Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > GIAC > GIAC Certifications > GCED > GCED Online Practice Questions and Answers

GCED Online Practice Questions and Answers

Questions 4

Network administrators are often hesitant to patch the operating systems on CISCO router and switch operating systems, due to the possibility of causing network instability, mainly because of which of the following?

A. Having to rebuild all ACLs

B. Having to replace the kernel

C. Having to re-IP the device

D. Having to rebuild ARP tables

E. Having to rebuild the routing tables

Buy Now

Correct Answer: B

Explanation: Many administrators are hesitant to upgrade the IOS on routers based on past experience with the code introducing instability into the network. It is often difficult to completely test an IOS software upgrade in a production environment because the monolithic kernel requires that the IOS be replaced before the device can be tested. Because of these reasons, IOS upgrades to resolve security flaws are often left undone in many organizations.

Questions 5

Which Unix administration tool is designed to monitor configuration changes to Cisco, Extreme and Foundry infrastructure devices?

A. SNMP

B. Netflow

C. RANCID

D. RMON

Buy Now

Correct Answer: C

Explanation: RANCID is a Unix tool which can be used to monitor changes to the following networked devices and more: IOS, CatOS, PIX, Juniper, Foundry, HP ProCurve, Extreme.

Questions 6

What feature of Wireshark allows the analysis of one HTTP conversation?

A. Follow UDP Stream

B. Follow TCP Stream

C. Conversation list > IPV4

D. Setting a display filter to `tcp'

Buy Now

Correct Answer: B

Explanation: Follow TCP Stream is a feature of Wireshark that allows the analysis of a single TCP conversation between two hosts over multiple packets. Filtering packets using tcp in the filter box will return all TCP packets, not grouping by a single TCP conversation. HTTP is TCP not UDP, so you cannot follow a HTTP stream over UDP.

Questions 7

Which tasks would a First Responder perform during the Identification phase of Incident Response?

A. Verify the root cause of the incident and apply any missing security patches.

B. Install or reenable host-based firewalls and anti-virus software on suspected systems.

C. Search for sources of data and information that may be valuable in confirming and containing an incident.

D. Disconnect network communications and search for malicious executables or processes.

Buy Now

Correct Answer: C

Questions 8

An outside vulnerability assessment reveals that users have been routinely accessing Gmail from work for over a year, a clear violation of this organization's security policy. The users report "it just started working one day". Later, a network administrator admits he meant to unblock Gmail for just his own IP address, but he made a mistake in the firewall rule.

Which security control failed?

A. Access control

B. Authentication

C. Auditing

D. Rights management

Buy Now

Correct Answer: C

Explanation: Audits are used to identify irregular activity in logged (after-the-fact) records. If this activity went unnoticed or uncorrected for over a year, the internal audits failed because they were either incomplete or inaccurate. Authentication, access control and managing user rights would not apply as a network admin could be expected to have the ability to configure firewall rules.

Questions 9

An incident response team investigated a database breach, and determined it was likely the result of an internal user who had a default password in place. The password was changed. A week later, they discover another loss of database records. The database admin provides logs that indicate the attack came from the front-end web interface. Where did the incident response team fail?

A. They did not eradicate tools left behind by the attacker

B. They did not properly identify the source of the breach

C. They did not lock the account after changing the password

D. They did not patch the database server after the event

Buy Now

Correct Answer: D

Questions 10

An analyst wants to see a grouping of images that may be contained in a pcap file. Which tool natively meets this need?

A. Scapy

B. NetworkMiner

C. TCPReplay

D. Wireshark

Buy Now

Correct Answer: A

Questions 11

Enabling port security prevents which of the following?

A. Using vendors other than Cisco for switching equipment as they don't offer port security

B. Spoofed MAC addresses from being used to cause a Denial of Service condition

C. Legitimate MAC addresses from being used to cause a Denial of Service condition

D. Network Access Control systems from functioning properly

Buy Now

Correct Answer: C

Questions 12

What would be the output of the following Google search? filetype:doc inurl:ws_ftp

A. Websites running ws_ftp that allow anonymous logins

B. Documents available on the ws_ftp.com domain

C. Websites hosting the ws_ftp installation program

D. Documents found on sites with ws_ftp in the web address

Buy Now

Correct Answer: D

Questions 13

Which statement below is the MOST accurate about insider threat controls?

A. Classification of information assets helps identify data to protect.

B. Security awareness programs have a minimal impact on reducing the insider threat.

C. Both detective and preventative controls prevent insider attacks.

D. Rotation of duties makes an insider threat more likely.

E. Separation of duties encourages one employee to control a great deal of information.

Buy Now

Correct Answer: A

A company needs to classify its information as a key step in valuing it and knowing where to focus its protection. Rotation of duties and separation of duties are both key elements in reducing the scope of information access and the ability to conceal malicious behavior. Separation of duties helps minimize "empire building" within a company, keeping one individual from controlling a great deal of information, reducing the insider threat. Security awareness programs can help other employees notice the signs of an insider attack and thus reduce the insider threat. Detection is a reactive method and only occurs after an attack occurs. Only preventative methods can stop or limit an attack.

Exam Code: GCED
Exam Name: GIAC Certified Enterprise Defender (GCED)
Last Update: Jul 05, 2026
Questions: 88

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.