GIAC Defending Advanced Threats (GDAT) Free Practice Test

Question 1

What impact does network segmentation have on preventing the delivery of malicious payloads?
Response:

A. It restricts movement within the network, limiting the spread of delivered payloads.

B. It eliminates the risk of payload delivery entirely.

C. It increases bandwidth for legitimate network traffic.

D. It requires attackers to physically access the network.

Correct Answer: A

Question 2

Regarding Kerberos authentication, which of the following steps are involved in the process of obtaining a service ticket?
Response:

A. The client requests an authentication ticket (TGT) from the Key Distribution Center (KDC).

B. The client presents the TGT to the Ticket Granting Server (TGS) to request a service ticket.

C. The Ticket Granting Server (TGS) issues a service ticket after validating the TGT.

D. The client uses the service ticket to authenticate directly to the Active Directory database.

Correct Answer: B,C

Question 3

Why is regular vulnerability scanning crucial for application security?
Response:

A. It identifies weaknesses that could be exploited by attackers

B. It aligns IT strategies with business objectives

C. It ensures compliance with international standards

D. It facilitates faster software release cycles

Correct Answer: A

Question 4

Which of the following scenarios exemplifies a breach of the principle of least privilege?
Response:

A. A database administrator has access to server management tools.

B. A user can view and modify their own user settings.

C. An intern is granted access to financial records for training purposes.

D. IT staff use a common account with administrative privileges for routine tasks.

Correct Answer: C,D

Question 5

Which operating system features can be exploited by malware to execute payloads?
(Choose Two)
Response:

A. Command-line interfaces

B. System restore points

C. Screen savers

D. AutoRun and AutoPlay features

Correct Answer: A,D

Question 6

Which practice reduces the risk of unauthorized privilege escalation by limiting the lifespan of elevated access?
Response:

A. Enforcing a mandatory vacation policy

B. Requiring two-factor authentication

C. Implementing time-based access restrictions

D. Regularly updating antivirus software

Correct Answer: C

Question 7

Which of the following is a key objective of threat hunting in cybersecurity?
Response:

A. To block all inbound network traffic during an attack

B. To proactively search for threats that may bypass traditional detection systems

C. To passively observe network traffic without taking action

D. To monitor system performance and optimize resource allocation

Correct Answer: B

Question 8

Which strategies help detect lateral movement in an enterprise environment?
(Choose Two)
Response:

A. Continuous monitoring of network traffic

B. Regular patching of software and systems

C. Deploying intrusion detection systems (IDS)

D. Implementing strict password policies

Correct Answer: A,C

Question 9

How does behavioral analysis help in detecting malicious payload execution?
Response:

A. It encrypts sensitive data automatically.

B. It prevents users from installing software.

C. It monitors applications for behavior that deviates from the norm.

D. It filters emails based on their content.

Correct Answer: C

Question 10

What measures can be implemented to enhance the security of Kerberos authentication systems in Active Directory?
Response:

A. Increasing the maximum lifetime of service tickets

B. Enabling AES encryption for Kerberos tickets

C. Configuring account lockout policies for failed authentication attempts

D. Requiring two-factor authentication for service ticket requests

Correct Answer: B,C,D

Question 11

What role does the containment phase play in incident response?
Response:

A. It focuses on public relations management.

B. It involves negotiating with attackers.

C. It includes rolling out new software updates.

D. It ensures that the threat does not spread within the network.

Correct Answer: D

Question 12

Which technique is frequently used to execute malicious payloads after an initial infection?
Response:

A. PowerShell scripts

B. Disk defragmentation

C. Automatic system updates

D. Network traffic encryption

Correct Answer: A

Question 13

Which security practices help detect and mitigate persistence threats in an organization?
(Choose Three)
Response:

A. Continuous monitoring of system and network logs

B. Enforcing strict password policies

C. Implementing application whitelisting

D. Using standard antivirus solutions

Correct Answer: A,C,D

Question 14

Your incident response team has identified a malicious process running on several workstations across your organization. After further investigation, you discover that the malware has installed itself as a Windows service and has modified several registry keys to execute on startup.
What are the immediate steps your team should take to remove the malware and prevent it from reinstalling itself?
Response:

A. Wipe the affected workstations and reinstall the operating system from a clean image

B. Disable the malicious service, remove the associated registry keys, and scan for additional persistence mechanisms

C. Isolate the affected workstations from the network and uninstall all non-essential services

D. Reboot all affected workstations to remove the malware from memory and log out all users

Correct Answer: B

Question 15

Which of the following are techniques used by malware to maintain persistence on a system?
(Choose two)
Response:

A. Installing a new service on the system

B. Disabling automatic system updates

C. Writing malicious scripts to the startup folder

D. Encrypting all user data

Correct Answer: A,C

Welcome to TestSimulate

GIAC Defending Advanced Threats (GDAT) Free Practice Test