GCED Exam Questions

At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ >dir /...

Why would the pass action be used in a Snort configuration file?

On which layer of the OSI Reference Model does the FWSnort utility function?

What feature of Wireshark allows the analysis of one HTTP conversation?

From a security perspective, how should the Root Bridge be determined in a Spanning Tree Protocol (STP) environment?

Which tasks would a First Responder perform during the Identification phase of Incident Response?

What should happen before acquiring a bit-for-bit copy of suspect media during incident response?

How does the Cisco IOS IP Source Guard feature help prevent spoofing attacks?

Which control would BEST help detect a potential insider threat?

How would an attacker use the following configuration settings?

What is the most common read-only SNMP community string usually called?

What would a penetration tester expect to access after the following metasploit payload is delivered successfully? Set PAYLOAD windows / shell / reverse _ tcp

Requiring background checks for employees who access protected data is an example of which type of data loss control?

Which of the following is an operational security control that is used as a prevention mechanism?

Why would a Cisco network device with the latest updates and patches have the service config setting enabled, making the device vulnerable to the TFTP Server Attack?

In order to determine if network traffic adheres to expected usage and complies with technical standards, an organization would use a device that provides which functionality?

Which of the following tools is the most capable for removing the unwanted add-on in the screenshot below?

An analyst will capture traffic from an air-gapped network that does not use DNS. The analyst is looking for unencrypted Syslog data being transmitted. Which of the following is mo...

Throughout the week following a new IPS deployment, nearly every user on the protected subnet submits helpdesk tickets regarding network performance and not being able to access se...

Which of the following is best defined as "anything that has the potential to target known or existing vulnerabilities in a system?"

An outside vulnerability assessment reveals that users have been routinely accessing Gmail from work for over a year, a clear violation of this organization's security policy. The...

Which action would be the responsibility of the First Responder once arriving at the scene of a suspected incident as part of a Computer Security Incident Response Plan (CSIRP)?

A company classifies data using document footers, labeling each file with security labels "Public", "Pattern", or "Company Proprietary". A new policy forbids sending "Company Propr...

Although the packet listed below contained malware, it freely passed through a layer 3 switch. Why didn't the switch detect the malware in this packet?

In an 802.1x deployment, which of the following would typically be considered a Supplicant?

You have been tasked with searching for Alternate Data Streams on the following collection of Windows partitions; 2GB FAT16, 6GB FAT32, and 4GB NTFS. How many total Gigabytes and p...

What piece of information would be recorded by the first responder as part of the initial System Description?

Which type of attack could be used to obtain IOS router configuration files without a valid user password?

Following a Digital Forensics investigation, which of the following should be included in the final forensics report?

The matrix in the screen shot below would be created during which process?

Which Windows CLI tool can identify the command-line options being passed to a program at startup?

An incident response team investigated a database breach, and determined it was likely the result of an internal user who had a default password in place. The password was changed....

What does the following WMIC command accomplish? process where name='malicious.exe' delete

An analyst wants to see a grouping of images that may be contained in a pcap file. Which tool natively meets this need?

Which of the following is considered a preventative control in operational security?

Which command is the Best choice for creating a forensic backup of a Linux system?

Which of the following would be included in a router configuration standard?

Requiring criminal and financial background checks for new employees is an example of what type of security control?

You are responding to an incident involving a Windows server on your company's network. During the investigation you notice that the system downloaded and installed two files, iexp...

Which of the following applies to newer versions of IOS that decrease their attack surface?

The security team wants to detect connections that can compromise credentials by sending them in plaintext across the wire. Which of the following rules should they enable on their...

Which Windows tool would use the following command to view a process: process where name='suspect_malware.exe'list statistics

Which of the following is an outcome of the initial triage during incident response?

Which of the following is the best way to establish and verify the integrity of a file before copying it during an investigation?

What would the output of the following command help an incident handler determine? cscript manage-bde . wsf -status

What information would the Wireshark filter in the screenshot list within the display window?

What are Browser Helper Objects (BHO)s used for?

What is needed to be able to use taskkill to end a process on remote system?

A compromised router is reconfigured by an attacker to redirect SMTP email traffic to the attacker's server before sending packets on to their intended destinations. Which IP heade...

Which tool keeps a backup of all deleted items, so that they can be restored later if need be?