GDAT by GIAC Actual Free Exam Questions And Answers

Question 1

Which of the following are indicators of a potential HTTP-based data exfiltration?
(Choose Two)
Response:

A. Standard encryption used in HTTP GET requests

B. High volumes of outbound HTTP traffic to foreign IPs

C. Unusually large numbers of HTTP POST requests

D. Frequent access to top-level domains at regular intervals

Discussion 0

Correct Answer: A,C Vote an answer

Question 2

Which method involves embedding a payload within innocent-looking files to bypass security filters?
Response:

A. Ransomware

B. Steganography

C. Phishing

D. Social engineering

Discussion 0

Correct Answer: B Vote an answer

Question 3

What is the primary purpose of using a rootkit in malware installation?
Response:

A. To enable remote access to the target network

B. To hide the presence of malware from security tools and users

C. To encrypt files on the target system

D. To increase the system's performance

Discussion 0

Correct Answer: B Vote an answer

Question 4

Which step is critical in the initial phase of an incident response process?
Response:

A. Cost analysis of the incident

B. Communication with the media

C. Identification of the breach

D. Purchasing new security tools

Discussion 0

Correct Answer: C Vote an answer

Question 5

What are key indicators of lateral movement within a network?
(Choose Three)
Response:

A. Anomalies in account logins

B. Unusual outbound traffic patterns

C. Spike in database read operations

D. Frequent changes in file permissions

Discussion 0

Correct Answer: A,B,D Vote an answer

Question 6

Your security team has identified unusual outbound traffic from your organization's network to external IP addresses. Upon further analysis, the traffic consists of a high volume of encrypted HTTP POST requests, with some payloads resembling legitimate DNS queries.
What is the most likely method of data exfiltration being used, and how should you proceed?
Response:

A. Phishing attack; notify users to change their passwords and monitor account activity

B. SQL injection; patch the vulnerable web applications and monitor the database for anomalies

C. DNS tunneling; block external DNS requests and investigate the internal DNS servers

D. Ransomware attack; isolate the affected systems and begin recovery operations

Discussion 0

Correct Answer: C Vote an answer

Question 7

Which tool is commonly used during the reconnaissance phase to scan for open ports and services on a network?
Response:

A. Nessus

B. Burp Suite

C. Wireshark

D. Nmap

Discussion 0

Correct Answer: D Vote an answer

Question 8

Which of the following scenarios exemplifies a breach of the principle of least privilege?
Response:

A. A database administrator has access to server management tools.

B. An intern is granted access to financial records for training purposes.

C. IT staff use a common account with administrative privileges for routine tasks.

D. A user can view and modify their own user settings.

Discussion 0

Correct Answer: B,C Vote an answer

Question 9

What are essential components of a Kerberos-based authentication system in Active Directory?
Response:

A. Key Distribution Center (KDC)

B. Security Account Manager (SAM)

C. Access Control List (ACL)

D. Ticket Granting Ticket (TGT)

Discussion 0

Correct Answer: A,D Vote an answer

Question 10

Which of the following are signs of a successful payload delivery?
(Choose Two)
Response:

A. Increased network traffic to unknown IPs

B. Unexpected pop-up windows

C. Faster system boot-up times

D. Unusual system behavior and crashes

Discussion 0

Correct Answer: A,D Vote an answer

Question 11

Which operating system features can be exploited by attackers to execute malicious payloads?
(Choose two)
Response:

A. Secure Boot

B. Command-line interfaces

C. Secure Shell (SSH) protocols

D. AutoRun and AutoPlay features

Discussion 0

Correct Answer: B,D Vote an answer

Question 12

Which of the following methods is commonly used for delivering malicious payloads in phishing attacks?
Response:

A. Embedded links in emails

B. DDoS attacks

C. Social engineering through phone calls

D. SQL injection

Discussion 0

Correct Answer: A Vote an answer

Question 13

Which of the following are common tools used in adversary emulation exercises?
(Choose two)
Response:

A. Nessus

B. Burp Suite

C. Metasploit

D. Cobalt Strike

Discussion 0

Correct Answer: C,D Vote an answer

GIAC Defending Advanced Threats - GDAT Exam Practice Test

Contact Us

Useful Links

Latest Updated