GCED Online Practice Questions and Answers

When an IDS system looks for a pattern indicating a known worm, what type of detection method is it using?

A. Signature-based

B. Anomaly-based

C. Statistical

D. Monitored

Network administrators are often hesitant to patch the operating systems on CISCO router and switch operating systems, due to the possibility of causing network instability, mainly because of which of the following?

A. Having to rebuild all ACLs

B. Having to replace the kernel

C. Having to re-IP the device

D. Having to rebuild ARP tables

E. Having to rebuild the routing tables

Monitoring the transmission of data across the network using a man-in-the-middle attack presents a threat against which type of data?

A. At-rest

B. In-transit

C. Public

D. Encrypted

Why would the pass action be used in a Snort configuration file?

A. The pass action simplifies some filtering by specifying what to ignore.

B. The pass action passes the packet onto further rules for immediate analysis.

C. The pass action serves as a placeholder in the snort configuration file for future rule updates.

D. Using the pass action allows a packet to be passed to an external process.

E. The pass action increases the number of false positives, better testing the rules.

On which layer of the OSI Reference Model does the FWSnort utility function?

A. Physical Layer

B. Data Link Layer

C. Transport Layer

D. Session Layer

E. Application Layer

Which command tool can be used to change the read-only or hidden setting of the file in the screenshot?

A. attrib

B. type

C. tasklist

D. dir

Who is ultimately responsible for approving methods and controls that will reduce any potential risk to an organization?

A. Senior Management

B. Data Owner

C. Data Custodian

D. Security Auditor

Michael, a software engineer, added a module to a banking customer's code. The new module deposits small amounts of money into his personal bank account. Michael has access to edit the code, but only code reviewers have the ability to commit modules to production. The code reviewers have a backlog of work, and are often willing to trust the software developers' testing and confidence in the code.

Which technique is Michael most likely to engage to implement the malicious code?

A. Denial of Service

B. Race Condition

C. Phishing

D. Social Engineering

A company wants to allow only company-issued devices to attach to the wired and wireless networks. Additionally, devices that are not up-to-date with OS patches need to be isolated from the rest of the network until they are updated. Which technology standards or protocols would meet these requirements?

A. 802.1x and Network Access Control

B. Kerberos and Network Access Control

C. LDAP and Authentication, Authorization and Accounting (AAA)

D. 802.11i and Authentication, Authorization and Accounting (AAA)

What is the most common read-only SNMP community string usually called?

A. private

B. mib

C. open

D. public

Which of the following is an operational security control that is used as a prevention mechanism?

A. Labeling of assets

B. Heat detectors

C. Vibration alarms

D. Voltage regulators

Throughout the week following a new IPS deployment, nearly every user on the protected subnet submits helpdesk tickets regarding network performance and not being able to access several critical resources. What is the most likely reason for the performance issues?

A. The incoming traffic is overflowing the device's TAP buffer

B. The in-line TAP experienced a hardware failure

C. The IPS sensor was changed from test mode to production mode

D. The IPS sensor was powered off or moved out of band

Enabling port security prevents which of the following?

A. Using vendors other than Cisco for switching equipment as they don't offer port security

B. Spoofed MAC addresses from being used to cause a Denial of Service condition

C. Legitimate MAC addresses from being used to cause a Denial of Service condition

D. Network Access Control systems from functioning properly

Which of the following would be used in order to restrict software form performing unauthorized operations, such as invalid access to memory or invalid calls to system access?

A. Perimeter Control

B. User Control

C. Application Control

D. Protocol Control

E. Network Control

What is the BEST sequence of steps to remove a bot from a system?

A. Terminate the process, remove autoloading traces, delete any malicious files

B. Delete any malicious files, remove autoloading traces, terminate the process

C. Remove autoloading traces, delete any malicious files, terminate the process

D. Delete any malicious files, terminate the process, remove autoloading traces