01. What are key considerations in planning storage requirements for log collection?
(Choose two)
a) The retention period for different types of logs.
b) The resolution of the monitors used to view the logs.
c) The anticipated growth in data volume.
d) The number of users who will access the logs.
02. Why is it beneficial to use virtual machines for post-mortem analysis?
a) To ensure the analysis environment can be easily replicated or restored.
b) To enhance the graphical interface of the analysis tools.
c) To improve the coffee-making process for analysts.
d) To increase the office space for post-mortem analysts.
03. How can alert analysis identify staff training opportunities?
a) By assessing the frequency of alerts during off-hours.
b) By tracking the number of alerts generated per day.
c) By calculating the mean time to resolve alerts across the team.
d) By determining which alerts are ignored or mishandled by staff.
04. What purposes do detection dashboards serve in log output analysis?
(Select all that apply)
a) To consolidate and summarize key findings from log data.
b) To provide interactive mechanisms for deeper investigation of alerts.
c) To recommend culinary dishes based on log patterns.
d) To facilitate real-time monitoring and situational awareness.
05. How does analyzing logs help in identifying attacks specifically in Linux environments?
a) By detecting unusual access patterns to sensitive files.
b) By tracking the uptime of the system.
c) By monitoring the version control history of deployed applications.
d) By observing the frequency of system reboots.
06. Why is it important to analyze user logon patterns in behavior analytics?
a) To design personalized desktop themes for users.
b) To identify potential unauthorized access or compromised credentials.
c) To select appropriate background music for user logon events.
d) To forecast the cafeteria menu based on user preferences.
07. In the context of network service log collection, what aspects should be enriched to improve log analysis?
(Choose two)
a) Font styles to highlight different levels of log importance.
b) Geo-location information to trace the origin of network traffic.
c) User and entity behavior analytics (UEBA) for identifying insider threats.
d) Sound effects to indicate the severity of log events.
08. What is a source collection methodology in the context of software monitoring?
a) A technique to gather information on the provenance and purpose of installed software.
b) A strategy to collect the best desktop wallpapers from various sources.
c) A method to compile the greatest hits of software-related music.
d) A system to categorize software by the color of its icon.
09. Which factors should be considered when monitoring logs for assets?
(Choose two)
a) The criticality of the assets being monitored.
b) The favorite colors of the security analysts.
c) The geographic location of the assets.
d) The compliance requirements related to the assets.
10. How can monitoring software help in identifying unauthorized software?
(Choose two)
a) By changing the desktop theme when unauthorized software is detected.
b) By playing alert tones in different musical keys based on the software category.
c) By scanning system directories and comparing found applications against a whitelist.
d) By maintaining an inventory of authorized applications and alerting on deviations.
The purpose of this Sample Question Set is to provide you with information about the GIAC Certified Detection Analyst (GCDA) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GCDA certification test. To get familiar with real exam environment, we suggest you try our Sample GIAC GCDA Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual GIAC Certified Detection Analyst (GCDA) certification exam.