New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > GIAC > Security Certification: GASF > GCED

GCED GIAC Certified Enterprise Defender Question and Answers

Question # 4

When attempting to collect data from a suspected system compromise, which of the following should generally be collected first?

A.

The network connections and open ports

B.

The contents of physical memory

C.

The current routing table

D.

A list of the running services

Full Access
Question # 5

Which statement below is the MOST accurate about insider threat controls?

A.

Classification of information assets helps identify data to protect.

B.

Security awareness programs have a minimal impact on reducing the insider threat.

C.

Both detective and preventative controls prevent insider attacks.

D.

Rotation of duties makes an insider threat more likely.

E.

Separation of duties encourages one employee to control a great deal of information.

Full Access
Question # 6

Which could be described as a Threat Vector?

A.

A web server left6 unpatched and vulnerable to XSS

B.

A coding error allowing remote code execution

C.

A botnet that has infiltrated perimeter defenses

D.

A wireless network left open for anonymous use

Full Access
Question # 7

Which of the following attacks would use “..” notation as part of a web request to access restricted files and directories, and possibly execute code on the web server?

A.

URL directory

B.

HTTP header attack

C.

SQL injection

D.

IDS evasion

E.

Cross site scripting

Full Access
Question # 8

A compromised router is reconfigured by an attacker to redirect SMTP email traffic to the attacker’s server before sending packets on to their intended destinations. Which IP header value would help expose anomalies in the path outbound SMTP/Port 25 traffic takes compared to outbound packets sent to other ports?

A.

Checksum

B.

Acknowledgement number

C.

Time to live

D.

Fragment offset

Full Access
Question # 9

Which of the following is an outcome of the initial triage during incident response?

A.

Removal of unnecessary accounts from compromised systems

B.

Segmentation of the network to protect critical assets

C.

Resetting registry keys that vary from the baseline configuration

D.

Determining whether encryption is in use on in scope systems

Full Access
Question # 10

Which tool keeps a backup of all deleted items, so that they can be restored later if need be?

A.

ListDLLs

B.

Yersinia

C.

Ettercap

D.

ProcessExplorer

E.

Hijack This

Full Access
Question # 11

You have been tasked with searching for Alternate Data Streams on the following collection of Windows partitions; 2GB FAT16, 6GB FAT32, and 4GB NTFS. How many total Gigabytes and partitions will you need to search?

A.

4GBs of data, the NTFS partition only.

B.

12GBs of data, the FAT16, FAT32, and NTFS partitions.

C.

6GBs of data, the FAT32 partition only.

D.

10GBs of data, both the FAT32 and NTFS partitions.

Full Access
Question # 12

A company estimates a loss of $2,374 per hour in sales if their website goes down. Their webserver hosting site’s documented downtime was 7 hours each quarter over the last two years. Using the information, what can the analyst determine?

A.

Annualized loss expectancy

B.

CVSS risk score

C.

Total cost of ownership

D.

Qualitative risk posture

Full Access
Question # 13

What is the most common read-only SNMP community string usually called?

A.

private

B.

mib

C.

open

D.

public

Full Access