GIAC
GCED · Question #94
GCED Question #94: Real Exam Question with Answer & Explanation
Sign in or unlock GCED to reveal the answer and full explanation for question #94. The question stem and answer options stay visible for context.
Question
An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worm's artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the incident response team fail?
Options
- AThe team did not adequately apply lessons learned from the incident
- BThe custom rule did not detect all infected workstations
- CThey did not receive timely notification of the security event
- DThe team did not understand the worm's propagation method
Unlock GCED to see the answer
You've previewed enough free GCED questions. Unlock GCED for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.