GCED Exam Dumps - GIAC Security Certification: GASF Questions and Answers

The annualized loss expectancy (ALE) is deduced by multiplying the single loss expectancy (SLE) by the annual rate of occurrence (ARO); in this example $2, 374 × (7 × 4), respectively. This is a form of Quantitative risk analysis. Qualitative risk posture is deduced by measuring and contrasting the likelihood (probability of occurrence) with the level of impact and by definition does not address risk using monetary figures. Total cost of ownership (TCO) is the sum of all costs (technical, administrative, environmental, et al) that are involved for a specific system, service, etc. CVSS risk scoring is not based off of this type of loss data.

attrib –r or +r will remove or add the read only attribute from a file.

A company needs to classify its information as a key step in valuing it and knowing where to focus its protection.

Rotation of duties and separation of duties are both key elements in reducing the scope of information access and the ability to conceal malicious behavior.

Separation of duties helps minimize “empire building” within a company, keeping one individual from controlling a great deal of information, reducing the insider threat.

Security awareness programs can help other employees notice the signs of an insider attack and thus reduce the insider threat.

Detection is a reactive method and only occurs after an attack occurs. Only preventative methods can stop or limit an attack.

An active response device dynamically reconfigures or alters network or system access controls, session streams, or individual packets based on triggers from packet inspection and other detection devices. Active response happens after the event has occurred, thus a single packet attack will be successful on the first attempt and blocked in future attempts. Network intrusion prevention devices are typically inline devices on the network that inspect packets and make decisions before forwarding them on to the destination. This type of device has the capability to defend against single packet attacks on the first attempt by blocking or modifying the attack inline.

Audits are used to identify irregular activity in logged (after-the-fact) records. If this activity went unnoticed or uncorrected for over a year, the internal audits failed because they were either incomplete or inaccurate.

Authentication, access control and managing user rights would not apply as a network admin could be expected to have the ability to configure firewall rules.

A professional forensic report should include an executive summary, including a description of the incident and the overall findings.

The written report needs to be factually accurate and free from speculation or bias, meaning that an analyst’s unverified or unsubstantiated opinions should not be included in the report. Beyond the executive summary, the detailed report should include a description of the data preserved, a detailed explanation of the procedures performed, and a summary of the facts. Disciplinary action, if needed, would be addressed through other channels and not included in the forensic analyst’s report.