GIAC Certified Enterprise Defender

Here you have the best GIAC GCED practice exam questions

  • You have 88 total questions to study from
  • Each page has 5 questions, making a total of 18 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on January 17, 2026
  • This site is not affiliated with or endorsed by GIAC.
Question 1 of 88
Which type of media should the IR team be handling as they seek to understand the root cause of an incident?
Correct Answer: A

Question 2 of 88
An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worms artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the incident response team fail?
Correct Answer: B

Question 3 of 88
A legacy server on the network was breached through an OS vulnerability with no patch available. The server is used only rarely by employees across several business units. The theft of information from the server goes unnoticed until the company is notified by a third party that sensitive information has been posted on the Internet. Which control was the first to fail?
Correct Answer: C

Question 4 of 88
Analyze the screenshot below. Which of the following attacks can be mitigated by these configuration settings?
Exam GCED: Question 4 - Image 1
Correct Answer: D

Question 5 of 88
Of the following pieces of digital evidence, which would be collected FIRST from a live system involved in an incident?
Correct Answer: D