1. Home
  2. GIAC
  3. GCED

GIAC Certified Enterprise Defender Practice Test

Exam Details

  • Exam Code
    :GCED
  • Exam Name
    :GIAC Certified Enterprise Defender Practice Test
  • Certification
    :GIAC Information Security
  • Vendor
    :GIAC
  • Total Questions
    :88 Q&As
  • Last Updated
    :May 14, 2024

GIAC GIAC Information Security GCED Questions & Answers

  • Question 21:

    Which Windows tool would use the following command to view a process: process where name='suspect_malware.exe'list statistics

    A. TCPView

    B. Tasklist

    C. WMIC

    D. Netstat

  • Question 22:

    Which of the following is an outcome of the initial triage during incident response?

    A. Removal of unnecessary accounts from compromised systems

    B. Segmentation of the network to protect critical assets

    C. Resetting registry keys that vary from the baseline configuration

    D. Determining whether encryption is in use on in scope systems

  • Question 23:

    Which of the following is the best way to establish and verify the integrity of a file before copying it during an investigation?

    A. Write down the file size of the file before and after copying and ensure they match

    B. Ensure that the MAC times are identical before and after copying the file

    C. Establish the chain of custody with the system description to prove it is the same image

    D. Create hash of the file before and after copying the image verifying they are identical

  • Question 24:

    Which of the following would be included in a router configuration standard?

    A. Names of employees with access rights

    B. Access list naming conventions

    C. Most recent audit results

    D. Passwords for management access

  • Question 25:

    Requiring criminal and financial background checks for new employees is an example of what type of security control?

    A. Detective Support Control

    B. Detective Operational Control

    C. Detective Technical Control

    D. Detective Management Control

  • Question 26:

    You are responding to an incident involving a Windows server on your company's network. During the investigation you notice that the system downloaded and installed two files, iexplorer.exe and iexplorer.sys. Based on the behavior of the system you suspect that these files are part of a rootkit. If this is the case what is the likely purpose of the .sys file?

    A. It is a configuration file used to open a backdoor

    B. It is a logfile used to collect usernames and passwords

    C. It is a device driver used to load the rootkit

    D. It is an executable used to configure a keylogger

  • Question 27:

    Following a Digital Forensics investigation, which of the following should be included in the final forensics report?

    A. An executive summary that includes a list of all forensic procedures performed.

    B. A summary of the verified facts of the incident and the analyst's unverified opinions.

    C. A summary of the incident and recommended disciplinary actions to apply internally.

    D. An executive summary that includes high level descriptions of the overall findings.

  • Question 28:

    The matrix in the screen shot below would be created during which process?

    A. Risk Assessment

    B. System Hardening

    C. Data Classification

    D. Vulnerability Scanning

  • Question 29:

    Which Windows CLI tool can identify the command-line options being passed to a program at startup?

    A. netstat

    B. attrib

    C. WMIC

    D. Tasklist

  • Question 30:

    An incident response team investigated a database breach, and determined it was likely the result of an internal user who had a default password in place. The password was changed. A week later, they discover another loss of database records. The database admin provides logs that indicate the attack came from the front-end web interface. Where did the incident response team fail?

    A. They did not eradicate tools left behind by the attacker

    B. They did not properly identify the source of the breach

    C. They did not lock the account after changing the password

    D. They did not patch the database server after the event

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GIAC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GCED exam preparations and GIAC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.