Free GCED Exam Dumps (GCED Questions and Answers)

  • Exam Number: GCED
  • Provider: GIAC
  • Questions: 88
  • Updated On: 27-Mar-2023

Of the following pieces of digital evidence, which would be col ected FIRST from a live system involved in
an incident?

A. Event logs from a central repository
B. Directory listing of system files
C. Media in the CDrom drive
D. Swap space and page files

Answer(s): D

Best practices suggest that live response should follow the order of volatility, which means that you want
to collect data which is changing the most rapidly. The order of volatility is:
Swap or page file
Network status and current / recent network connections
Running processes
Open files
Who is ultimately responsible for approving methods and controls that will reduce any potential risk to an

A. Senior Management
B. Data Owner
C. Data Custodian
D. Security Auditor

Answer(s): D

Why might an administrator not be able to delete a file using the Windows del command without
specifying additional command line switches?

A. Because it has the read-only attribute set
B. Because it is encrypted
C. Because it has the nodel attribute set
D. Because it is an executable file

Answer(s): A

Which of the following would be used in order to restrict software form performing unauthorized
operations, such as invalid access to memory or invalid calls to system access?

A. Perimeter Control
B. User Control
C. Application Control
D. Protocol Control
E. Network Control

Answer(s): C

What information would the Wireshark filter in the screenshot list within the display window?