Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > GIAC > GIAC Certifications > GCED > GCED Online Practice Questions and Answers

GCED Online Practice Questions and Answers

Questions 4

Which could be described as a Threat Vector?

A. A web server left6 unpatched and vulnerable to XSS

B. A coding error allowing remote code execution

C. A botnet that has infiltrated perimeter defenses

D. A wireless network left open for anonymous use

Buy Now

Correct Answer: A

A threat vector is the method (crafted packet) that would be used to exercise a vulnerability (fragmentation to bypass IDS signature). An unpatched web server that is susceptible to XSS simply describes a vulnerability (unpatched) paired with a specific threat (XSS) and does not touch on the method to activate the threat. Similarly, the coding error that allows remote code execution is simply describing the pairing of a vulnerability with a threat, respectively. The botnet is an unspecified threat; there is no indication of how the threat was activated (or it's intention/capabilities; the threat).

Questions 5

Network administrators are often hesitant to patch the operating systems on CISCO router and switch operating systems, due to the possibility of causing network instability, mainly because of which of the following?

A. Having to rebuild all ACLs

B. Having to replace the kernel

C. Having to re-IP the device

D. Having to rebuild ARP tables

E. Having to rebuild the routing tables

Buy Now

Correct Answer: B

Explanation: Many administrators are hesitant to upgrade the IOS on routers based on past experience with the code introducing instability into the network. It is often difficult to completely test an IOS software upgrade in a production environment because the monolithic kernel requires that the IOS be replaced before the device can be tested. Because of these reasons, IOS upgrades to resolve security flaws are often left undone in many organizations.

Questions 6

A company estimates a loss of $2,374 per hour in sales if their website goes down. Their webserver hosting site's documented downtime was 7 hours each quarter over the last two years. Using the information, what can the analyst determine?

A. Annualized loss expectancy

B. CVSS risk score

C. Total cost of ownership

D. Qualitative risk posture

Buy Now

Correct Answer: A

Explanation: The annualized loss expectancy (ALE) is deduced by multiplying the single loss expectancy (SLE) by the annual rate of occurrence (ARO); in this example $2, 374 ?(7 ?4), respectively. This is a form of Quantitative risk analysis. Qualitative risk posture is deduced by measuring and contrasting the likelihood (probability of occurrence) with the level of impact and by definition does not address risk using monetary figures. Total cost of ownership (TCO) is the sum of all costs (technical, administrative, environmental, et al) that are involved for a specific system, service, etc. CVSS risk scoring is not based off of this type of loss data.

Questions 7

Of the following pieces of digital evidence, which would be collected FIRST from a live system involved in an incident?

A. Event logs from a central repository

B. Directory listing of system files

C. Media in the CDrom drive

D. Swap space and page files

Buy Now

Correct Answer: D

Explanation: Best practices suggest that live response should follow the order of volatility, which means that you want to collect data which is changing the most rapidly. The order of volatility is: Memory Swap or page file Network status and current / recent network connections Running processes Open files

Questions 8

Why would the pass action be used in a Snort configuration file?

A. The pass action simplifies some filtering by specifying what to ignore.

B. The pass action passes the packet onto further rules for immediate analysis.

C. The pass action serves as a placeholder in the snort configuration file for future rule updates.

D. Using the pass action allows a packet to be passed to an external process.

E. The pass action increases the number of false positives, better testing the rules.

Buy Now

Correct Answer: A

Explanation: The pass action is defined because it is sometimes easier to specify the class of data to ignore rather than the data you want to see. This can cut down the number of false positives and help keep down the size of log data. False positives occur because rules failed and indicated a threat that is really not one. They should be minimized whenever possible. The pass action causes the packet to be ignored, not passed on further. It is an active command, not a placeholder.

Questions 9

Before re-assigning a computer to a new employee, what data security technique does the IT department use to make sure no data is left behind by the previous user?

A. Fingerprinting

B. Digital watermarking

C. Baselining

D. Wiping

Buy Now

Correct Answer: D

Questions 10

How does the Cisco IOS IP Source Guard feature help prevent spoofing attacks?

A. Filters traffic based on IP address once a DHCP address has been assigned

B. Prevents unauthorized MAC addresses from receiving an IP address on the network

C. Blocks unsolicited ARP packets after a client has received an IP address

D. Rate limits client traffic to prevent CAM table flooding

Buy Now

Correct Answer: A

Questions 11

An analyst will capture traffic from an air-gapped network that does not use DNS. The analyst is looking for unencrypted Syslog data being transmitted. Which of the following is most efficient for this purpose?

A. tcpdump –s0 –i eth0 port 514

B. tcpdump –nnvvX –i eth0 port 6514

C. tcpdump –nX –i eth0 port 514

D. tcpdump –vv –i eth0 port 6514

Buy Now

Correct Answer: B

When using tcpdump, a –n switch will tell the tool to not resolve hostnames; as this network makes no use of DNS this is efficient. The –vv switch increases the tools output verbosity. The –s0 increases the snaplength to “all” rather than the default of 96 bytes. The –nnvvX would make sense here except that the port in the filter is 6514 which is the default port for encrypted Syslog transmissions.

Questions 12

Which of the following is considered a preventative control in operational security?

A. Smoke Sensors

B. Fire Suppressant

C. Voltage Regulators

D. Vibration Alarms

Buy Now

Correct Answer: B

Explanation: A fire suppressant device is a preventive control. Smoke sensors, vibration alarms, and voltage regulators are part of detection controls.

Questions 13

How does data classification help protect against data loss?

A. DLP systems require classification in order to protect data

B. Data at rest is easier to protect than data in transit

C. Digital watermarks can be applied to sensitive data

D. Resources and controls can be appropriately allocated

Buy Now

Correct Answer: A

Exam Code: GCED
Exam Name: GIAC Certified Enterprise Defender (GCED)
Last Update: Jun 07, 2025
Questions: 88

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2025 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.