GCED Exam Questions

Which statement below is the MOST accurate about insider threat controls?

In penetration testing, what is the primary purpose of "pivoting"?

What is the primary goal of "containment" in incident response?

During interactive malware analysis, what is the purpose of a sandbox environment?

In cloud-based infrastructure, what is the main responsibility of a Cloud Access Security Broker (CASB)?

When analyzing network flows, a sudden and unexplained increase in the number of outgoing ________ connections might indicate a security breach.

What does manual malware code reversal involve?

_______ logs provide information about system and application errors, which can be valuable for diagnosing issues or identifying security incidents.

At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ >dir /...

Which of the following is a key advantage of disassembling malware code?

When an IDS system looks for a pattern indicating a known worm, what type of detection method is it using?

Why would an incident handler acquire memory on a system being investigated?

Which could be described as a Threat Vector?

A security device processes the first packet from 10.62.34.12 destined to 10.23.10.7 and recognizes a malicious anomaly. The first packet makes it to 10.23.10.7 before the security...

Which tool uses a Snort rules file for input and by design triggers Snort alerts?

Network administrators are often hesitant to patch the operating systems on CISCO router and switch operating systems, due to the possibility of causing network instability, mainly...

A company estimates a loss of $2,374 per hour in sales if their website goes down. Their webserver hosting site's documented downtime was 7 hours each quarter over the last two yea...

To detect worms and viruses buried deep within a network packet payload, Gigabytes worth of traffic content entering and exiting a network must be checked with which of the followi...

When identifying malware, what is a key difference between a Worm and a Bot?

The creation of a filesystem timeline is associated with which objective?

How does data classification help protect against data loss?

Enabling port security prevents which of the following?

How does an Nmap connect scan work?

When running a Nmap UDP scan, what would the following output indicate?

Which of the following would be used in order to restrict software form performing unauthorized operations, such as invalid access to memory or invalid calls to system access?

What attack was indicated when the IDS system picked up the following text coming from the Internet to the web server? select user, password from user where user= "jdoe" and passwo...

What would be the output of the following Google search? filetype:doc inurl:ws_ftp

What is the BEST sequence of steps to remove a bot from a system?

Which of the following is an SNMPv3 security feature that was not provided by earlier versions of the protocol?

Which of the following is a major problem that attackers often encounter when attempting to develop or use a kernel mode rootkit?

Which command tool can be used to change the read-only or hidden setting of the file in the screenshot?

Which Unix administration tool is designed to monitor configuration changes to Cisco, Extreme and Foundry infrastructure devices?

If a Cisco router is configured with the "service config" configuration statement, which of the following tools could be used by an attacker to apply a new router configuration?

Who is ultimately responsible for approving methods and controls that will reduce any potential risk to an organization?

An internal host at IP address 10.10.50.100 is suspected to be communicating with a command and control whenever a user launches browser window. What features and settings of Wires...

Michael, a software engineer, added a module to a banking customer's code. The new module deposits small amounts of money into his personal bank account. Michael has access to edit...

A company wants to allow only company-issued devices to attach to the wired and wireless networks. Additionally, devices that are not up-to-date with OS patches need to be isolated...

When attempting to collect data from a suspected system compromise, which of the following should generally be collected first?

Before re-assigning a computer to a new employee, what data security technique does the IT department use to make sure no data is left behind by the previous user?

Monitoring the transmission of data across the network using a man-in-the-middle attack presents a threat against which type of data?

Which type of media should the IR team be handling as they seek to understand the root cause of an incident?

An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then remove...

A legacy server on the network was breached through an OS vulnerability with no patch available. The server is used only rarely by employees across several business units. The thef...

Analyze the screenshot below. Which of the following attacks can be mitigated by these configuration settings?

Of the following pieces of digital evidence, which would be collected FIRST from a live system involved in an incident?

Which of the following attacks would use ".." notation as part of a web request to access restricted files and directories, and possibly execute code on the web server?