GIAC GCED Exam Practice Questions (P. 2)
- Full Access (88 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #6
Which of the following attacks would use ".." notation as part of a web request to access restricted files and directories, and possibly execute code on the web server?
- AURL directory
- BHTTP header attack
- CSQL injection
- DIDS evasion
- ECross site scripting
Correct Answer:
A
A
send
light_mode
delete
Question #7
At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ >dir / s / a dhsra d: \ > a: \ IRCD.txt
- ATo create a file on the USB drive that contains a listing of the C: drive
- BTo show hidden and archived files on the C: drive and copy them to the USB drive
- CTo copy a forensic image of the local C: drive onto the USB drive
- DTo compare a list of known good hashes on the USB drive to files on the local C: drive
Correct Answer:
C
This command will create a text file on the collection media (in this case you would probably be using a USB flash drive) named IRCD.txt that should contain a recursive directory listing of all files on the desk.
C
This command will create a text file on the collection media (in this case you would probably be using a USB flash drive) named IRCD.txt that should contain a recursive directory listing of all files on the desk.
send
light_mode
delete
Question #8
Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?
- ABecause it has the read-only attribute set
- BBecause it is encrypted
- CBecause it has the nodel attribute set
- DBecause it is an executable file
Correct Answer:
A
A
send
light_mode
delete
Question #9
Why would the pass action be used in a Snort configuration file?
- AThe pass action simplifies some filtering by specifying what to ignore.
- BThe pass action passes the packet onto further rules for immediate analysis.
- CThe pass action serves as a placeholder in the snort configuration file for future rule updates.
- DUsing the pass action allows a packet to be passed to an external process.
- EThe pass action increases the number of false positives, better testing the rules.
Correct Answer:
A
The pass action is defined because it is sometimes easier to specify the class of data to ignore rather than the data you want to see. This can cut down the number of false positives and help keep down the size of log data.
False positives occur because rules failed and indicated a threat that is really not one. They should be minimized whenever possible.
The pass action causes the packet to be ignored, not passed on further. It is an active command, not a placeholder.
A
The pass action is defined because it is sometimes easier to specify the class of data to ignore rather than the data you want to see. This can cut down the number of false positives and help keep down the size of log data.
False positives occur because rules failed and indicated a threat that is really not one. They should be minimized whenever possible.
The pass action causes the packet to be ignored, not passed on further. It is an active command, not a placeholder.
send
light_mode
delete
Question #10
On which layer of the OSI Reference Model does the FWSnort utility function?
- APhysical Layer
- BData Link Layer
- CTransport Layer
- DSession Layer
- EApplication LayerMost Voted
Correct Answer:
C
The FWSnort utility functions as a transport layer inline IPS.
C
The FWSnort utility functions as a transport layer inline IPS.
send
light_mode
delete
All Pages