New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCED Exam - Topic 5 Question 2 Discussion

Actual exam question for GIAC's GCED exam
Question #: 2
Topic #: 5
[All GCED Questions]

An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worm's artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the incident response team fail?

Show Suggested Answer Hide Answer
Suggested Answer: B

Identifying and scoping an incident during triage is important to successfully handling a security incident. The detection methods used by the team didn't detect all the infected workstations.


by Charlene at May 09, 2022, 06:41 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jaime
4 months ago
Timely notifications could have helped too, for sure.
upvoted 0 times
...
Isabella
4 months ago
Wait, they didn't know how the worm spreads? That's wild!
upvoted 0 times
...
Verlene
4 months ago
I think the custom rule might have been too narrow.
upvoted 0 times
...
Lynelle
4 months ago
Totally agree, understanding how it spreads is key!
upvoted 0 times
...
Beatriz
5 months ago
They probably missed the propagation method.
upvoted 0 times
...
Deandrea
5 months ago
I recall a case study where teams failed because they didn't apply lessons learned. If they didn't analyze what went wrong after the first detection, they could have repeated the same mistakes.
upvoted 0 times
...
Renea
5 months ago
I'm not entirely sure, but I feel like timely notifications are crucial. If they weren't alerted quickly about the worm's activity, they might have missed some critical steps in their response.
upvoted 0 times
...
Shala
5 months ago
I think I came across a similar question about incident response failures. It might be that the custom rule didn't cover all the infected workstations, which could lead to continued issues.
upvoted 0 times
...
Louisa
5 months ago
I remember studying how important it is to understand the propagation methods of malware. If they didn't grasp how the worm spreads, that could definitely explain the ongoing infection.
upvoted 0 times
...
Kanisha
5 months ago
Ah, I see. Rebooting the RouterBoard is necessary to activate the new configuration after importing the rsc file. Got it, I'll make sure to do that.
upvoted 0 times
...
Pamella
5 months ago
Okay, the question gives two options - dragging the image or using the Layout Options icon. I think I'll try the Layout Options approach to be safe.
upvoted 0 times
...
Tamesha
5 months ago
This looks like a straightforward question about Power Virtual Agents. I think the answer is session variables, since they are used to store information that persists across different topics in a conversation.
upvoted 0 times
...
Hubert
5 months ago
Okay, I've got a strategy here. I think the best approach is to use the Object Dependencies tool under the Database Tools menu. That should show me how the Employee query is connected to the other objects in the database.
upvoted 0 times
...

Save Cancel