Leads4pass > GIAC > GIAC Certifications > GCED > GCED Online Practice Questions and Answers

GCED Online Practice Questions and Answers

Questions 4

To detect worms and viruses buried deep within a network packet payload, Gigabytes worth of traffic content entering and exiting a network must be checked with which of the following technologies?

A. Proxy matching

B. Signature matching

C. Packet matching

D. Irregular expression matching

E. Object matching

Buy Now
Questions 5

When identifying malware, what is a key difference between a Worm and a Bot?

A. A Worm gets instructions from an external control channel like an IRC server.

B. A Worm, unlike a Bot, is installed silently as an add-on to a legitimate program.

C. A Bot, unlike a Worm, is frequently spread through email attachments.

D. A Bot gets instructions from an external control channel like an IRC server.

Buy Now
Questions 6

Monitoring the transmission of data across the network using a man-in-the-middle attack presents a threat against which type of data?

A. At-rest

B. In-transit

C. Public

D. Encrypted

Buy Now
Questions 7

At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ >dir / s / a dhsra d: \ > a: \ IRCD.txt

A. To create a file on the USB drive that contains a listing of the C: drive

B. To show hidden and archived files on the C: drive and copy them to the USB drive

C. To copy a forensic image of the local C: drive onto the USB drive

D. To compare a list of known good hashes on the USB drive to files on the local C: drive

Buy Now
Questions 8

An internal host at IP address 10.10.50.100 is suspected to be communicating with a command and control whenever a user launches browser window. What features and settings of Wireshark should be used to isolate and analyze this network traffic?

A. Filter traffic using ip.src = = 10.10.50.100 and tcp.srcport = = 80, and use Expert Info

B. Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 53, and use Expert Info

C. Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 80, and use Follow TCP stream

D. Filter traffic using ip.src = = 10.10.50.100, and use Follow TCP stream

Buy Now
Questions 9

Michael, a software engineer, added a module to a banking customer's code. The new module deposits small amounts of money into his personal bank account. Michael has access to edit the code, but only code reviewers have the ability to commit modules to production. The code reviewers have a backlog of work, and are often willing to trust the software developers' testing and confidence in the code.

Which technique is Michael most likely to engage to implement the malicious code?

A. Denial of Service

B. Race Condition

C. Phishing

D. Social Engineering

Buy Now
Questions 10

How does the Cisco IOS IP Source Guard feature help prevent spoofing attacks?

A. Filters traffic based on IP address once a DHCP address has been assigned

B. Prevents unauthorized MAC addresses from receiving an IP address on the network

C. Blocks unsolicited ARP packets after a client has received an IP address

D. Rate limits client traffic to prevent CAM table flooding

Buy Now
Questions 11

An analyst will capture traffic from an air-gapped network that does not use DNS. The analyst is looking for unencrypted Syslog data being transmitted. Which of the following is most efficient for this purpose?

A. tcpdump –s0 –i eth0 port 514

B. tcpdump –nnvvX –i eth0 port 6514

C. tcpdump –nX –i eth0 port 514

D. tcpdump –vv –i eth0 port 6514

Buy Now
Questions 12

Although the packet listed below contained malware, it freely passed through a layer 3 switch. Why didn't the switch detect the malware in this packet?

A. The packet was part of a fragmentation attack

B. The data portion of the packet was encrypted

C. The entire packet was corrupted by the malware

D. It didn't look deeply enough into the packet

Buy Now
Questions 13

What does the following WMIC command accomplish?

process where name='malicious.exe' delete

A. Removes the `malicious.exe' process form the Start menu and Run registry key

B. Stops current process handles associated with the process named `malicious.exe'

C. Removes the executable `malicious.exe' from the file system

D. Stops the `malicious.exe' process from running and being restarted at the next reboot

Buy Now
Exam Code: GCED
Exam Name: GIAC Certified Enterprise Defender (GCED)
Last Update: Jul 06, 2026
Questions: 88
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$49.99

VCE

$55.99

PDF + VCE

$65.99