Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

GIAC Certified Enterprise Defender Exam

Certification Provider: GIAC
Exam Name: GIAC Certified Enterprise Defender
Duration: 180 Minutes
Number of questions in our database: 88
Exam Version: Feb. 13, 2024
Exam Official Topics:
  • Topic 1: Demonstrate knowledge of penetration testing and vulnerability assessment processes/ Digital Forensics Concepts and Application
  • Topic 2: Vulnerability Assessment and Penetration Testing Concepts/ Defensive Infrastructure and Tactics
  • Topic 3: Demonstrate knowledge of devices that are used to monitor networks/ Demonstrate an understanding of methods and practices of digital forensics
  • Topic 4: Demonstrate an understanding of using logs and flows in network forensics/ demonstrate an understanding of commonly-used network protocols
  • Topic 5: Demonstrate an understanding of interactive malware behavior analysis/ Demonstrate knowledge of audit techniques and the Center for Internet Security's benchmarks
  • Topic 6: Demonstrate an understanding of the various types of malware, identify symptoms of infection/ Demonstrate proficiency in identification of forensic artifacts
  • Topic 7: Demonstrate an understanding of intrusion prevention systems, their placement in the enterprise/ Demonstrate an understanding of continuous incident response processes
  • Topic 8: Demonstrate an understanding of and proficiency using penetration testing and vulnerability assessment tools/ Malware Analysis Concepts and Basic Analysis Techniques
  • Topic 9: Demonstrate basic knowledge of network and cloud-based infrastructure defensive measures/ Demonstrate an understanding of manual code reversal of malware, disassembly and decompiling malware

Free GIAC GIAC Certified Enterprise Defender Exam Actual Questions

The questions for GIAC Certified Enterprise Defender were last updated On Feb. 13, 2024

Question #1

Which of the following applies to newer versions of IOS that decrease their attack surface?

Reveal Solution Hide Solution
Correct Answer: C

Recent versions of IOS have less services enabled by default, older versions vary but generally have more services (even those not needed) enabled by default; this increases the attack surface on the device.


Question #2

Which statement below is the MOST accurate about insider threat controls?

Reveal Solution Hide Solution
Correct Answer: A

A company needs to classify its information as a key step in valuing it and knowing where to focus its protection.

Rotation of duties and separation of duties are both key elements in reducing the scope of information access and the ability to conceal malicious behavior.

Separation of duties helps minimize ''empire building'' within a company, keeping one individual from controlling a great deal of information, reducing the insider threat.

Security awareness programs can help other employees notice the signs of an insider attack and thus reduce the insider threat.

Detection is a reactive method and only occurs after an attack occurs. Only preventative methods can stop or limit an attack.


Question #3

A compromised router is reconfigured by an attacker to redirect SMTP email traffic to the attacker's server before sending packets on to their intended destinations. Which IP header value would help expose anomalies in the path outbound SMTP/Port 25 traffic takes compared to outbound packets sent to other ports?

Reveal Solution Hide Solution
Correct Answer: C

In a case study of a redirect tunnel set up on a router, some anomalies were noticed while watching network traffic with the TCPdump packet sniffer.

Packets going to port 25 (Simple Mail Transfer Protocol [SMTP] used by mail servers and other Mail Transfer Agents [MTAs] to send and receive e-mail) were apparently taking a different network path. The TLs were consistently three less than other destination ports, indicating another three network hops were taken.

Other IP header values listed, such as fragment offset. The acknowledgement number is a TCP, not IP, header field.


Question #4

Which of the following is an SNMPv3 security feature that was not provided by earlier versions of the protocol?

Reveal Solution Hide Solution
Correct Answer: C

Question #5

Which statement below is the MOST accurate about insider threat controls?

Reveal Solution Hide Solution
Correct Answer: A

A company needs to classify its information as a key step in valuing it and knowing where to focus its protection.

Rotation of duties and separation of duties are both key elements in reducing the scope of information access and the ability to conceal malicious behavior.

Separation of duties helps minimize ''empire building'' within a company, keeping one individual from controlling a great deal of information, reducing the insider threat.

Security awareness programs can help other employees notice the signs of an insider attack and thus reduce the insider threat.

Detection is a reactive method and only occurs after an attack occurs. Only preventative methods can stop or limit an attack.



Unlock all GIAC Certified Enterprise Defender Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now
Disscuss GIAC GIAC Certified Enterprise Defender Topics, Questions or Ask Anything Related

Save Cancel