Create Next App

Exam contains 44 questions

Page 2 of 8

Question 7 🔥

Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?

Which database solution meets these requirements?

A. Because it has the read-only attribute set

Highly voted

B. Because it is encrypted

Highly voted

C. Because it has the nodel attribute set

Highly voted

D. Because it is an executable file

Highly voted

Discussion of the question

Question 8 🔥

An internal host at IP address 10.10.50.100 is suspected to be communicating with a command and control whenever a user launches browser window. What features and settings of Wireshark should be used to isolate and analyze this network traffic?

Which database solution meets these requirements?

A. Filter traffic using ip.src = = 10.10.50.100 and tcp.srcport = = 80, and use Expert Info

Highly voted

B. Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 53, and use Expert Info

Highly voted

C. Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 80, and use Follow TCP stream

Highly voted

D. Filter traffic using ip.src = = 10.10.50.100, and use Follow TCP stream

Highly voted

Discussion of the question

Question 9 🔥

Why would the pass action be used in a Snort configuration file?

Which database solution meets these requirements?

A. The pass action simplifies some filtering by specifying what to ignore.

Highly voted

B. The pass action passes the packet onto further rules for immediate analysis.

Highly voted

C. The pass action serves as a placeholder in the snort configuration file for future rule updates.

Highly voted

D. Using the pass action allows a packet to be passed to an external process.

Highly voted

E. The pass action increases the number of false positives, better testing the rules.

Highly voted

Discussion of the question

Question 10 🔥

How would an attacker use the following configuration settings?

Which database solution meets these requirements?

A. A client based HIDS evasion attack

Highly voted

B. A firewall based DDoS attack

Highly voted

C. A router based MITM attack

Highly voted

D. A switch based VLAN hopping attack

Highly voted

Discussion of the question

Question 11 🔥

When attempting to collect data from a suspected system compromise, which of the following should generally be collected first?

Which database solution meets these requirements?

B. The contents of physical memory

Highly voted

C. The current routing table

Highly voted

D. A list of the running services

Highly voted

A. The network connections and open ports

Highly voted

Discussion of the question

Question 12 🔥

Why would a Cisco network device with the latest updates and patches have the service config setting enabled, making the device vulnerable to the TFTP ServerAttack?

Which database solution meets these requirements?

A. Disabling telnet enables the setting on the network device.

Highly voted

B. This setting is enabled by default in the current Cisco IOS.

Highly voted

C. Allowing remote administration using SSH under the Cisco IOS also enables the setting.

Highly voted

D. An attack by Cisco Global Exploiter will automatically enable the setting.

Highly voted

E. This older default IOS setting was inherited from an older configuration despite the upgrade.

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

giac GCED

Exam contains 44 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us