Cyber Monday Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC GCED - GIAC Certified Enterprise Defender

GIAC GCED Premium Access     Download Demo    
Page: 2 / 3
Total 88 questions

What is the most common read-only SNMP community string usually called?

A.

private

B.

mib

C.

open

D.

public

Which control would BEST help detect a potential insider threat?

A.

Mandatory approval process for executive and administrative access requests.

B.

Providing the same access to all employees and monitoring sensitive file access.

C.

Multiple scheduled log reviews of all employee access levels throughout the year

D.

Requiring more than one employee to be trained on each task or job duty.

Which statement below is the MOST accurate about insider threat controls?

A.

Classification of information assets helps identify data to protect.

B.

Security awareness programs have a minimal impact on reducing the insider threat.

C.

Both detective and preventative controls prevent insider attacks.

D.

Rotation of duties makes an insider threat more likely.

E.

Separation of duties encourages one employee to control a great deal of information.

What would be the output of the following Google search?

filetype:doc inurl:ws_ftp

A.

Websites running ws_ftp that allow anonymous logins

B.

Documents available on the ws_ftp.com domain

C.

Websites hosting the ws_ftp installation program

D.

Documents found on sites with ws_ftp in the web address

How would an attacker use the following configuration settings?

A.

A client based HIDS evasion attack

B.

A firewall based DDoS attack

C.

A router based MITM attack

D.

A switch based VLAN hopping attack

What would the output of the following command help an incident handler determine?

cscript manage-bde . wsf –status

A.

Whether scripts can be run from the command line

B.

Which processes are running on the system

C.

When the most recent system reboot occurred

D.

Whether the drive has encryption enabled

Following a Digital Forensics investigation, which of the following should be included in the final forensics report?

A.

An executive summary that includes a list of all forensic procedures performed.

B.

A summary of the verified facts of the incident and the analyst’s unverified opinions.

C.

A summary of the incident and recommended disciplinary actions to apply internally.

D.

An executive summary that includes high level descriptions of the overall findings.

What should happen before acquiring a bit-for-bit copy of suspect media during incident response?

A.

Encrypt the original media to protect the data

B.

Create a one-way hash of the original media

C.

Decompress files on the original media

D.

Decrypt the original media

What is needed to be able to use taskkill to end a process on remote system?

A.

Svchost.exe running on the remote system

B.

Domain login credentials

C.

Port 445 open

D.

Windows 7 or higher on both systems

An outside vulnerability assessment reveals that users have been routinely accessing Gmail from work for over a year, a clear violation of this organization’s security policy. The users report “it just started working one day”. Later, a network administrator admits he meant to unblock Gmail for just his own IP address, but he made a mistake in the firewall rule.

Which security control failed?

A.

Access control

B.

Authentication

C.

Auditing

D.

Rights management