Which Windows tool would use the following command to view a process: process where name='suspect_malware.exe'list statistics
A. TCPView
B. Tasklist
C. WMIC
D. Netstat
Which of the following is an outcome of the initial triage during incident response?
A. Removal of unnecessary accounts from compromised systems
B. Segmentation of the network to protect critical assets
C. Resetting registry keys that vary from the baseline configuration
D. Determining whether encryption is in use on in scope systems
Which of the following is the best way to establish and verify the integrity of a file before copying it during an investigation?
A. Write down the file size of the file before and after copying and ensure they match
B. Ensure that the MAC times are identical before and after copying the file
C. Establish the chain of custody with the system description to prove it is the same image
D. Create hash of the file before and after copying the image verifying they are identical
Which of the following would be included in a router configuration standard?
A. Names of employees with access rights
B. Access list naming conventions
C. Most recent audit results
D. Passwords for management access
Requiring criminal and financial background checks for new employees is an example of what type of security control?
A. Detective Support Control
B. Detective Operational Control
C. Detective Technical Control
D. Detective Management Control
You are responding to an incident involving a Windows server on your company's network. During the investigation you notice that the system downloaded and installed two files, iexplorer.exe and iexplorer.sys. Based on the behavior of the system you suspect that these files are part of a rootkit. If this is the case what is the likely purpose of the .sys file?
A. It is a configuration file used to open a backdoor
B. It is a logfile used to collect usernames and passwords
C. It is a device driver used to load the rootkit
D. It is an executable used to configure a keylogger
Following a Digital Forensics investigation, which of the following should be included in the final forensics report?
A. An executive summary that includes a list of all forensic procedures performed.
B. A summary of the verified facts of the incident and the analyst's unverified opinions.
C. A summary of the incident and recommended disciplinary actions to apply internally.
D. An executive summary that includes high level descriptions of the overall findings.
The matrix in the screen shot below would be created during which process?
A. Risk Assessment
B. System Hardening
C. Data Classification
D. Vulnerability Scanning
Which Windows CLI tool can identify the command-line options being passed to a program at startup?
A. netstat
B. attrib
C. WMIC
D. Tasklist
An incident response team investigated a database breach, and determined it was likely the result of an internal user who had a default password in place. The password was changed. A week later, they discover another loss of database records. The database admin provides logs that indicate the attack came from the front-end web interface. Where did the incident response team fail?
A. They did not eradicate tools left behind by the attacker
B. They did not properly identify the source of the breach
C. They did not lock the account after changing the password
D. They did not patch the database server after the event
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GIAC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GCED exam preparations and GIAC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.