← Back to exam page

GCED GIAC Certified Enterprise Defender

Loading demo links...

Showing 4–6 of 10 questions

Question 4

What is the BEST sequence of steps to remove a bot from a system?

Select an option, then click Submit answer.

  • Terminate the process, remove autoloading traces, delete any malicious files

  • Delete any malicious files, remove autoloading traces, terminate the process

  • Remove autoloading traces, delete any malicious files, terminate the process

  • Delete any malicious files, terminate the process, remove autoloading traces
Question 5

Which type of media should the IR team be handling as they seek to understand the root cause of an incident?

Select an option, then click Submit answer.

  • Restored media from full backup of the infected host

  • Media from the infected host, copied to the dedicated IR host

  • Original media from the infected host

  • Bit-for-bit image from the infected host
Question 6

Which command is the Best choice for creating a forensic backup of a Linux system?

Select an option, then click Submit answer.

  • Run form a bootable CD: tar cvzf image.tgz /

  • Run from compromised operating system: tar cvzf image.tgz /

  • Run from compromised operating system: dd if=/ dev/hda1 of=/mnt/backup/hda1.img

  • Run from a bootable CD: dd if=/dev/hda1 of=/mnt/backup/hda1.img