GIAC Certified Enterprise Defender (GCED) Free Practice Test

Question 1

Which tasks would a First Responder perform during the Identification phase of Incident Response?

A. Search for sources of data and information that may be valuable in confirming and containing an incident.

B. Disconnect network communications and search for malicious executables or processes.

C. Install or reenable host-based firewalls and anti-virus software on suspected systems.

D. Verify the root cause of the incident and apply any missing security patches.

Correct Answer: A

Question 2

What should happen before acquiring a bit-for-bit copy of suspect media during incident response?

A. Create a one-way hash of the original media

B. Decrypt the original media

C. Decompress files on the original media

D. Encrypt the original media to protect the data

Correct Answer: A

Question 3

Requiring criminal and financial background checks for new employees is an example of what type of security control?

A. Detective Operational Control

B. Detective Support Control

C. Detective Technical Control

D. Detective Management Control

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Why would the pass action be used in a Snort configuration file?

A. The pass action increases the number of false positives, better testing the rules.

B. The pass action serves as a placeholder in the snort configuration file for future rule updates.

C. Using the pass action allows a packet to be passed to an external process.

D. The pass action passes the packet onto further rules for immediate analysis.

E. The pass action simplifies some filtering by specifying what to ignore.

Correct Answer: E

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?

A. Because it is an executable file

B. Because it is encrypted

C. Because it has the nodel attribute set

D. Because it has the read-only attribute set

Correct Answer: D

Question 6

What is the most common read-only SNMP community string usually called?

A. mib

B. public

C. private

D. open

Correct Answer: B

Question 7

Which of the following applies to newer versions of IOS that decrease their attack surface?

A. Two-factor authentication is default required

B. More services are disabled by default

C. Telnet cannot be enabled or used

D. The Cisco Discovery Protocol has been removed

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

How would an attacker use the following configuration settings?

A. A switch based VLAN hopping attack

B. A client based HIDS evasion attack

C. A firewall based DDoS attack

D. A router based MITM attack

Correct Answer: D

Question 9

Monitoring the transmission of data across the network using a man-in-the-middle attack presents a threat against which type of data?

A. At-rest

B. In-transit

C. Encrypted

D. Public

Correct Answer: B

Welcome to TestSimulate

GIAC Certified Enterprise Defender (GCED) Free Practice Test