Which of the following attacks would use ".." notation as part of a web request to access restricted files and directories, and possibly execute code on the web server?
A. URL directory
B. HTTP header attack
C. SQL injection
D. IDS evasion
E. Cross site scripting
At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ >dir / s / a dhsra d: \ > a: \ IRCD.txt
A. To create a file on the USB drive that contains a listing of the C: drive
B. To show hidden and archived files on the C: drive and copy them to the USB drive
C. To copy a forensic image of the local C: drive onto the USB drive
D. To compare a list of known good hashes on the USB drive to files on the local C: drive
Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?
A. Because it has the read-only attribute set
B. Because it is encrypted
C. Because it has the nodel attribute set
D. Because it is an executable file
Why would the pass action be used in a Snort configuration file?
A. The pass action simplifies some filtering by specifying what to ignore.
B. The pass action passes the packet onto further rules for immediate analysis.
C. The pass action serves as a placeholder in the snort configuration file for future rule updates.
D. Using the pass action allows a packet to be passed to an external process.
E. The pass action increases the number of false positives, better testing the rules.
To detect worms and viruses buried deep within a network packet payload, Gigabytes worth of traffic content entering and exiting a network must be checked with which of the following technologies?
A. Proxy matching
B. Signature matching
C. Packet matching
D. Irregular expression matching
E. Object matching
When identifying malware, what is a key difference between a Worm and a Bot?
A. A Worm gets instructions from an external control channel like an IRC server.
B. A Worm, unlike a Bot, is installed silently as an add-on to a legitimate program.
C. A Bot, unlike a Worm, is frequently spread through email attachments.
D. A Bot gets instructions from an external control channel like an IRC server.
Monitoring the transmission of data across the network using a man-in-the-middle attack presents a threat against which type of data?
A. At-rest
B. In-transit
C. Public
D. Encrypted
Which type of media should the IR team be handling as they seek to understand the root cause of an incident?
A. Restored media from full backup of the infected host
B. Media from the infected host, copied to the dedicated IR host
C. Original media from the infected host
D. Bit-for-bit image from the infected host
An incident response team is handling a worm infection among their user workstations. They created an
IPS signature to detect and block worm activity on the border IPS, then removed the worm's artifacts or
workstations triggering the rule.
Despite this action, worm activity continued for days after. Where did the incident response team fail?
A. The team did not adequately apply lessons learned from the incident
B. The custom rule did not detect all infected workstations
C. They did not receive timely notification of the security event
D. The team did not understand the worm's propagation method
A legacy server on the network was breached through an OS vulnerability with no patch available. The server is used only rarely by employees across several business units. The theft of information from the server goes unnoticed until the company is notified by a third party that sensitive information has been posted on the Internet. Which control was the first to fail?
A. Security awareness
B. Access control
C. Data classification
D. Incident response
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GIAC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GCED exam preparations and GIAC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.