Free GIAC GCED Practice Exam with Questions & Answers | Set: 2

Run form a bootable CD: tar cvzf image.tgz /

Run from compromised operating system: tar cvzf image.tgz /

Run from compromised operating system: dd if=/ dev/hda1 of=/mnt/backup/hda1.img

Run from a bootable CD: dd if=/dev/hda1 of=/mnt/backup/hda1.img

SNMP

Netflow

RANCID

RMON

DLP systems require classification in order to protect data

Data at rest is easier to protect than data in transit

Digital watermarks can be applied to sensitive data

Resources and controls can be appropriately allocated

Access control

Authentication

Auditing

Rights management

Telnet cannot be enabled or used

The Cisco Discovery Protocol has been removed

More services are disabled by default

Two-factor authentication is default required

alert tcp any 22 < > any 22 (msg:SSH connection; class type:misc-attack;sid: 122:rev:1;)

alert tcp any any < > any 6000: (msg:X-Windows session; flow:from_server,established;nocase;classtype:misc-attack;sid:101;rev:1;)

alert tcp any 23 < > any 23 (msg:Telnet shell; class type:misc-attack;sid:100; rev:1;)

alert udp any any < > any 5060 (msg:VOIP message; classtype:misc-attack;sid:113; rev:2;)

ListDLLs

Yersinia

Ettercap

ProcessExplorer

Hijack This

The port may be open on the system or blocked by a firewall

The router in front of the host accepted the request and sent a reply

An ICMP unreachable message was received indicating an open port

An ACK was received in response to the initial probe packet

Only HTTP traffic to or from IP address 192.168.1.12 that is also destined for port 80

Only traffic to or from IP address 192.168.1.12 and destined for port 80

Only traffic with a source address of 192.168.1.12 to or from port 80

Only traffic with a destination address of 192.168.1.12 to or from port 80

VNC server session on the target

A netcat listener on the target

A meterpreter prompt on the target

A command prompt on the target