New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCED Exam - Topic 2 Question 67 Discussion

Actual exam question for GIAC's GCED exam
Question #: 67
Topic #: 2
[All GCED Questions]

A legacy server on the network was breached through an OS vulnerability with no patch available. The server is used only rarely by employees across several business units. The theft of information from the server goes unnoticed until the company is notified by a third party that sensitive information has been posted on the Internet. Which control was the first to fail?

Show Suggested Answer Hide Answer
Suggested Answer: C

The legacy system was not properly classified or assigned an owner. It is critical that an organization identifies and classifies information so proper controls and measures should be put in place. The ultimate goal of data classification is to make sure that all information is properly protected at the correct level.

This was not a failure of incident response, access control or security awareness training.


by Arlean at Jul 29, 2025, 11:57 PM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Hassie
2 months ago
I’d say incident response failed too, they should’ve detected the breach earlier.
upvoted 0 times
...
Shantay
2 months ago
I think it’s more about security awareness. Employees need to know the risks!
upvoted 0 times
...
Mari
3 months ago
Data classification seems off too, sensitive info should be flagged better!
upvoted 0 times
...
Ernestine
3 months ago
Surprised this went unnoticed for so long, how did no one catch it?
upvoted 0 times
...
Penney
3 months ago
Definitely access control, no one should have been able to get in.
upvoted 0 times
...
Fredric
3 months ago
Incident response could also be a possibility. If there was no plan in place, the breach could have gone unnoticed for a long time.
upvoted 0 times
...
Vallie
4 months ago
I remember a practice question about data classification, and it feels relevant here. If the data wasn't classified properly, it might not have been protected adequately.
upvoted 0 times
...
Hyman
4 months ago
I'm not entirely sure, but access control seems like a strong candidate too. If the server was rarely used, maybe access wasn't tightly managed.
upvoted 0 times
...
Rolf
4 months ago
I think the first control to fail might be security awareness. If employees were more aware of the risks, they might have noticed something was off.
upvoted 0 times
...
Nenita
4 months ago
I've got a good feeling about this one. Based on the details, I think the answer is pretty clear - the first control to fail was likely the security awareness of the employees.
upvoted 0 times
...
Jolanda
4 months ago
Okay, let's see. The key here is identifying the first point of failure in the security controls. I'll need to analyze the information provided and consider the different options.
upvoted 0 times
...
Sherell
5 months ago
Hmm, I'm a bit unsure about this one. I'll need to think through the sequence of events and the different controls that could have been involved.
upvoted 0 times
...
Apolonia
5 months ago
This seems like a tricky one. I'll need to carefully consider the details of the scenario to determine which control failed first.
upvoted 0 times
...
Tasia
6 months ago
I think the first control to fail was access control.
upvoted 0 times
...

Save Cancel