GCED Online Practice Questions and Answers

Which tool uses a Snort rules file for input and by design triggers Snort alerts?

A. snot

B. stick

C. Nidsbench

D. ftester

A company estimates a loss of $2,374 per hour in sales if their website goes down. Their webserver hosting site's documented downtime was 7 hours each quarter over the last two years. Using the information, what can the analyst determine?

A. Annualized loss expectancy

B. CVSS risk score

C. Total cost of ownership

D. Qualitative risk posture

Which of the following attacks would use ".." notation as part of a web request to access restricted files and directories, and possibly execute code on the web server?

A. URL directory

B. HTTP header attack

C. SQL injection

D. IDS evasion

E. Cross site scripting

Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?

A. Because it has the read-only attribute set

B. Because it is encrypted

C. Because it has the nodel attribute set

D. Because it is an executable file

Which command tool can be used to change the read-only or hidden setting of the file in the screenshot?

A. attrib

B. type

C. tasklist

D. dir

Requiring background checks for employees who access protected data is an example of which type of data loss control?

A. Mitigation

B. Prevention

C. Monitoring

D. Identification

Which of the following is best defined as "anything that has the potential to target known or existing vulnerabilities in a system?"

A. Vector

B. Gateway

C. Threat

D. Exploit

Which command is the Best choice for creating a forensic backup of a Linux system?

A. Run form a bootable CD: tar cvzf image.tgz /

B. Run from compromised operating system: tar cvzf image.tgz /

C. Run from compromised operating system: dd if=/ dev/hda1 of=/mnt/backup/hda1.img

D. Run from a bootable CD: dd if=/dev/hda1 of=/mnt/backup/hda1.img

The security team wants to detect connections that can compromise credentials by sending them in plaintext across the wire. Which of the following rules should they enable on their IDS sensor?

A. alert tcp any 22 < > any 22 (msg:SSH connection; class type:misc-attack;sid: 122:rev:1;)

B. alert tcp any any < > any 6000: (msg:X-Windows session; flow:from_server,established;nocase;classtype:misc-attack;sid:101;rev:1;)

C. alert tcp any 23 < > any 23 (msg:Telnet shell; class type:misc-attack;sid:100; rev:1;)

D. alert udp any any < > any 5060 (msg:VOIP message; classtype:misc-attack;sid:113; rev:2;)

What would the output of the following command help an incident handler determine? cscript manage-bde . wsf –status

A. Whether scripts can be run from the command line

B. Which processes are running on the system

C. When the most recent system reboot occurred

D. Whether the drive has encryption enabled