Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
GIAC
Security Certification: GASF
GCED
GIAC Certified Enterprise Defender Questions and Answers

Pass the GIAC Security Certification: GASF GCED Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam GCED Premium Access

View all detail and faqs for the GCED exam

Go to Exam

747 Students Passed

85% Average Score

90% Same Questions

Viewing page 2 out of 3 pages

Viewing questions 11-20 out of questions

Questions # 11:

Which statement below is the MOST accurate about insider threat controls?

Options:

Classification of information assets helps identify data to protect.

Security awareness programs have a minimal impact on reducing the insider threat.

Both detective and preventative controls prevent insider attacks.

Rotation of duties makes an insider threat more likely.

Separation of duties encourages one employee to control a great deal of information.

Answer

Explanation

A company needs to classify its information as a key step in valuing it and knowing where to focus its protection.

Rotation of duties and separation of duties are both key elements in reducing the scope of information access and the ability to conceal malicious behavior.

Separation of duties helps minimize “empire building” within a company, keeping one individual from controlling a great deal of information, reducing the insider threat.

Security awareness programs can help other employees notice the signs of an insider attack and thus reduce the insider threat.

Detection is a reactive method and only occurs after an attack occurs. Only preventative methods can stop or limit an attack.

Questions # 12:

If a Cisco router is configured with the “service config” configuration statement, which of the following tools could be used by an attacker to apply a new router configuration?

Options:

TFTPD

Hydra

Ettercap

Yersinia

Answer

Questions # 13:

Which control would BEST help detect a potential insider threat?

Options:

Mandatory approval process for executive and administrative access requests.

Providing the same access to all employees and monitoring sensitive file access.

Multiple scheduled log reviews of all employee access levels throughout the year

Requiring more than one employee to be trained on each task or job duty.

Answer

Questions # 14:

On which layer of the OSI Reference Model does the FWSnort utility function?

Options:

Physical Layer

Data Link Layer

Transport Layer

Session Layer

Application Layer

Answer

Explanation

The FWSnort utility functions as a transport layer inline IPS.

Questions # 15:

When running a Nmap UDP scan, what would the following output indicate?

Question # 15

Options:

The port may be open on the system or blocked by a firewall

The router in front of the host accepted the request and sent a reply

An ICMP unreachable message was received indicating an open port

An ACK was received in response to the initial probe packet

Answer

Explanation

When Nmap shows an “open filtered” response for the scan results, this indicates a couple of different reasons. The port could be open but a firewall could be blocking the use ACK flags; only TCP packets do.

Questions # 16:

You are responding to an incident involving a Windows server on your company’s network. During the investigation you notice that the system downloaded and installed two files, iexplorer.exe and iexplorer.sys. Based on the behavior of the system you suspect that these files are part of a rootkit. If this is the case what is the likely purpose of the .sys file?