New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCED Exam - Topic 6 Question 42 Discussion

Actual exam question for GIAC's GCED exam
Question #: 42
Topic #: 6
[All GCED Questions]

When attempting to collect data from a suspected system compromise, which of the following should generally be collected first?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Lemuel at Jun 21, 2024, 12:30 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Caprice
3 months ago
I always thought routing tables were the least important in these cases.
upvoted 0 times
...
Layla
3 months ago
Wait, are we really prioritizing memory over network data? Seems off.
upvoted 0 times
...
Amina
3 months ago
Running services can give you quick insights too.
upvoted 0 times
...
Anabel
4 months ago
I think the network connections are more critical to check first.
upvoted 0 times
...
Cassie
4 months ago
Definitely the contents of physical memory first!
upvoted 0 times
...
Ashley
4 months ago
I might be mixing things up, but wasn't there something about the current routing table being crucial in some scenarios? It feels like it could be important.
upvoted 0 times
...
Harrison
4 months ago
I feel like the running services could give us a lot of insight into what's happening. But I can't remember if that's the first thing we should look at.
upvoted 0 times
...
Mammie
4 months ago
I'm not so sure about that. I remember a practice question where we focused on network connections first. Maybe that's important too?
upvoted 0 times
...
Celestine
5 months ago
I think we should collect the contents of physical memory first, right? It seems like the most volatile data.
upvoted 0 times
...
Leonida
5 months ago
Hmm, I'm not totally confident on this. I was thinking maybe the current routing table (C) would be a good place to start, but now I'm second-guessing that. I'll have to review my notes on incident response procedures to make sure I get this right.
upvoted 0 times
...
Anglea
5 months ago
Easy peasy! The answer is clearly B - the contents of physical memory. That's the first and most important thing to capture in a suspected system compromise. Can't go wrong with that one.
upvoted 0 times
...
Caitlin
5 months ago
I'm a bit unsure on this one. I'm torn between A and B. Collecting the network connections and open ports could be really helpful, but the contents of physical memory might be even more important to preserve. I'll have to think this through carefully.
upvoted 0 times
...
Brynn
5 months ago
Hmm, this seems like a tricky one. I think I'll go with B - the contents of physical memory. That seems like the most critical data to collect first before anything else gets changed or tampered with.
upvoted 0 times
...
Malika
5 months ago
I'm a bit confused by the part about exceptions being resolved on the same page. I'll need to think through how that might affect the number of times the 'Email Customer' sub-page is executed.
upvoted 0 times
...
Hayley
5 months ago
I remember learning about this in class, but I'm drawing a blank on the specifics. I'll have to read the options closely.
upvoted 0 times
...
Marylin
5 months ago
I think vehicle registration is a fixed cost because it's something you pay regardless of how many trips you make.
upvoted 0 times
...
Rodolfo
9 months ago
I'm going to have to go with B) The contents of physical memory. It's like trying to solve a mystery without the crime scene photos!
upvoted 0 times
...
Frederica
9 months ago
C) The current routing table, for sure. You need to know where the traffic is going to track down the attacker's movements.
upvoted 0 times
Rose
9 months ago
C) The current routing table
upvoted 0 times
...
Paris
9 months ago
B) The contents of physical memory
upvoted 0 times
...
Ellen
9 months ago
A) The network connections and open ports
upvoted 0 times
...
...
Beula
10 months ago
Hmm, I'm torn between B) and D). I think physical memory is key, but a list of running services could also provide vital clues.
upvoted 0 times
Tien
8 months ago
Let's prioritize collecting both B) and D) to cover all bases in our investigation.
upvoted 0 times
...
Laine
9 months ago
D) A list of the running services can also give us important information about the compromise.
upvoted 0 times
...
Izetta
9 months ago
I think B) The contents of physical memory is crucial for detecting a system compromise.
upvoted 0 times
...
...
Malinda
10 months ago
I'm going with A) The network connections and open ports. That's crucial to understanding the initial attack vector.
upvoted 0 times
Gerald
9 months ago
C) Once we have the network connections and open ports, we can then move on to collecting other data to piece together the puzzle.
upvoted 0 times
...
Nidia
9 months ago
B) I agree, understanding the initial attack vector is key. It sets the foundation for further investigation.
upvoted 0 times
...
Alease
9 months ago
A) The network connections and open ports is definitely the first thing to collect. It can provide valuable information about the attack.
upvoted 0 times
...
...
Yoko
11 months ago
Definitely B) The contents of physical memory. That's the first thing I learned in my incident response training.
upvoted 0 times
Shaniqua
9 months ago
D) A list of the running services
upvoted 0 times
...
Charlesetta
10 months ago
C) The current routing table
upvoted 0 times
...
Roosevelt
10 months ago
B) The contents of physical memory
upvoted 0 times
...
Antonette
10 months ago
A) The network connections and open ports
upvoted 0 times
...
...
Truman
11 months ago
I agree with Owen, capturing the contents of physical memory can provide valuable insights into the compromise.
upvoted 0 times
...
Owen
11 months ago
I disagree, I believe B) The contents of physical memory is more crucial in a suspected system compromise.
upvoted 0 times
...
Laurel
11 months ago
I think A) The network connections and open ports should be collected first.
upvoted 0 times
...

Save Cancel