GCED by GIAC Actual Free Exam Questions And Answers

Question 1

When attempting to collect data from a suspected system compromise, which of the following should generally be collected first?

A. A list of the running services

B. The contents of physical memory

C. The network connections and open ports

D. The current routing table

Discussion 0

Correct Answer: B Vote an answer

Question 2

You are responding to an incident involving a Windows server on your company's network. During the investigation you notice that the system downloaded and installed two files, iexplorer.exe and iexplorer.sys. Based on the behavior of the system you suspect that these files are part of a rootkit. If this is the case what is the likely purpose of the .sys file?

A. It is a logfile used to collect usernames and passwords

B. It is a device driver used to load the rootkit

C. It is an executable used to configure a keylogger

D. It is a configuration file used to open a backdoor

Discussion 0

Correct Answer: B Vote an answer

Question 3

What feature of Wireshark allows the analysis of one HTTP conversation?

A. Conversation list > IPV4

B. Follow UDP Stream

C. Setting a display filter to 'tcp'

D. Follow TCP Stream

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

Why would an incident handler acquire memory on a system being investigated?

A. To identify whether a program is set to auto-run through a registry hook

B. To verify which user accounts have root or admin privileges on the system

C. To list which services are installed on they system

D. To determine whether a malicious DLL has been injected into an application

Discussion 0

Correct Answer: C Vote an answer

Question 5

Why would a Cisco network device with the latest updates and patches have the service config setting enabled, making the device vulnerable to the TFTP Server Attack?

A. This older default IOS setting was inherited from an older configuration despite the upgrade.

B. This setting is enabled by default in the current Cisco IOS.

C. Disabling telnet enables the setting on the network device.

D. An attack by Cisco Global Exploiter will automatically enable the setting.

E. Allowing remote administration using SSH under the Cisco IOS also enables the setting.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

What would be the output of the following Google search?
filetype:doc inurl:ws_ftp

A. Documents available on the ws_ftp.com domain

B. Documents found on sites with ws_ftp in the web address

C. Websites hosting the ws_ftp installation program

D. Websites running ws_ftp that allow anonymous logins

Discussion 0

Correct Answer: B Vote an answer

Question 7

Which of the following is an SNMPv3 security feature that was not provided by earlier versions of the protocol?

A. The ability to change default community strings

B. AES encryption for SNMP network traffic

C. Authentication based on RSA key pairs

D. The ability to send SNMP traffic over TCP ports

Discussion 0

Correct Answer: B Vote an answer

Question 8

Which tool uses a Snort rules file for input and by design triggers Snort alerts?

A. stick

B. snot

C. ftester

D. Nidsbench

Discussion 0

Correct Answer: D Vote an answer

Question 9

Which of the following is the best way to establish and verify the integrity of a file before copying it during an investigation?

A. Ensure that the MAC times are identical before and after copying the file

B. Write down the file size of the file before and after copying and ensure they match

C. Establish the chain of custody with the system description to prove it is the same image

D. Create hash of the file before and after copying the image verifying they are identical

Discussion 0

Correct Answer: D Vote an answer

GIAC Certified Enterprise Defender - GCED Exam Practice Test

Contact Us

Useful Links

Latest Updated