务器，B是hosts文件，D比赛的时候搞不懂是干啥用的

影响 Linux 主机名称解析功能的文件有：

A. /etc/resolv.conf：这个文件包含了用于 DNS 解析的配置信息，包括域名服务器的地址等。
B. /etc/hosts：这个文件包含了主机名与 IP 地址的映射，可以用于本地名称解析。
D. /etc/nsswitch.conf：该文件指定了用于不同系统数据库（如 passwd、group、hosts 等）的名称解析方法。例如，可以配置它以查找文件、NIS、DNS 等。

其他选项：

C. /etc/default/names：通常不是标准的 Linux 配置文件，可能是一个虚构的选项。
E. /etc/inet/hosts：通常情况下，这个路径下的文件 /etc/inet/hosts 也不是标准的 Linux 配置文件路径，可能是一个虚构的选项。

因此，正确的选项是 A、B、D。

哪个系统文件包含了一般的端口、关联的服务和协议？ Which file include the well known ports, associated services and protocol? (1 分)

A. /etc/services

B. /etc/sysconfig/network-scripts

C. /etc/services.conf

D. /etc/inet/hosts

E. None of the choices

┌──(root㉿b3nguang)-[~/桌面/meiya]
└─# cat /etc/services | head -n 30
# Network services, Internet style
#
# Updated from https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml .
#
# New ports will be added on request if they have been officially assigned
# by IANA and used in the real-world or are needed by a debian package.
# If you need a huge list of used numbers please install the nmap package.

tcpmux		1/tcp				# TCP port service multiplexer
echo		7/tcp
echo		7/udp
discard		9/tcp		sink null
discard		9/udp		sink null
systat		11/tcp		users
daytime		13/tcp
daytime		13/udp
netstat		15/tcp
qotd		17/tcp		quote
chargen		19/tcp		ttytst source
chargen		19/udp		ttytst source
ftp-data	20/tcp
ftp		21/tcp
fsp		21/udp		fspd
ssh		22/tcp				# SSH Remote Login Protocol
telnet		23/tcp
smtp		25/tcp		mail
time		37/tcp		timserver
time		37/udp		timserver
whois		43/tcp		nicname
tacacs		49/tcp				# Login Host Protocol (TACACS)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

本地调试秒了

参考’ Windows 10 ’ 文件夹回答以下题目 With reference to ’ Windows 10 ’ folder to answer below question 在 Windows 10 中 \Users\qqqqq\Downloads，视频文件(mixkit-two-women-layingtogether-925-medium.mp4)，在 MFT 中分成多少个 Data Cluster 储存？ In Windows 10, the video file “mixkit-two-women-laying-together-925- medium.mp4” located at \Users\qqqqq\Downloads is stored in the Master File Ta ble (MFT) using a series of data clusters. The exact number of data clusters used to store the file in the MFT is? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers

参考’ Windows 10 ’ 文件夹回答以下题目 With reference to ’ Windows 10 ’ folder to answer below question 在 Windows 10 中 \Users\qqqqq\Downloads\ mixkit-two-woman-laying-together925-medium.mp4 的 last Access 时间是多少? In Windows 10, what is the last Access time of the file ’ mixkit-two-woman-layingtogether-925-medium.mp4 ’ located in ’ \Users\qqqqq\Downloads ’ ?

参考’ Windows 7 ’ 文件夹回答以下题目 With reference to ’ Windows 7 ’ folder to answer below question 在 Windows 7 中 \Users\Allen\Desktop，有 1 个 MP3 文件 (例:unlock-me149058.mp3)，用户使用什么程序打开该 MP3 文件? In Windows 7, there is 1 MP3 file (unlock-me149058.mp3) saved under the path ’ \Users\Allen\Desktop. What program did the user use to open the mp3 file. 提示:请以小写字母作答 Tips: Please answer in lowercase letters

这里开始要对vmdk进行仿真，可是这么多vmdk我们一旦仿真错了，对后面的题目就会有影响

比如说这道题，我们打开vmx文件，找一下vmdk，就可以找到正在使用的磁盘

PotPlayer

参考’ Windows 7 ’ 文件夹回答以下题目 With reference to ’ Windows 7 ’ folder to answer below question 在 Windows 7 中 ’ \Users\Allen\Desktop ‘有 1 个 MP3 文件 (unlock-me149058.mp3)，该文件的 Zone identiflier 为’3’。上述’3’字代表哪一个 security Zone ? In Windows 7, there is one MP3 file (unlock-me149058.mp3) saved under the path ’ \Users\Allen\Desktop. The zone identiflier of above file is ‘3’. What security zone does ‘3’ represent?

在 Windows 操作系统中，Zone Identifier 是一个用于标识文件从何处来的信息。Zone Identifier 值指示文件的来源，例如，它可能是从 Internet 下载的，或者是从本地计算机上的受信任位置获取的。

在 Windows 中，Zone Identifier 的值对应于不同的安全区域。具体的映射关系如下：

0: 本地计算机
1: 本地 Intranet
2: 受信任的站点
3: Internet
4: 受限制的站点

在你提到的情况中，Zone Identifier 的值为 ‘3’，表示该文件被标记为来自 Internet。这通常是通过从 Internet 下载文件或从外部存储设备中拷贝文件来获得的。

在 Windows 操作系统中，你可以使用文件的属性来查看 Zone Identifier。以下是一种查看文件 Zone Identifier 的方法：

通过文件属性:
- 右键单击文件，选择 “属性”。
- 在弹出的窗口中，切换到 “常规” 选项卡。
- 在 “安全” 部分，你会看到 “此文件来自 Internet，可能不安全” 或类似的文本。这表明 Zone Identifier 的值为 ‘3’，表示文件来自 Internet。

请注意，这个信息可能仅在文件确实具有 Zone Identifier 时显示。如果文件来自受信任的本地位置，通常不会显示 Zone Identifier 信息。

此外，你还可以使用 PowerShell 命令来查看文件的 Zone Identifier。以下是一个示例：

Get-Item -LiteralPath "C:\Users\Allen\Desktop\unlock-me149058.mp3" | Get-ItemProperty | Select-Object Zone.Identifier
1

这将返回文件的 Zone Identifier 值。

参考’ Windows 7 ’ 文件夹回答以下题目 With reference to ’ Windows 7 ’ folder to answer below question 在 Windows 7 中 \Users\Allen\Desktop 有 1 个 MP3 文件 (unlock-me149058.mp3)，该文件从哪个网站下载? In Windows 7, there is a MP3 file (unlock-me149058.mp3) saved under the path ’ \Users\Allen\Desktop. Which website was use d to download the file?

A. www.Pixbay.com

B. free-mp3-download.net

C. https://mp3juices.nu

D. mygomp3.com

参考’ Windows 7 ’ 文件夹回答以下题目 With reference to ’ Windows 7 ’ folder to answer below question 在 Windows 7 中 \Users\Allen\Downloads 内有 mp3 文件 (miracle.mp3), 更改名称时间? In Windows 7, there is a MP3 file named “miracle.mp3 saved under the path ’ \Users\Allen\Downloads.” When was the file’s name changed? (2 分)

A. 2023-07-13 02:55:20

B. 2023-07-15 10:55:20

C. 2023-07-12 10:58:04

D. 2023-07-13 10:55:20

参考’ Windows 7 ’ 文件夹回答以下题目 With reference to ’ Windows 7 ’ folder to answer below question 在 Windows 7 中 \Users\Allen\Downloads 内有 mp3 文件 (miracle.mp3), mp3 文件更改名称前的名称是什么? In Windows 7, there is an MP3 file named “miracle.mp3 saved under the path ’ \Users\Allen\Downloads.” What was the name of the MP3 file before it was renamed? 提示: 请以与记录相同的名称与文件格式作答 Tips: Please answer the exact name and file extension of the file

参考’ Windows 7 ’ 文件夹回答以下题目 With reference to ’ Windows 7 ’ folder to answer below question 在 Windows 7 中有多少个文件曾被 potplayer 播放? In Windows 7, how many files have been played by potplayer? (1 分)

参考’ Windows 7 ’ 文件夹回答以下题目 With reference to ’ Windows 7 ’ folder to answer below question 在 Windows 7 中, potplayer 最后播放的文件名? In Windows 7, what is the name of the file name of last file played by PotPlayer? 提示: 请以与记录相同的名称(包括小写字母、阿拉伯数字与符号)与文件格式作答 Tips: Please answer the exact name (including lowercase letters, arabic numbers a nd symbols) and file extension of the file

事件应急小组 ( IR team)正在处理一起网络事件。调查显示，目标服务器是一个 EC2 Linux 实例，与该事件有关。该团队打算获取 Linux 系统的内存（使用 SHA256）。与该事件关联的 AWS 账户以用户名“duckman”注册。为了促进内存获取过程，该团队建立了专用的“取证服务器”。并使用“LiME”通过网络获取内存。以下哪一个指令是设定取证服务器以作取得内存内容的初步步骤? The incident response team was handling a cyber incident. The investigation reve aled that the target server, an EC2 Linux instance, was implicated in the incident. The team intends to obtain the memory of the Linux system (with SHA256). The A WS account associated with the incident is registered under the username “duckm an.” To facilitate the memory acquisition process, the team has established a dedi cated “forensic server.” and use “LiME” to acquire memory via network. Which of the following command is the early step to config the “forensic server” for the memory acquisition?

A. nc -l 4444 >mem126.lime.gz

B. Insmod lime.ko “pathtcp:4444 format=lime digest=sha256 compress=1”

C. scp -I ~/DFIRSciAWTest.pem lime.ko ec2-duckman@3.137.169.127:~/scp -I ~/DFIRSciAWTest.pem /usr/bin/nc ec2-duckman@3.137.169.127:~/

D. ssh duckman@<target_server_ip> “sudo dd if=/dev/mem | gzip -1 -” > memory_dump.gz

这些命令看起来与内存获取和传输相关，可能与数字取证（Digital Forensics and Incident Response，DFIR）有关。

A. nc -l 4444 >mem126.lime.gz:
- 启动一个监听在本地端口 4444 的 nc（netcat）服务，接收来自远程主机的数据，并将其写入名为 mem126.lime.gz 的文件中。这可能是用于接收内存转储的命令。
B. Insmod lime.ko "pathtcp:4444 format=lime digest=sha256 compress=1":
- 使用 insmod 命令加载 Linux 内核模块 lime.ko，并配置它以将内存内容发送到远程主机的 TCP 端口 4444，并使用 lime 格式、SHA256 摘要和压缩。
C. scp -I ~/DFIRSciAWTest.pem lime.ko ec2-duckman@3.137.169.127:~/scp -I ~/DFIRSciAWTest.pem /usr/bin/nc ec2-duckman@3.137.169.127:~/:
- 使用 scp 命令将 lime.ko 文件传输到远程主机，并似乎还试图传输 nc 工具。可能是为了准备远程主机以接收内存数据。
D. ssh duckman@<target_server_ip> "sudo dd if=/dev/mem | gzip -1 -" > memory_dump.gz:
- 通过 SSH 连接到目标服务器，使用 sudo dd 从 /dev/mem 中读取数据，然后通过管道将其传输给 gzip 进行压缩，并将结果写入名为 memory_dump.gz 的文件。这是一种获取目标服务器内存镜像的方式。

请注意，这些命令的使用可能需要特殊的权限，并且在实际场景中应该谨慎使用，确保符合法律和道德准则。

一眼丁真，C

基于两个 SQLite 数据库文件“cus_202308102034.json”和 “date_202308101120.json”。请编译一个 SQLite 脚本找出谁前往目的地“莫斯科". 包括 - 所有客户的姓名、 - 目的地、 - “arrival_timestamp_HK”[将时间戳转换为本地时间并将该列命名为“local_time”]。 Based on the two SQLite Database Files “cus_202308102034.json” and “date_20 2308101120.json”. please compile an SQLite statement to find out who traveled to the destination “ Moscow”, with all customers name, destination, “arrival_timestamp_HK” [conve rt the timestamp to localtime and name the column as “local_time”]

A. SELECT c.customer_name, c.destination, datetime(d.arrival_timestamp_HK, ‘unixepoch’, ‘localtime’) AS arrival_time_hk FROM cus c INNER JOIN date d ON c.destination = d.Destination WHERE c.destination = ‘Moscow’

B. SELECT cus.customer_name, cus.destination, datetime(date.arrival_timestamp_HK, ‘unixepoch’, ‘localtime’) AS arrival_time_hk FROM cus INNER JOIN date ON customer_id = date.id WHERE cus.destination = ‘Moscow’ AND date.Destination = ‘Moscow’ AND date.arrival_timestamp_HK IS NOT NULL AND datetime(date.arrival_timestamp_HK, ‘unixepoch’, ‘localtime’)

C. SELECT cus.customer_name, cus.destination, date.arrival_timestamp FROM cus INNER JOIN date ON cus.destination = date.destination；WHERE cus.destination = ‘Moscow’ AND date.Destination = ‘Moscow’

D. SELECT cus.customer_name, cus.destination, datetime(date.arrival_timestamp_HK, ‘unixepoch’, ‘localtime’) AS arrival_time_hk FROM cus INNER JOIN date ON cus.destination = date.Destination WHERE cus.destination = ‘Moscow’ AND date.Destination = ‘Moscow’ AND date.arrival_timestamp_HK IS NOT NULL AND datetime(date.arrival_timestamp_HK, ‘unixepoch’, ‘localtime’)

可以导入数据库慢慢看，也可以分析语句，我直接扔给GPT

答案中的关键点有：

使用正确的表别名（cus 和 date）以及正确的连接条件（cus.customer_id = date.customer_id）。
在 datetime 函数中将时间戳转换为本地时间，并将结果命名为 local_time。
在 WHERE 子句中，对客户和日期的目的地进行匹配，并确保到达时间戳不为空。

错误选项分析：

选项 A 中没有提供正确的连接条件，并且没有使用正确的表别名。
选项 B 中使用了错误的连接条件（customer_id = date.id）。
选项 C 中的 date.arrival_timestamp 没有进行时间戳转换，并且有额外的分号。

写一个 Powershell 的脚本以提取正在连接到 Window 11 计算机的可移动设备的记录。就每一个装置记录，提取相关的数据如装置名称、制造商、装置详情、硬件编号。及后用 “Write-Host” 指令题示数据。 write a PowerShell script to retrieve all removable device records connected to a Windows 11 desktop, for each device record, extracts relevant information such as the device name, manufacturer, description, and hardware ID. Then, use the “Write-Host” cmdlet to displays such information. (2 分)

以下是一个 PowerShell 脚本的示例，用于提取连接到 Windows 11 计算机的可移动设备的相关信息，并使用 Write-Host 将数据显示在控制台上：

# 获取连接到计算机的可移动设备信息
$devices = Get-PnpDevice | Where-Object { $_.Class -eq 'Portable Devices' }

# 遍历每个设备并提取相关信息
foreach ($device in $devices) {
    $deviceName = $device.FriendlyName
    $manufacturer = $device.Manufacturer
    $deviceDetails = $device.DeviceID
    $hardwareID = $device.HardwareID

    # 输出设备信息
    Write-Host "Device Name: $deviceName"
    Write-Host "Manufacturer: $manufacturer"
    Write-Host "Device Details: $deviceDetails"
    Write-Host "Hardware ID: $hardwareID"
    
    # 分隔不同设备的输出
    Write-Host "------------------------"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

请注意，这个脚本使用 Get-PnpDevice 获取连接到计算机的所有 PnP 设备，并通过 Where-Object 过滤出类别为 ‘Portable Devices’（可移动设备）的设备。然后，它遍历每个设备，并提取设备名称、制造商、设备详情和硬件编号等信息，最后使用 Write-Host 将这些信息输出到控制台。

以下 PowerShell 脚本用于从 Windows Server 2012 R2 获取具有管理员权限的所有使用者活动。 The following PowerShell script is used to retrieve all user activities with admin rig hts from a Windows Server 2012 R2.使用 “Where-Object” 命令来进一步过滤事件。事件的属性 " $_.Properties[?]" 中的参数是什么？如果事件的第 9 个属性与内建的 Administrator 账户的安全标识符（SID：S-1-5-21-- 500）匹配，则确保只选择与管理员活动相关的事件。 The “Where-Object” cmdlet is used to filter the events further. What is parameter of the event’s property “$ _.Properties[?]”? if the event’s 9th property matches the security identifier (SID) of the builtin Administrator account (SID: S-1-5-21-- 500). This ensures that only events related to activities by an administrator are selected.

Get-WinEvent -FilterHashtable @{
 LogName = 'Security'
 ID = 4688
 Level = 0
} | Where-Object {+B86
 $_.Properties[?].Value -match 'S-1-5-21-\d+-500'
} | Select-Object -Property TimeCreated, Message
1
2
3
4
5
6
7

在这个 PowerShell 脚本中，$_.Properties[?] 中的问号是用来表示事件对象的属性索引的地方。在这种情况下，$_.Properties[8] 表示事件对象的第 9 个属性。因为在 PowerShell 中数组的索引是从 0 开始的，所以第 9 个属性的索引是 8。因此，$_.Properties[8].Value 用于获取事件的第 9 个属性的值，这个属性通常包含有关发起操作的账户的信息。在这里，该值与内建管理员账

总结

只会服务器和流量做个人赛难免吃慌，（如果线上做的话AI都能梭了），，，题还是刷少了…

b3nguang，写于2023/11/25

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/article/detail/44707

2023年第九届“美亚杯”全国电子数据取证竞赛(个人赛部分)_2023美亚个人赛题目

案件基本情况

案情

检材资料

题目

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉的手机安装了什么即时通讯软件 (Instant Messaging App)? What instant messaging app is installed on Li Dahui’s mobile phone? (1 分)

A. WhatsApp

B. LINE

C. 微信

D. Signal

E. QQ

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉的手机是什么时间成功登入 WhatsApp? At what time did Li Dahui’s mobile phone successfully log into WhatsApp? (2 分)

A. 2022-08-18_21:52:30

B. 2022-08-19_21:56:23

C. 2022-08-18_21:56:37

D. 2022-08-19_06:59:07

E. 2022-08-19_07:01:17

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉到美丽好化妆品公司的入职时间是何时？ When did Li Dahui join the Beauty Good Cosmetics Company? (2 分)

参考 ’ Android.bin ’ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉曾于什么时间使用了图像编辑软件? At what time did Li Dahui use image editing software? (2 分)

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk '回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 哪些文件可以找出这 个访问服务器的 Ubuntu 版本？ Which files can find out the Ubuntu version of this access server? (1 分)

A. lsb-release

B. issue.net

C. profile

D. console

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk '回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 哪些文件有助于分辨 这是一个存储服务器？ Which files could be used to prove this access server? (1 分)

A. auth.log

B. sys.log

C. bash_history

D. idconfig

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk ’ 回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 这个访问服务器所在 时区是哪个时区？ What is the time zone of this access server? (2 分)

A. UTC +9

B. UTC +8

C. UTC -7

D. UTC

A. Blowfish-CBC

B. 3DES-CBC

C. AES-128-GCM

D. AES-256-CBC

参考网络题目.pcapng 文件回答以下题目 With reference to ’ 网络题目.pcapng ’ file to answer below question 当计算机正在扫瞄 8.8.8.8，namp 相关的指令是什么 The computer is scanning 8.8.8.8. What is the corresponding nmap command? (1 分)

A. nmap -sT 8.8.8.8

B. nmap -sU 8.8.8.8

C. nmap -sn -PR 8.8.8.8

D. nmap -sn -PU 8.8.8.8

参考网络题目.pcapng 文件回答以下题目 With reference to ’ 网络题目.pcapng ’ file to answer below question 当计算机正在扫瞄 45.33.32.156，namp 相关的指令是什么 The computer is scanning 45.33.32.156. What is the corresponding nmap command? (1 分)

A. nmap -sT 45.33.32.156

B. nmap -sU 45.33.32.156

C. nmap -sn -45.33.32.156

D. nmap -sn -45.33.32.156

A. 10.1.4.255

B. 10.1.4.100

C. 10.1.4.254

D. 10.1.4.1

以下那个协议是属于 TCP/IP 协议? Which of the following protocols belong to TCP/IP protocol? i: DHCP ii: HTTP iii: RTP iv: Telnet (1 分)

A. i & iii

B. ii & iv

C. 所有皆是 (All answers belong to TCP/IP protocol)

D. 所有皆否(All answers don’t belong to TCP/IP protocol)

志伟是浩贤的主管，他发现浩贤的设定错误，浩贤应作怎样的更正？ Chi-wai is the supervisor of Ho-yin. He discovers Hoyin made mistake in the settings. What correction should Ho-yin do?(2 分)

A. 'access-list 123 permit tcp any eq ftp any ’ 更正为(change) 'access-list 123 permit udp any eq ftp any ’

B. 'access-list 122 permit tcp host 192.168.26.3 eq www any ’ 更正为(change) 'access-list 122 permit udp host 192.168.26.3 eq www any ’

C. 删除(Delete)‘access-list 120 deny tcp any any’ 与’access-list 119 deny udp any any’

D. 删除(Delete)'access-list 123 permit tcp any eq ftp any ’

根据以下 ping 指令的结果，你会估计 192.168.186.132 是哪一个操作系统 According to below ping commands, what is the operation system of the target IP address 192.168.186.132?(2 分)

A. Linux

B. Windows XP

C. Windows 7

D. iOS 12.4 (Cisco Routers)

A. nmap -sT

B. nmap -sN

C. nmap -sX

D. nmap -Pn

以下哪一个Nmap指令可以减低被侦测的可能性 Which nmap command can be used to lower the possibility of being dectected ? (2分)

A. nmap -sT -O -T5

B. nmap -sT -O -T0

C. nmap -sU

D. nmap -A --host-timeout 99-T1

Apple 计算机的硬盘可以使用以下分区方案： The following partition schemes can be used for an Apple computer’s hard drive: (1 分)

A. Apple Partition Map

B. GUID Partition Table

C. Master Boot Record

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk '回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 哪些文件可以找出这个访问服务器的 Ubuntu 版本？ Which files can find out the Ubuntu version of this access server? (1 分)

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk '回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 哪些文件有助于分辨这是一个存储服务器？ Which files could be used to prove this access server? (1 分)

参考 Server 文件夹下的 ’ Meiya_VPN.vmdk ’ 回答以下题目 With reference to ’ Meiya_VPN.vmdk ’ in Server folder to answer below question 这个访问服务器所在时区是哪个时区？ What is the time zone of this access server? (2 分)

参考 ’ Window Artifacts.E01 ’ 内的 Windows 注册表回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question 该计算机的操作系统是在哪一个时区? What is the time zone of the operating system of this computer? (1 分)

参考’ Window Artifacts.E01 '内的 Windows 注册表回答以下题目 With reference to ’ Window Artifacts.E01 ’ file to answer below question 哪(几)个程序会于操作系统启动时自动执行? Which program(s) would be automatically executed upon operating system startup? (1 分)