Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

GIAC Exam GCED Topic 5 Question 2 Discussion

Actual exam question for GIAC's GCED exam
Question #: 2
Topic #: 5
[All GCED Questions]

An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worm's artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the incident response team fail?

Show Suggested Answer Hide Answer
Suggested Answer: B

Identifying and scoping an incident during triage is important to successfully handling a security incident. The detection methods used by the team didn't detect all the infected workstations.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel