GCED

Why would an incident handler acquire memory on a system being investigated?A . To determine whether a malicious DLL has been injected into an applicationB . To identify whether a program is set to auto-run through a registry hookC . To list which services are installed on they systemD ....

Before re-assigning a computer to a new employee, what data security technique does the IT department use to make sure no data is left behind by the previous user?A . FingerprintingB . Digital watermarkingC . BaseliningD . WipingView AnswerAnswer: D

Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?A . Because it has the read-only attribute setB . Because it is encryptedC . Because it has the nodel attribute setD . Because it is an executable fileView...

Which tool uses a Snort rules file for input and by design triggers Snort alerts?A . snotB . stickC . NidsbenchD . ftesterView AnswerAnswer: C

What feature of Wireshark allows the analysis of one HTTP conversation?A . Follow UDP StreamB . Follow TCP StreamC . Conversation list > IPV4D . Setting a display filter to ‘tcp’View AnswerAnswer: B Explanation: Follow TCP Stream is a feature of Wireshark that allows the analysis of a single TCP...

An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worm’s artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the...

Which Unix administration tool is designed to monitor configuration changes to Cisco, Extreme and Foundry infrastructure devices?A . SNMPB . NetflowC . RANCIDD . RMONView AnswerAnswer: C Explanation: RANCID is a Unix tool which can be used to monitor changes to the following networked devices and more: IOS, CatOS, PIX,...

Of the following pieces of digital evidence, which would be collected FIRST from a live system involved in an incident?A . Event logs from a central repositoryB . Directory listing of system filesC . Media in the CDrom driveD . Swap space and page filesView AnswerAnswer: D Explanation: Best practices...

A company wants to allow only company-issued devices to attach to the wired and wireless networks. Additionally, devices that are not up-to-date with OS patches need to be isolated from the rest of the network until they are updated. Which technology standards or protocols would meet these requirements?A . 802.1x...

To detect worms and viruses buried deep within a network packet payload, Gigabytes worth of traffic content entering and exiting a network must be checked with which of the following technologies?A . Proxy matchingB . Signature matchingC . Packet matchingD . Irregular expression matchingE . Object matchingView AnswerAnswer: C