GIAC GCED GIAC Certified Enterprise Defender Online Training
GIAC GCED Online Training
The questions for GCED were last updated at Nov 19,2024.
- Exam Code: GCED
- Exam Name: GIAC Certified Enterprise Defender
- Certification Provider: GIAC
- Latest update: Nov 19,2024
When an IDS system looks for a pattern indicating a known worm, what type of detection method is it using?
- A . Signature-based
- B . Anomaly-based
- C . Statistical
- D . Monitored
Why would an incident handler acquire memory on a system being investigated?
- A . To determine whether a malicious DLL has been injected into an application
- B . To identify whether a program is set to auto-run through a registry hook
- C . To list which services are installed on they system
- D . To verify which user accounts have root or admin privileges on the system
Which could be described as a Threat Vector?
- A . A web server left6 unpatched and vulnerable to XSS
- B . A coding error allowing remote code execution
- C . A botnet that has infiltrated perimeter defenses
- D . A wireless network left open for anonymous use
A security device processes the first packet from 10.62.34.12 destined to 10.23.10.7 and recognizes a malicious anomaly. The first packet makes it to 10.23.10.7 before the security devices sends a TCP RST to 10.62.34.12.
What type of security device is this?
- A . Host IDS
- B . Active response
- C . Intrusion prevention
- D . Network access control
Which tool uses a Snort rules file for input and by design triggers Snort alerts?
- A . snot
- B . stick
- C . Nidsbench
- D . ftester
Network administrators are often hesitant to patch the operating systems on CISCO router and switch operating systems, due to the possibility of causing network instability, mainly because of which of the following?
- A . Having to rebuild all ACLs
- B . Having to replace the kernel
- C . Having to re-IP the device
- D . Having to rebuild ARP tables
- E . Having to rebuild the routing tables
A company estimates a loss of $2,374 per hour in sales if their website goes down. Their webserver hosting site’s documented downtime was 7 hours each quarter over the last two years. Using the information, what can the analyst determine?
- A . Annualized loss expectancy
- B . CVSS risk score
- C . Total cost of ownership
- D . Qualitative risk posture
To detect worms and viruses buried deep within a network packet payload, Gigabytes worth of traffic content entering and exiting a network must be checked with which of the following technologies?
- A . Proxy matching
- B . Signature matching
- C . Packet matching
- D . Irregular expression matching
- E . Object matching
When identifying malware, what is a key difference between a Worm and a Bot?
- A . A Worm gets instructions from an external control channel like an IRC server.
- B . A Worm, unlike a Bot, is installed silently as an add-on to a legitimate program.
- C . A Bot, unlike a Worm, is frequently spread through email attachments.
- D . A Bot gets instructions from an external control channel like an IRC server.
Monitoring the transmission of data across the network using a man-in-the-middle attack presents a threat against which type of data?
- A . At-rest
- B . In-transit
- C . Public
- D . Encrypted
Latest GCED Dumps Valid Version with 88 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
