1. Home
  2. GIAC
  3. Security Certification: GASF
  4. GCED
  5. GIAC Certified Enterprise Defender Questions and Answers

Pass the GIAC Security Certification: GASF GCED Questions and answers with CertsForce

 GIAC Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 3 pages
Viewing questions 1-10 out of questions
Questions # 1:

How does data classification help protect against data loss?

Options:
A.

DLP systems require classification in order to protect data

B.

Data at rest is easier to protect than data in transit

C.

Digital watermarks can be applied to sensitive data

D.

Resources and controls can be appropriately allocated

Questions # 2:

An internal host at IP address 10.10.50.100 is suspected to be communicating with a command and control whenever a user launches browser window. What features and settings of Wireshark should be used to isolate and analyze this network traffic?

Options:
A.

Filter traffic using ip.src = = 10.10.50.100 and tcp.srcport = = 80, and use Expert Info

B.

Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 53, and use Expert Info

C.

Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 80, and use Follow TCP stream

D.

Filter traffic using ip.src = = 10.10.50.100, and use Follow TCP stream

Questions # 3:

What is the most common read-only SNMP community string usually called?

Options:
A.

private

B.

mib

C.

open

D.

public

Questions # 4:

Which statement below is the MOST accurate about insider threat controls?

Options:
A.

Classification of information assets helps identify data to protect.

B.

Security awareness programs have a minimal impact on reducing the insider threat.

C.

Both detective and preventative controls prevent insider attacks.

D.

Rotation of duties makes an insider threat more likely.

E.

Separation of duties encourages one employee to control a great deal of information.

Questions # 5:

On which layer of the OSI Reference Model does the FWSnort utility function?

Options:
A.

Physical Layer

B.

Data Link Layer

C.

Transport Layer

D.

Session Layer

E.

Application Layer

Questions # 6:

What piece of information would be recorded by the first responder as part of the initial System Description?

Options:
A.

Copies of log files

B.

System serial number

C.

List of system directories

D.

Hash of each hard drive

Questions # 7:

You have been tasked with searching for Alternate Data Streams on the following collection of Windows partitions; 2GB FAT16, 6GB FAT32, and 4GB NTFS. How many total Gigabytes and partitions will you need to search?

Options:
A.

4GBs of data, the NTFS partition only.

B.

12GBs of data, the FAT16, FAT32, and NTFS partitions.

C.

6GBs of data, the FAT32 partition only.

D.

10GBs of data, both the FAT32 and NTFS partitions.

Questions # 8:

Requiring background checks for employees who access protected data is an example of which type of data loss control?

Options:
A.

Mitigation

B.

Prevention

C.

Monitoring

D.

Identification

Questions # 9:

Why would a Cisco network device with the latest updates and patches have the service config setting enabled, making the device vulnerable to the TFTP Server Attack?

Options:
A.

Disabling telnet enables the setting on the network device.

B.

This setting is enabled by default in the current Cisco IOS.

C.

Allowing remote administration using SSH under the Cisco IOS also enables the setting.

D.

An attack by Cisco Global Exploiter will automatically enable the setting.

E.

This older default IOS setting was inherited from an older configuration despite the upgrade.

Questions # 10:

What would the output of the following command help an incident handler determine?

cscript manage-bde . wsf –status

Options:
A.

Whether scripts can be run from the command line

B.

Which processes are running on the system

C.

When the most recent system reboot occurred

D.

Whether the drive has encryption enabled

Viewing page 1 out of 3 pages
Viewing questions 1-10 out of questions