Free Preparation Discussions
MENU
GIAC Certified Enterprise Defender Exam Questions
- Topic 1: Demonstrate knowledge of penetration testing and vulnerability assessment processes/ Digital Forensics Concepts and Application
- Topic 2: Vulnerability Assessment and Penetration Testing Concepts/ Defensive Infrastructure and Tactics
- Topic 3: Demonstrate knowledge of devices that are used to monitor networks/ Demonstrate an understanding of methods and practices of digital forensics
- Topic 4: Demonstrate an understanding of using logs and flows in network forensics/ demonstrate an understanding of commonly-used network protocols
- Topic 5: Demonstrate an understanding of interactive malware behavior analysis/ Demonstrate knowledge of audit techniques and the Center for Internet Security's benchmarks
- Topic 6: Demonstrate an understanding of the various types of malware, identify symptoms of infection/ Demonstrate proficiency in identification of forensic artifacts
- Topic 7: Demonstrate an understanding of intrusion prevention systems, their placement in the enterprise/ Demonstrate an understanding of continuous incident response processes
- Topic 8: Demonstrate an understanding of and proficiency using penetration testing and vulnerability assessment tools/ Malware Analysis Concepts and Basic Analysis Techniques
- Topic 9: Demonstrate basic knowledge of network and cloud-based infrastructure defensive measures/ Demonstrate an understanding of manual code reversal of malware, disassembly and decompiling malware
Free GIAC GIAC Certified Enterprise Defender Exam Actual Questions
Note: Premium Questions for GIAC Certified Enterprise Defender were last updated On Jul. 21, 2024 (see below)
A compromised router is reconfigured by an attacker to redirect SMTP email traffic to the attacker's server before sending packets on to their intended destinations. Which IP header value would help expose anomalies in the path outbound SMTP/Port 25 traffic takes compared to outbound packets sent to other ports?
In a case study of a redirect tunnel set up on a router, some anomalies were noticed while watching network traffic with the TCPdump packet sniffer.
Packets going to port 25 (Simple Mail Transfer Protocol [SMTP] used by mail servers and other Mail Transfer Agents [MTAs] to send and receive e-mail) were apparently taking a different network path. The TLs were consistently three less than other destination ports, indicating another three network hops were taken.
Other IP header values listed, such as fragment offset. The acknowledgement number is a TCP, not IP, header field.
Which tool keeps a backup of all deleted items, so that they can be restored later if need be?
After selecting ''fix it!'' with Hijack This you can always restore deleted items, because Hijack This keeps a backup of them.
What would be the output of the following Google search?
filetype:doc inurl:ws_ftp
The creation of a filesystem timeline is associated with which objective?
Which statement below is the MOST accurate about insider threat controls?
A company needs to classify its information as a key step in valuing it and knowing where to focus its protection.
Rotation of duties and separation of duties are both key elements in reducing the scope of information access and the ability to conceal malicious behavior.
Separation of duties helps minimize ''empire building'' within a company, keeping one individual from controlling a great deal of information, reducing the insider threat.
Security awareness programs can help other employees notice the signs of an insider attack and thus reduce the insider threat.
Detection is a reactive method and only occurs after an attack occurs. Only preventative methods can stop or limit an attack.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Malissa
16 days agoRomana
21 days ago