Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. GIAC
  3. Security Certification: GASF
  4. GCED - GIAC Certified Enterprise Defender

GIAC GCED GIAC Certified Enterprise Defender Exam Practice Test

Demo: 13 questions
Total 88 questions
Get GCED Full Access Download GCED PDF

GIAC Certified Enterprise Defender Questions and Answers

Question 1

Which tool uses a Snort rules file for input and by design triggers Snort alerts?

Options:

A.

snot

B.

stick

C.

Nidsbench

D.

ftester

Question 2

A security device processes the first packet from 10.62.34.12 destined to 10.23.10.7 and recognizes a malicious anomaly. The first packet makes it to 10.23.10.7 before the security devices sends a TCP RST to 10.62.34.12. What type of security device is this?

Options:

A.

Host IDS

B.

Active response

C.

Intrusion prevention

D.

Network access control

Question 3

You have been tasked with searching for Alternate Data Streams on the following collection of Windows partitions; 2GB FAT16, 6GB FAT32, and 4GB NTFS. How many total Gigabytes and partitions will you need to search?

Options:

A.

4GBs of data, the NTFS partition only.

B.

12GBs of data, the FAT16, FAT32, and NTFS partitions.

C.

6GBs of data, the FAT32 partition only.

D.

10GBs of data, both the FAT32 and NTFS partitions.

Question 4

Which action would be the responsibility of the First Responder once arriving at the scene of a suspected incident as part of a Computer Security Incident Response Plan (CSIRP)?

Options:

A.

Making the decision of whether or not to notify law enforcement on behalf of the organization.

B.

Performing timeline creation on the system files in order to identify and remove discovered malware.

C.

Copying critical data from suspected systems to known good systems so productivity is not affected by the investigation.

D.

Conducting initial interviews and identifying the systems involved in the suspected incident.

Question 5

Enabling port security prevents which of the following?

Options:

A.

Using vendors other than Cisco for switching equipment as they don’t offer port security

B.

Spoofed MAC addresses from being used to cause a Denial of Service condition

C.

Legitimate MAC addresses from being used to cause a Denial of Service condition

D.

Network Access Control systems from functioning properly

Question 6

If a Cisco router is configured with the “service config” configuration statement, which of the following tools could be used by an attacker to apply a new router configuration?

Options:

A.

TFTPD

B.

Hydra

C.

Ettercap

D.

Yersinia

Question 7

On which layer of the OSI Reference Model does the FWSnort utility function?

Options:

A.

Physical Layer

B.

Data Link Layer

C.

Transport Layer

D.

Session Layer

E.

Application Layer

Question 8

Which of the following would be included in a router configuration standard?

Options:

A.

Names of employees with access rights

B.

Access list naming conventions

C.

Most recent audit results

D.

Passwords for management access

Question 9

Which of the following is best defined as “anything that has the potential to target known or existing vulnerabilities in a system?”

Options:

A.

Vector

B.

Gateway

C.

Threat

D.

Exploit

Question 10

Requiring criminal and financial background checks for new employees is an example of what type of security control?

Options:

A.

Detective Support Control

B.

Detective Operational Control

C.

Detective Technical Control

D.

Detective Management Control

Question 11

How would an attacker use the following configuration settings?

Options:

A.

A client based HIDS evasion attack

B.

A firewall based DDoS attack

C.

A router based MITM attack

D.

A switch based VLAN hopping attack

Question 12

What piece of information would be recorded by the first responder as part of the initial System Description?

Options:

A.

Copies of log files

B.

System serial number

C.

List of system directories

D.

Hash of each hard drive

Question 13

In order to determine if network traffic adheres to expected usage and complies with technical standards, an organization would use a device that provides which functionality?

Options:

A.

Stateful packet filtering

B.

Signature matching

C.

Protocol anomaly detection

D.

CRC checking

E.

Forward error correction

Load More GCED Questions
Demo: 13 questions
Total 88 questions
Get GCED Full Access Download GCED PDF