Create Next App

Exam contains 44 questions

Page 1 of 8

Question 1 🔥

An internal host at IP address 10.10.50.100 is suspected to be communicating with a command and control whenever a user launches browser window. What features and settings of Wireshark should be used to isolate and analyze this network traffic?

Which database solution meets these requirements?

A. Filter traffic using ip.src = = 10.10.50.100 and tcp.srcport = = 80, and use Expert Info

Highly voted

B. Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 53, and use Expert Info

Highly voted

C. Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 80, and use Follow TCP stream

Highly voted

D. Filter traffic using ip.src = = 10.10.50.100, and use Follow TCP stream

Highly voted

Discussion of the question

Question 2 🔥

Which command tool can be used to change the read-only or hidden setting of the file in the screenshot?

Which database solution meets these requirements?

A. attrib

Highly voted

B. type

Highly voted

C. tasklist

Highly voted

D. dir

Highly voted

Discussion of the question

Question 3 🔥

Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?

Which database solution meets these requirements?

A. Because it has the read-only attribute set

Highly voted

B. Because it is encrypted

Highly voted

C. Because it has the nodel attribute set

Highly voted

D. Because it is an executable file

Highly voted

Discussion of the question

Question 4 🔥

Why would the pass action be used in a Snort configuration file?

Which database solution meets these requirements?

A. The pass action simplifies some filtering by specifying what to ignore.

Highly voted

B. The pass action passes the packet onto further rules for immediate analysis.

Highly voted

C. The pass action serves as a placeholder in the snort configuration file for future rule updates.

Highly voted

D. Using the pass action allows a packet to be passed to an external process.

Highly voted

E. The pass action increases the number of false positives, better testing the rules.

Highly voted

Discussion of the question

Question 5 🔥

At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ >dir / s / a dhsra d: \ > a: \ IRCD.txt

Which database solution meets these requirements?

D. To compare a list of known good hashes on the USB drive to files on the local C: drive

Highly voted

A. To create a file on the USB drive that contains a listing of the C: drive

Highly voted

B. To show hidden and archived files on the C: drive and copy them to the USB drive

Highly voted

C. To copy a forensic image of the local C: drive onto the USB drive

Highly voted

Discussion of the question

Question 6 🔥

When attempting to collect data from a suspected system compromise, which of the following should generally be collected first?

Which database solution meets these requirements?

B. The contents of physical memory

Highly voted

C. The current routing table

Highly voted

D. A list of the running services

Highly voted

A. The network connections and open ports

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

giac GCED

Exam contains 44 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us