GIAC
GCED · Question #64
GCED Question #64: Real Exam Question with Answer & Explanation
Sign in or unlock GCED to reveal the answer and full explanation for question #64. The question stem and answer options stay visible for context.
Question
Why would an incident handler acquire memory on a system being investigated?
Options
- ATo determine whether a malicious DLL has been injected into an application
- BTo identify whether a program is set to auto-run through a registry hook
- CTo list which services are installed on they system
- DTo verify which user accounts have root or admin privileges on the system
Unlock GCED to see the answer
You've previewed enough free GCED questions. Unlock GCED for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.