Online Access Free GCED Exam Questions

How would an attacker use the following configuration settings?

• A.A router based MITM attack
• B.A firewall based DDoS attack
• C.A switch based VLAN hopping attack
• D.A client based HIDS evasion attack

An analyst will capture traffic from an air-gapped network that does not use DNS. The analyst is looking for unencrypted Syslog data being transmitted. Which of the following is most efficient for this purpose?

• A.tcpdump -nX -i eth0 port 514
• B.tcpdump -vv -i eth0 port 6514
• C.tcpdump -nnvvX -i eth0 port 6514
• D.tcpdump -s0 -i eth0 port 514

Which of the following would be included in a router configuration standard?

• A.Names of employees with access rights
• B.Access list naming conventions
• C.Most recent audit results
• D.Passwords for management access

An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worm's artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the incident response team fail?

• A.The team did not adequately apply lessons learned from the incident
• B.They did not receive timely notification of the security event
• C.The custom rule did not detect all infected workstations
• D.The team did not understand the worm's propagation method

Why would a Cisco network device with the latest updates and patches have the service config setting enabled, making the device vulnerable to the TFTP Server Attack?

• A.An attack by Cisco Global Exploiter will automatically enable the setting.
• B.This older default IOS setting was inherited from an older configuration despite the upgrade.
• C.Allowing remote administration using SSH under the Cisco IOS also enables the setting.
• D.Disabling telnet enables the setting on the network device.
• E.This setting is enabled by default in the current Cisco IOS.