Certification: GCED

GIAC Certified Enterprise Defender (GCED)

• View Professionals

Target

The GCED builds on the security skills measured by the GSEC (no overlap). It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. Knowledge, skills and abilities assessed are taken from the areas of Defensive Network Infrastructure, Packet Analysis, Penetration Testing, Incident Handling, and Malware Removal.

Course

Preparing for the GCED Exam: Candidates may choose to prepare for the GCED exam by taking the SANS Training Course: SEC501: Advanced Security Essentials - Enterprise Defender

*No Specific training is required for any GIAC certification. If candidates need help in mastering the objectives for this certification, there are many sources of information available. Practical experience is one option; there are also numerous books on the market covering Computer Information Security. Another option is SANS training, or any relevant courses from other training providers.*

Requirements

• 1 proctored exam
• 115 questions
• Time limit of 3 hours
• Minimum Passing Score of 68%

Renew

Certifications must be renewed every 4 years. Click here for details.

Delivery

NOTE: GIAC exams are NOT given the day after the conference ends.

Exams are delivered online through a standard web browser. For exams purchased with SANS training, access to the exam will be available 7-10 days following the end of the conference. Certification attempt exams are issued within 24 hours upon receipt of payment. You will receive an email from GIAC when your exam has been issued to your portal account. You have 120 days to complete the exam from the time we send notice that it is available. The exams are proctored and should be scheduled using our proctored exam procedure.

Links

• Certified Professionals (GCED)
• Recertification
• Exam Feedback Procedure
• Grievance Procedure
• Proctored exam procedure
• SANS Information Security Reading Room

Bulletin (Part 2 of Candidate Handbook)

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Advanced Controls

The candidate will be familiar with advanced controls that can be deployed to protect network infrastructure

Advanced Packet Inspection For Intrusion Detection

The candidate will understand IDS and packet inspection technologies as well as how to detect the most common types of attacks.

Advanced Topics In Pen Testing

The candidate will an understanding of advanced attacks, tools, and defenses.

Alternate Data Streams

The candidate will understand what alternate data streams are as well as tools and techniques that can be used to detect, analyze, and remove them.

Attack Tools and Techniques

The candidate will be familiar with common tools use to carry out network infrastructure attacks and their basic capabilities.

Built In Windows Tools

The candidate will understand how to use windows command line tools to aid in identifying and removing malware.

Containment, Eradication, and Recovery

The candidate will know containment, eradication, recovery, and lessons learned phases of the incident handling process as well as the tools that can be used to carry them out.

Data Classification

The candidate will demonstrate an understanding of standard data classification issues.

Data Loss Prevention

The candidate will understand risks and vectors associating with confidential data leakeage, and be able to implement best practices to detect and prevent data loss.

External Tools

The candidate will understand the features and usage of HijackThis, Process Explorer, TCPView, Listdlls, and other tools use to remove malware.

Hardening Routers and Switches

The candidate will understand the CIS level 1 and 2 benchmarks as they apply to Cisco routers and the SANS Gold Standard for Switch configurations

IDS Testing

The candidate know how to validate the performance of an IDS, and be familiar with useful tools and testing options.

Incident Handling and Forensics Methodology

The candidate will understand the essential incident handling and forensics methodology.

Insider Threats

The candidate will demonstrate an understanding of the severity and types of insider threats and how to protect against them.

IPS and Open Source Options

The student will understand what IPS is and be familiar with open source options for IDS/IPS.

Network Infrastructure Security Challenges

The candidate will understand the challenges associated with securing the network infrastructure including Cisco devices.

Packet Analysis with Wireshark

The candidate will understand how to use the ubiquitous sniffer Wireshark to filter and analyze network traffic.

Pen Testing Overview

The candidate will understand penetration testing methodology, techniques, and tools.

Preparation and Identification

The candidate have an in-depth understanding of the tools and techniques that can be used in the preparation and identification phases of the incident handling process.

Risk Management

The candidate will demonstrate an understanding of how to manage risk, threats, and vulnerabilities.

Rootkits

The candidate will understand the characteristics and capabilities of rootkits as well as tools that can be used for detection and removal.

Using the Web to Identify Malware

The candidate will understand web-based sandboxes and the features of three popular options.

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.