New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium GIAC GCED Dumps Questions Answers

Page: 1 / 3
Total 88 questions

GIAC Certified Enterprise Defender Questions and Answers

Question 1

Which tasks would a First Responder perform during the Identification phase of Incident Response?

Options:

A.

Verify the root cause of the incident and apply any missing security patches.

B.

Install or reenable host-based firewalls and anti-virus software on suspected systems.

C.

Search for sources of data and information that may be valuable in confirming and containing an incident.

D.

Disconnect network communications and search for malicious executables or processes.

Buy Now
Question 2

Why would the pass action be used in a Snort configuration file?

Options:

A.

The pass action simplifies some filtering by specifying what to ignore.

B.

The pass action passes the packet onto further rules for immediate analysis.

C.

The pass action serves as a placeholder in the snort configuration file for future rule updates.

D.

Using the pass action allows a packet to be passed to an external process.

E.

The pass action increases the number of false positives, better testing the rules.

Question 3

What should happen before acquiring a bit-for-bit copy of suspect media during incident response?

Options:

A.

Encrypt the original media to protect the data

B.

Create a one-way hash of the original media

C.

Decompress files on the original media

D.

Decrypt the original media

Question 4

Michael, a software engineer, added a module to a banking customer’s code. The new module deposits small amounts of money into his personal bank account. Michael has access to edit the code, but only code reviewers have the ability to commit modules to production. The code reviewers have a backlog of work, and are often willing to trust the software developers’ testing and confidence in the code.

Which technique is Michael most likely to engage to implement the malicious code?

Options:

A.

Denial of Service

B.

Race Condition

C.

Phishing

D.

Social Engineering

Question 5

Which of the following would be included in a router configuration standard?

Options:

A.

Names of employees with access rights

B.

Access list naming conventions

C.

Most recent audit results

D.

Passwords for management access

Question 6

How does data classification help protect against data loss?

Options:

A.

DLP systems require classification in order to protect data

B.

Data at rest is easier to protect than data in transit

C.

Digital watermarks can be applied to sensitive data

D.

Resources and controls can be appropriately allocated

Question 7

What piece of information would be recorded by the first responder as part of the initial System Description?

Options:

A.

Copies of log files

B.

System serial number

C.

List of system directories

D.

Hash of each hard drive

Question 8

What is the most common read-only SNMP community string usually called?

Options:

A.

private

B.

mib

C.

open

D.

public

Question 9

Network administrators are often hesitant to patch the operating systems on CISCO router and switch operating systems, due to the possibility of causing network instability, mainly because of which of the following?

Options:

A.

Having to rebuild all ACLs

B.

Having to replace the kernel

C.

Having to re-IP the device

D.

Having to rebuild ARP tables

E.

Having to rebuild the routing tables

Question 10

Which of the following is an SNMPv3 security feature that was not provided by earlier versions of the protocol?

Options:

A.

Authentication based on RSA key pairs

B.

The ability to change default community strings

C.

AES encryption for SNMP network traffic

D.

The ability to send SNMP traffic over TCP ports

Question 11

If a Cisco router is configured with the “service config” configuration statement, which of the following tools could be used by an attacker to apply a new router configuration?

Options:

A.

TFTPD

B.

Hydra

C.

Ettercap

D.

Yersinia

Question 12

An analyst will capture traffic from an air-gapped network that does not use DNS. The analyst is looking for unencrypted Syslog data being transmitted. Which of the following is most efficient for this purpose?

Options:

A.

tcpdump –s0 –i eth0 port 514

B.

tcpdump –nnvvX –i eth0 port 6514

C.

tcpdump –nX –i eth0 port 514

D.

tcpdump –vv –i eth0 port 6514

Question 13

Which of the following is best defined as “anything that has the potential to target known or existing vulnerabilities in a system?”

Options:

A.

Vector

B.

Gateway

C.

Threat

D.

Exploit

Page: 1 / 3
Total 88 questions