GIAC GCED Certification Practice Questions & Answers

Question 6 of 88

Which of the following attacks would use ".." notation as part of a web request to access restricted files and directories, and possibly execute code on the web server?

Question 7 of 88

At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ >dir / s / a dhsra d: \ > a: \ IRCD.txt

A.

To create a file on the USB drive that contains a listing of the C: drive

B.

To show hidden and archived files on the C: drive and copy them to the USB drive

C.

To copy a forensic image of the local C: drive onto the USB drive

D.

To compare a list of known good hashes on the USB drive to files on the local C: drive

Question 8 of 88

Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?

A.

Because it has the read-only attribute set

B.

Because it is encrypted

C.

Because it has the nodel attribute set

D.

Because it is an executable file

Question 9 of 88

Why would the pass action be used in a Snort configuration file?

A.

The pass action simplifies some filtering by specifying what to ignore.

B.

The pass action passes the packet onto further rules for immediate analysis.

C.

The pass action serves as a placeholder in the snort configuration file for future rule updates.

D.

Using the pass action allows a packet to be passed to an external process.

E.

The pass action increases the number of false positives, better testing the rules.

Question 10 of 88

On which layer of the OSI Reference Model does the FWSnort utility function?