Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. GIAC
  5. GCED

GIAC Certified Enterprise Defender
GCED Exam

When an IDS system looks for a pattern indicating a known worm, what type of detection method is it using?

  1. Signature-based
  2. Anomaly-based
  3. Statistical
  4. Monitored

Answer(s): A



Why would an incident handler acquire memory on a system being investigated?

  1. To determine whether a malicious DLL has been injected into an application
  2. To identify whether a program is set to auto-run through a registry hook
  3. To list which services are installed on they system
  4. To verify which user accounts have root or admin privileges on the system

Answer(s): C



Which could be described as a Threat Vector?

  1. A web server left6 unpatched and vulnerable to XSS
  2. A coding error allowing remote code execution
  3. A botnet that has infiltrated perimeter defenses
  4. A wireless network left open for anonymous use

Answer(s): A

Explanation:

A threat vector is the method (crafted packet) that would be used to exercise a vulnerability (fragmentation to bypass IDS signature). An unpatched web server that is susceptible to XSS simply describes a vulnerability (unpatched) paired with a specific threat (XSS) and does not touch on the method to activate the threat. Similarly, the coding error that allows remote code execution is simply describing the pairing of a vulnerability with a threat, respectively. The botnet is an unspecified threat; there is no indication of how the threat was activated (or it's intention/capabilities; the threat).



A security device processes the first packet from 10.62.34.12 destined to 10.23.10.7 and recognizes a malicious anomaly. The first packet makes it to 10.23.10.7 before the security devices sends a TCP RST to 10.62.34.12. What type of security device is this?

  1. Host IDS
  2. Active response
  3. Intrusion prevention
  4. Network access control

Answer(s): B

Explanation:

An active response device dynamically reconfigures or alters network or system access controls, session streams, or individual packets based on triggers from packet inspection and other detection devices. Active response happens after the event has occurred, thus a single packet attack will be successful on the first attempt and blocked in future attempts. Network intrusion prevention devices are typically inline devices on the network that inspect packets and make decisions before forwarding them on to the destination. This type of device has the capability to defend against single packet attacks on the first attempt by blocking or modifying the attack inline.




Smart one
You guys rock. I just passed my 920-139 exam with 929 marks. Thanks for accurate & descriptive question bank.
- UK
Upvote


C J
Just to let you know, I passed my exam. Thank you,
- Mexico
Upvote


Mr. P
I just have to say a big thank you to you guys... i passed 70-552 exams with 896. You guys are the bomb! Keep the faith and the flag of being good. A big thank you once again.(10Q ALL).
- GERMANY
Upvote


Darwin
I passed the Novell 640-822 exam on this last Thursday after using your online test and IPad. This is my first experience with your exams. I'll be using your material from now on. In a few days I'll purchase my last study material for the C
- France
Upvote


Bila
Thanks! I passed 070-284 with 880 070-219 next to complete my MCSE.
- Colorado
Upvote


Passed
I just took my Certification testing for 10-184 Microsoft CRM Installation and Configuration. Your test questions definitely covered the essence of the exam material and I easily passed the exam.
- UNITED STATES
Upvote


Ed
I passed the IBM exam successfully
- UNITED STATES
Upvote


Tina
Last week I took the Citrix exam and I passed with a very high mark, more than what I expected. Thanks!!
- Israel
Upvote


Calvin B.
I just took my Certification testing for 10-184 Microsoft CRM Installation and Configuration. Your test questions definitely covered the essence of the exam material and I easily passed the exam.
- Lafayette
Upvote


950+
I just finished my exam this week. It was a good score of 950+.
- UNITED STATES
Upvote

Read more ...