GCED Online Practice Questions and Answers

Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?

A. Because it has the read-only attribute set

B. Because it is encrypted

C. Because it has the nodel attribute set

D. Because it is an executable file

Which Unix administration tool is designed to monitor configuration changes to Cisco, Extreme and Foundry infrastructure devices?

A. SNMP

B. Netflow

C. RANCID

D. RMON

How does the Cisco IOS IP Source Guard feature help prevent spoofing attacks?

A. Filters traffic based on IP address once a DHCP address has been assigned

B. Prevents unauthorized MAC addresses from receiving an IP address on the network

C. Blocks unsolicited ARP packets after a client has received an IP address

D. Rate limits client traffic to prevent CAM table flooding

What would a penetration tester expect to access after the following metasploit payload is delivered successfully?

Set PAYLOAD windows / shell / reverse _ tcp

A. VNC server session on the target

B. A netcat listener on the target

C. A meterpreter prompt on the target

D. A command prompt on the target

In order to determine if network traffic adheres to expected usage and complies with technical standards, an organization would use a device that provides which functionality?

A. Stateful packet filtering

B. Signature matching

C. Protocol anomaly detection

D. CRC checking

E. Forward error correction

An analyst will capture traffic from an air-gapped network that does not use DNS. The analyst is looking for unencrypted Syslog data being transmitted. Which of the following is most efficient for this purpose?

A. tcpdump –s0 –i eth0 port 514

B. tcpdump –nnvvX –i eth0 port 6514

C. tcpdump –nX –i eth0 port 514

D. tcpdump –vv –i eth0 port 6514

A company classifies data using document footers, labeling each file with security labels "Public", "Pattern", or "Company Proprietary". A new policy forbids sending "Company Proprietary" files via email. Which control could help security analysis identify breaches of this policy?

A. Monitoring failed authentications on a central logging device

B. Enforcing TLS encryption for outbound email with attachments

C. Blocking email attachments that match the hashes of the company's classification templates

D. Running custom keyword scans on outbound SMTP traffic from the mail server

Which Windows CLI tool can identify the command-line options being passed to a program at startup?

A. netstat

B. attrib

C. WMIC

D. Tasklist

Which of the following applies to newer versions of IOS that decrease their attack surface?

A. Telnet cannot be enabled or used

B. The Cisco Discovery Protocol has been removed

C. More services are disabled by default

D. Two-factor authentication is default required

When running a Nmap UDP scan, what would the following output indicate?

A. The port may be open on the system or blocked by a firewall

B. The router in front of the host accepted the request and sent a reply

C. An ICMP unreachable message was received indicating an open port

D. An ACK was received in response to the initial probe packet