GIAC GCED Practice Questions| TestInsights

Question 1

Which command is the Best choice for creating a forensic backup of a Linux system?

ARun form a bootable CD: tar cvzf image.tgz /

BRun from compromised operating system: tar cvzf image.tgz /

CRun from compromised operating system: dd if=/ dev/hda1 of=/mnt/backup/hda1.img

DRun from a bootable CD: dd if=/dev/hda1 of=/mnt/backup/hda1.img

Correct : D

Using dd from a bootable CD is the only forensically sound method of creating an image. Using tar does not capture slack space on the disk. Running any command from a compromised operating system will raise integrity issues.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ARun form a bootable CD: tar cvzf image.tgz /

BRun from compromised operating system: tar cvzf image.tgz /

CRun from compromised operating system: dd if=/ dev/hda1 of=/mnt/backup/hda1.img

DRun from a bootable CD: dd if=/dev/hda1 of=/mnt/backup/hda1.img

Question 2

Which of the following would be included in a router configuration standard?

ANames of employees with access rights

BAccess list naming conventions

CMost recent audit results

DPasswords for management access

Correct : B

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ANames of employees with access rights

BAccess list naming conventions

CMost recent audit results

DPasswords for management access

Question 3

Requiring criminal and financial background checks for new employees is an example of what type of security control?

ADetective Support Control

BDetective Operational Control

CDetective Technical Control

DDetective Management Control

Correct : D

Management Controls include: Policies, guidelines, checklists, and reporting.

Detective management controls include personnel security. As a detective control, we are referring to indepth background investigations, clearances, and rotation of duties.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ADetective Support Control

BDetective Operational Control

CDetective Technical Control

DDetective Management Control

Question 4

You are responding to an incident involving a Windows server on your company's network. During the investigation you notice that the system downloaded and installed two files, iexplorer.exe and iexplorer.sys. Based on the behavior of the system you suspect that these files are part of a rootkit. If this is the case what is the likely purpose of the .sys file?

AIt is a configuration file used to open a backdoor

BIt is a logfile used to collect usernames and passwords

CIt is a device driver used to load the rootkit

DIt is an executable used to configure a keylogger

Correct : C

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AIt is a configuration file used to open a backdoor

BIt is a logfile used to collect usernames and passwords

CIt is a device driver used to load the rootkit

DIt is an executable used to configure a keylogger

Question 5

A compromised router is reconfigured by an attacker to redirect SMTP email traffic to the attacker's server before sending packets on to their intended destinations. Which IP header value would help expose anomalies in the path outbound SMTP/Port 25 traffic takes compared to outbound packets sent to other ports?

AChecksum

BAcknowledgement number

CTime to live

DFragment offset

Correct : C

In a case study of a redirect tunnel set up on a router, some anomalies were noticed while watching network traffic with the TCPdump packet sniffer.

Packets going to port 25 (Simple Mail Transfer Protocol [SMTP] used by mail servers and other Mail Transfer Agents [MTAs] to send and receive e-mail) were apparently taking a different network path. The TLs were consistently three less than other destination ports, indicating another three network hops were taken.

Other IP header values listed, such as fragment offset. The acknowledgement number is a TCP, not IP, header field.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AChecksum

BAcknowledgement number

CTime to live

DFragment offset

Curious about Actual GIAC Cyber Defense (GCED) Exam Questions?

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users: