GIAC Exam GCED Topic 6 Question 42 Discussion

Actual exam question for GIAC's GCED exam

Question #: 42
Topic #: 6

[All GCED Questions]

When attempting to collect data from a suspected system compromise, which of the following should generally be collected first?

AThe network connections and open ports

BThe contents of physical memory

CThe current routing table

DA list of the running services

Show Suggested Answer

Suggested Answer: A

by Lemuel at Jun 21, 2024, 12:30 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rodolfo

1 months ago

I'm going to have to go with B) The contents of physical memory. It's like trying to solve a mystery without the crime scene photos!

upvoted 0 times

...

Frederica

1 months ago

C) The current routing table, for sure. You need to know where the traffic is going to track down the attacker's movements.

upvoted 0 times

Rose

9 days ago

C) The current routing table

upvoted 0 times

...

Paris

19 days ago

B) The contents of physical memory

upvoted 0 times

...

Ellen

20 days ago

A) The network connections and open ports

upvoted 0 times

...

Beula

2 months ago

Hmm, I'm torn between B) and D). I think physical memory is key, but a list of running services could also provide vital clues.

upvoted 0 times

Tien

7 days ago

Let's prioritize collecting both B) and D) to cover all bases in our investigation.

upvoted 0 times

...

Laine

18 days ago

D) A list of the running services can also give us important information about the compromise.

upvoted 0 times

...

Izetta

25 days ago

I think B) The contents of physical memory is crucial for detecting a system compromise.

upvoted 0 times

...

Malinda

2 months ago

I'm going with A) The network connections and open ports. That's crucial to understanding the initial attack vector.

upvoted 0 times

Gerald

10 days ago

C) Once we have the network connections and open ports, we can then move on to collecting other data to piece together the puzzle.

upvoted 0 times

...

Nidia

13 days ago

B) I agree, understanding the initial attack vector is key. It sets the foundation for further investigation.

upvoted 0 times

...

Alease

19 days ago

A) The network connections and open ports is definitely the first thing to collect. It can provide valuable information about the attack.

upvoted 0 times

...

Yoko

2 months ago

Definitely B) The contents of physical memory. That's the first thing I learned in my incident response training.

upvoted 0 times

Shaniqua

29 days ago

D) A list of the running services

upvoted 0 times

...

Charlesetta

1 months ago

C) The current routing table

upvoted 0 times

...

Roosevelt

2 months ago

B) The contents of physical memory

upvoted 0 times

...

Antonette

2 months ago

A) The network connections and open ports

upvoted 0 times

...

Truman

3 months ago

I agree with Owen, capturing the contents of physical memory can provide valuable insights into the compromise.

upvoted 0 times

...

Owen

3 months ago

I disagree, I believe B) The contents of physical memory is more crucial in a suspected system compromise.

upvoted 0 times

...

Laurel

3 months ago

I think A) The network connections and open ports should be collected first.

upvoted 0 times

...