GIAC GCED Exam Questions Free Practice Test

Viewing page 1 out of 3 pages

Viewing questions 1-10 out of questions

Questions # 1:

How does data classification help protect against data loss?

Options:

DLP systems require classification in order to protect data

Data at rest is easier to protect than data in transit

Digital watermarks can be applied to sensitive data

Resources and controls can be appropriately allocated

Expert Solution

Questions # 2:

An internal host at IP address 10.10.50.100 is suspected to be communicating with a command and control whenever a user launches browser window. What features and settings of Wireshark should be used to isolate and analyze this network traffic?

Options:

Filter traffic using ip.src = = 10.10.50.100 and tcp.srcport = = 80, and use Expert Info

Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 53, and use Expert Info

Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 80, and use Follow TCP stream

Filter traffic using ip.src = = 10.10.50.100, and use Follow TCP stream

Expert Solution

Questions # 3:

What is the most common read-only SNMP community string usually called?

Options:

private

mib

open

public

Expert Solution

Questions # 4:

Which statement below is the MOST accurate about insider threat controls?

Options:

Classification of information assets helps identify data to protect.

Security awareness programs have a minimal impact on reducing the insider threat.

Both detective and preventative controls prevent insider attacks.

Rotation of duties makes an insider threat more likely.

Separation of duties encourages one employee to control a great deal of information.

Expert Solution

Questions # 5:

On which layer of the OSI Reference Model does the FWSnort utility function?

Options:

Physical Layer

Data Link Layer

Transport Layer

Session Layer

Application Layer

Expert Solution

Questions # 6:

What piece of information would be recorded by the first responder as part of the initial System Description?

Options:

Copies of log files

System serial number

List of system directories

Hash of each hard drive

Expert Solution

Questions # 7:

You have been tasked with searching for Alternate Data Streams on the following collection of Windows partitions; 2GB FAT16, 6GB FAT32, and 4GB NTFS. How many total Gigabytes and partitions will you need to search?

Options:

4GBs of data, the NTFS partition only.

12GBs of data, the FAT16, FAT32, and NTFS partitions.

6GBs of data, the FAT32 partition only.

10GBs of data, both the FAT32 and NTFS partitions.

Expert Solution

Questions # 8:

Requiring background checks for employees who access protected data is an example of which type of data loss control?

Options:

Mitigation

Prevention

Monitoring

Identification

Expert Solution

Questions # 9:

Why would a Cisco network device with the latest updates and patches have the service config setting enabled, making the device vulnerable to the TFTP Server Attack?

Options:

Disabling telnet enables the setting on the network device.

This setting is enabled by default in the current Cisco IOS.

Allowing remote administration using SSH under the Cisco IOS also enables the setting.

An attack by Cisco Global Exploiter will automatically enable the setting.

This older default IOS setting was inherited from an older configuration despite the upgrade.

Expert Solution

Questions # 10:

What would the output of the following command help an incident handler determine?

cscript manage-bde . wsf –status

Options:

Whether scripts can be run from the command line

Which processes are running on the system

When the most recent system reboot occurred

Whether the drive has encryption enabled

Expert Solution

Viewing page 1 out of 3 pages

Viewing questions 1-10 out of questions

Pass the GIAC Security Certification: GASF GCED Questions and answers with CertsForce