GIAC Defending Advanced Threats Sample Questions:
1. Which of the following are critical components of an effective incident response plan?
(Choose two)
Response:
A) Root cause analysis
B) Preparation
C) Monitoring network latency
D) Recovery
2. Your organization has noticed a significant increase in phishing attempts targeting its employees. In one instance, a user unknowingly downloaded a malicious executable file attached to an email, which led to the installation of ransomware.
What immediate steps should your security team take to contain the incident and prevent future payload delivery through email?
Response:
A) Disconnect the infected machine from the network and initiate a ransomware recovery protocol
B) Develop a backup and recovery plan to prevent future incidents
C) Notify users to reset their passwords and conduct phishing awareness training
D) Block all outbound traffic from the organization until the threat is contained
3. What is a recommended approach for removing malware persistence mechanisms?
Response:
A) Reinstalling the operating system
B) Performing a system format on all workstations
C) Isolating the infected systems from the network
D) Updating all third-party applications
4. Discuss the advantages of using steganography for data exfiltration.
Response:
A) Requires minimal technical skill to implement
B) Difficult to detect without awareness of the specific technique used
C) Can transfer large volumes of data quickly
D) Leaves no trace on network security devices
5. Your organization is conducting a threat-hunting exercise. During the process, your team identifies an unfamiliar service running on several servers, all communicating with an external IP address that has no known business function. Upon deeper investigation, the team suspects the presence of a command and control (C2) channel.
What immediate steps should your team take to mitigate the threat and secure the network?
Response:
A) Notify all employees to change their passwords and update their access controls
B) Isolate the affected servers and block communication to the suspicious external IP address
C) Reboot the affected servers and restore them from backup
D) Increase system logging on the servers and wait for more activity to gather evidence
Solutions:
| Question # 1 Answer: B,D | Question # 2 Answer: A | Question # 3 Answer: C | Question # 4 Answer: B | Question # 5 Answer: B |
We're so confident of our products that we provide no hassle product exchange.


By Eve

