GDAT問題集、GIAC実際の試験問題

質問 1

What is the role of PowerShell in the context of payload execution?
Response:

A. It encrypts data to prevent unauthorized access.

B. It can be utilized by attackers to run scripts that execute payloads.

C. It is primarily used for system performance monitoring.

D. It is used to strengthen firewall rules.

正解: B

質問 2

Which of the following are common techniques used by attackers for lateral movement?
(Choose two)
Response:

A. Remote Desktop Protocol (RDP)

B. Phishing

C. Pass-the-Hash

D. Cross-site scripting (XSS)

正解: A,C

質問 3

What is the primary goal of integrating threat modeling into the software development lifecycle?
Response:

A. To improve the efficiency of the development team

B. To enhance the user interface design

C. To identify potential security vulnerabilities early in the development process

D. To reduce the cost of software development

正解: C

質問 4

Which of the following exemplifies a breach of the principle of least privilege?
(Choose two)
Response:

A. A sales associate has access to only customer information relevant to their region

B. An administrator is granted access to both production and testing environments

C. An HR intern is granted view-only access to personnel records for training purposes

D. A database administrator has unrestricted access to a company's financial records

正解: B,D

質問 5

Your organization has been noticing a spike in helpdesk tickets from users who cannot access network resources. After conducting an investigation, you discover that multiple users' sessions have expired unexpectedly. Additionally, a network scan reveals a high number of Kerberos tickets with unusually extended lifetimes.
What action should you prioritize to investigate and mitigate this issue?
Response:

A. Reset all user passwords and enforce strong password policies

B. Upgrade your Kerberos protocol version to ensure encryption standards

C. Analyze domain controller logs for anomalous authentication requests

D. Block all incoming and outgoing network traffic until further notice

正解: C

質問 6

What is the significance of analyzing Windows event logs in the context of detecting lateral movement?
Response:

A. To ensure compliance with data protection regulations

B. To track changes in system configuration

C. To identify unauthorized access attempts

D. To monitor system performance

正解: C

質問 7

Which security practices help detect and mitigate persistence threats in an organization?
(Choose Three)
Response:

A. Implementing application whitelisting

B. Using standard antivirus solutions

C. Enforcing strict password policies

D. Continuous monitoring of system and network logs

正解: A,B,D

質問 8

Select the methods that can help in detecting Golden Ticket attacks on Active Directory environments.
Response:

A. Inspecting the integrity of the Active Directory database

B. Regularly updating antivirus definitions

C. Monitoring for unusual Kerberos ticket lifetimes

D. Analyzing anomalies in account logins from multiple locations

正解: C,D

質問 9

What technique is commonly used to deliver payloads in a phishing attack?
Response:

A. DDoS attacks

B. Embedded links in emails

C. Cross-site scripting

D. SQL injection

正解: B

質問 10

Which strategies are effective in preventing privilege escalation attacks?
Response:

A. Encrypting sensitive data at rest

B. Conducting regular privilege audits

C. Using non-administrative accounts for daily operations

D. Implementing strong password policies

正解: B,C

質問 11

Which of the following is a key technical control that should be considered when conducting adversary emulation?
Response:

A. Regular software updates and patch management

B. Continuous integration and continuous deployment practices

C. All of the above

D. Data encryption at rest and in transit

正解: C

質問 12

Which of the following actions are effective in mitigating the risk of Kerberos ticket replay attacks?
Response:

A. Time synchronization between all clients and servers in the domain

B. Employing network-level encryption protocols such as IPsec

C. Disabling Kerberos delegation on sensitive accounts

D. Regular patching of operating system and application vulnerabilities

正解: A,B

質問 13

What is a common payload execution technique used by malware after initial infection?
Response:

A. Disk defragmentation

B. Automatic system updates

C. Network traffic encryption

D. Execution through macros in documents

正解: D

質問 14

In the context of access controls, which mechanism is primarily used to enforce least privilege?
Response:

A. Password complexity requirements

B. Data encryption

C. Biometric authentication

D. User role definitions

正解: D

質問 15

Which of the following best describes threat modeling in the context of application security?
Response:

A. A process for identifying, quantifying, and addressing security risks

B. A strategy for optimizing the performance of software applications

C. A method for encrypting sensitive data within an application

D. A testing approach used to discover user interface flaws

正解: A

GIAC Defending Advanced Threats - GDAT 模擬練習