New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCED Exam - Topic 2 Question 1 Discussion

Actual exam question for GIAC's GCED exam
Question #: 1
Topic #: 2
[All GCED Questions]

Which type of media should the IR team be handling as they seek to understand the root cause of an incident?

Show Suggested Answer Hide Answer
Suggested Answer: A

By imaging the media with tools such as dd or Ghost and analyzing the copy, you preserve the original media for later analysis so that the results can be recreated by another competent examiner if necessary.


by Izetta at May 06, 2022, 05:15 PM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Chery
4 months ago
D is definitely the standard for IR investigations.
upvoted 0 times
...
Renea
4 months ago
Surprised people aren't picking B, it's a solid choice too!
upvoted 0 times
...
Lashawn
4 months ago
A full backup might miss some key details, though.
upvoted 0 times
...
Fatima
4 months ago
I disagree, C is more reliable since it's original media.
upvoted 0 times
...
Myong
5 months ago
Gotta go with D, bit-for-bit image is the best for analysis.
upvoted 0 times
...
Felicitas
5 months ago
I vaguely recall something about backups being less reliable for root cause analysis. So, is the restored media really the best choice?
upvoted 0 times
...
Alpha
5 months ago
I feel like the media from the infected host copied to a dedicated IR host could be useful too. It might help isolate the analysis from other systems.
upvoted 0 times
...
Jina
5 months ago
I'm not so sure about that. I remember a practice question where a bit-for-bit image was preferred for analysis. Maybe that's the best option here?
upvoted 0 times
...
Gilberto
5 months ago
I think we should be looking at the original media from the infected host, right? It seems like the most direct evidence.
upvoted 0 times
...
Sherron
5 months ago
Hmm, I'm a bit unsure about this one. I know we need to install something to run containers, but I'm not sure if it's Hyper-V or the Windows Subsystem for Linux. I'll have to think this through carefully.
upvoted 0 times
...
Elza
5 months ago
Hmm, option B looks the most straightforward to me. Transferring the Normal Servers directly from EAST-IS to NY-NS seems like the least disruptive approach.
upvoted 0 times
...
Francoise
5 months ago
Okay, I think I've got this. I'll analyze each option and see which ones follow the rules laid out in the image.
upvoted 0 times
...
Allene
5 months ago
I lean towards 8, but I can't recall if that was for all setups or just specific ones with enough GPU power.
upvoted 0 times
...
Carissa
5 months ago
I vaguely remember the Workset tool being part of the Modify tab in a similar practice question. Could it be that?
upvoted 0 times
...

Save Cancel