Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GCED Topic 6 Question 42 Discussion

Actual exam question for GIAC's GCED exam
Question #: 42
Topic #: 6
[All GCED Questions]

When attempting to collect data from a suspected system compromise, which of the following should generally be collected first?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Lemuel at Jun 21, 2024, 12:30 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Rodolfo
3 months ago
I'm going to have to go with B) The contents of physical memory. It's like trying to solve a mystery without the crime scene photos!
upvoted 0 times
...
Frederica
3 months ago
C) The current routing table, for sure. You need to know where the traffic is going to track down the attacker's movements.
upvoted 0 times
Rose
2 months ago
C) The current routing table
upvoted 0 times
...
Paris
2 months ago
B) The contents of physical memory
upvoted 0 times
...
Ellen
2 months ago
A) The network connections and open ports
upvoted 0 times
...
...
Beula
3 months ago
Hmm, I'm torn between B) and D). I think physical memory is key, but a list of running services could also provide vital clues.
upvoted 0 times
Tien
2 months ago
Let's prioritize collecting both B) and D) to cover all bases in our investigation.
upvoted 0 times
...
Laine
2 months ago
D) A list of the running services can also give us important information about the compromise.
upvoted 0 times
...
Izetta
3 months ago
I think B) The contents of physical memory is crucial for detecting a system compromise.
upvoted 0 times
...
...
Malinda
3 months ago
I'm going with A) The network connections and open ports. That's crucial to understanding the initial attack vector.
upvoted 0 times
Gerald
2 months ago
C) Once we have the network connections and open ports, we can then move on to collecting other data to piece together the puzzle.
upvoted 0 times
...
Nidia
2 months ago
B) I agree, understanding the initial attack vector is key. It sets the foundation for further investigation.
upvoted 0 times
...
Alease
2 months ago
A) The network connections and open ports is definitely the first thing to collect. It can provide valuable information about the attack.
upvoted 0 times
...
...
Yoko
4 months ago
Definitely B) The contents of physical memory. That's the first thing I learned in my incident response training.
upvoted 0 times
Shaniqua
3 months ago
D) A list of the running services
upvoted 0 times
...
Charlesetta
3 months ago
C) The current routing table
upvoted 0 times
...
Roosevelt
3 months ago
B) The contents of physical memory
upvoted 0 times
...
Antonette
4 months ago
A) The network connections and open ports
upvoted 0 times
...
...
Truman
4 months ago
I agree with Owen, capturing the contents of physical memory can provide valuable insights into the compromise.
upvoted 0 times
...
Owen
4 months ago
I disagree, I believe B) The contents of physical memory is more crucial in a suspected system compromise.
upvoted 0 times
...
Laurel
4 months ago
I think A) The network connections and open ports should be collected first.
upvoted 0 times
...

Save Cancel