Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Examstrust Logo
examstrust mcafee
  1. Home
  2. GIAC
  3. Security Certification: GASF
  4. GCED - GIAC Certified Enterprise Defender

GIAC GCED GIAC Certified Enterprise Defender Exam Practice Test

Page: 1 / 9
Total 88 questions
Get GCED Full Access Download GCED PDF

GIAC Certified Enterprise Defender Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$61.25  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Add to Cart
Question 1

Which of the following is an SNMPv3 security feature that was not provided by earlier versions of the protocol?

Options:

A.

Authentication based on RSA key pairs

B.

The ability to change default community strings

C.

AES encryption for SNMP network traffic

D.

The ability to send SNMP traffic over TCP ports

Question 2

Enabling port security prevents which of the following?

Options:

A.

Using vendors other than Cisco for switching equipment as they don’t offer port security

B.

Spoofed MAC addresses from being used to cause a Denial of Service condition

C.

Legitimate MAC addresses from being used to cause a Denial of Service condition

D.

Network Access Control systems from functioning properly

Question 3

Before re-assigning a computer to a new employee, what data security technique does the IT department use to make sure no data is left behind by the previous user?

Options:

A.

Fingerprinting

B.

Digital watermarking

C.

Baselining

D.

Wiping

Question 4

Why would an incident handler acquire memory on a system being investigated?

Options:

A.

To determine whether a malicious DLL has been injected into an application

B.

To identify whether a program is set to auto-run through a registry hook

C.

To list which services are installed on they system

D.

To verify which user accounts have root or admin privileges on the system

Question 5

A company estimates a loss of $2,374 per hour in sales if their website goes down. Their webserver hosting site’s documented downtime was 7 hours each quarter over the last two years. Using the information, what can the analyst determine?

Options:

A.

Annualized loss expectancy

B.

CVSS risk score

C.

Total cost of ownership

D.

Qualitative risk posture

Question 6

An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worm’s artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the incident response team fail?

Options:

A.

The team did not adequately apply lessons learned from the incident

B.

The custom rule did not detect all infected workstations

C.

They did not receive timely notification of the security event

D.

The team did not understand the worm’s propagation method

Question 7

A compromised router is reconfigured by an attacker to redirect SMTP email traffic to the attacker’s server before sending packets on to their intended destinations. Which IP header value would help expose anomalies in the path outbound SMTP/Port 25 traffic takes compared to outbound packets sent to other ports?

Options:

A.

Checksum

B.

Acknowledgement number

C.

Time to live

D.

Fragment offset

Question 8

The security team wants to detect connections that can compromise credentials by sending them in plaintext across the wire. Which of the following rules should they enable on their IDS sensor?

Options:

A.

alert tcp any 22 < > any 22 (msg:SSH connection; class type:misc-attack;sid: 122:rev:1;)

B.

alert tcp any any < > any 6000: (msg:X-Windows session; flow:from_server,established;nocase;classtype:misc-attack;sid:101;rev:1;)

C.

alert tcp any 23 < > any 23 (msg:Telnet shell; class type:misc-attack;sid:100; rev:1;)

D.

alert udp any any < > any 5060 (msg:VOIP message; classtype:misc-attack;sid:113; rev:2;)

Question 9

Michael, a software engineer, added a module to a banking customer’s code. The new module deposits small amounts of money into his personal bank account. Michael has access to edit the code, but only code reviewers have the ability to commit modules to production. The code reviewers have a backlog of work, and are often willing to trust the software developers’ testing and confidence in the code.

Which technique is Michael most likely to engage to implement the malicious code?

Options:

A.

Denial of Service

B.

Race Condition

C.

Phishing

D.

Social Engineering

Question 10

How does data classification help protect against data loss?

Options:

A.

DLP systems require classification in order to protect data

B.

Data at rest is easier to protect than data in transit

C.

Digital watermarks can be applied to sensitive data

D.

Resources and controls can be appropriately allocated

Question 11

Which tasks would a First Responder perform during the Identification phase of Incident Response?

Options:

A.

Verify the root cause of the incident and apply any missing security patches.

B.

Install or reenable host-based firewalls and anti-virus software on suspected systems.

C.

Search for sources of data and information that may be valuable in confirming and containing an incident.

D.

Disconnect network communications and search for malicious executables or processes.

Question 12

What are Browser Helper Objects (BHO)s used for?

Options:

A.

To provide multi-factor authentication support for Firefox

B.

To provide a more feature-rich interface for Internet Explorer

C.

To allow Internet Explorer to process multi-part URLs

D.

To allow Firefox to process JavaScript in a sandbox

Question 13

Which statement below is the MOST accurate about insider threat controls?

Options:

A.

Classification of information assets helps identify data to protect.

B.

Security awareness programs have a minimal impact on reducing the insider threat.

C.

Both detective and preventative controls prevent insider attacks.

D.

Rotation of duties makes an insider threat more likely.

E.

Separation of duties encourages one employee to control a great deal of information.

Load More GCED Questions
Page: 1 / 9
Total 88 questions
Get GCED Full Access Download GCED PDF