GIAC GCED Exam Practice Test Instant Access

Question 1

A compromised router is reconfigured by an attacker to redirect SMTP email traffic to the attacker's server before sending packets on to their intended destinations. Which IP header value would help expose anomalies in the path outbound SMTP/Port 25 traffic takes compared to outbound packets sent to other ports?

AChecksum

BAcknowledgement number

CTime to live

DFragment offset

Answer : C

In a case study of a redirect tunnel set up on a router, some anomalies were noticed while watching network traffic with the TCPdump packet sniffer.

Packets going to port 25 (Simple Mail Transfer Protocol [SMTP] used by mail servers and other Mail Transfer Agents [MTAs] to send and receive e-mail) were apparently taking a different network path. The TLs were consistently three less than other destination ports, indicating another three network hops were taken.

Other IP header values listed, such as fragment offset. The acknowledgement number is a TCP, not IP, header field.

Question 2

What would be the output of the following Google search?

filetype:doc inurl:ws_ftp

AWebsites running ws_ftp that allow anonymous logins

BDocuments available on the ws_ftp.com domain

CWebsites hosting the ws_ftp installation program

DDocuments found on sites with ws_ftp in the web address

Answer : D

Question 3

Which of the following would be used in order to restrict software form performing unauthorized operations, such as invalid access to memory or invalid calls to system access?

APerimeter Control

BUser Control

CApplication Control

DProtocol Control

ENetwork Control

Answer : C

Question 4

How does data classification help protect against data loss?

ADLP systems require classification in order to protect data

BData at rest is easier to protect than data in transit

CDigital watermarks can be applied to sensitive data

DResources and controls can be appropriately allocated

Answer : A

Question 5

Which Windows tool would use the following command to view a process:

process where name='suspect_malware.exe'list statistics

ATCPView

BTasklist

CWMIC

DNetstat

Answer : C

Question 6

Requiring criminal and financial background checks for new employees is an example of what type of security control?

ADetective Support Control

BDetective Operational Control

CDetective Technical Control

DDetective Management Control

Answer : D

Management Controls include: Policies, guidelines, checklists, and reporting.

Detective management controls include personnel security. As a detective control, we are referring to indepth background investigations, clearances, and rotation of duties.

Question 7

An analyst wants to see a grouping of images that may be contained in a pcap file. Which tool natively meets this need?

AScapy

BNetworkMiner

CTCPReplay

DWireshark

Answer : A

GIAC Certified Enterprise Defender Exam Practice Test