CertsTopics Logo

Halloween Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

GIAC GCCC Dumps

Page: 1 / 3
Total 93 questions
Get GCCC Full Access Download GCCC PDF

GIAC Critical Controls Certification (GCCC) Questions and Answers

Question 1

Below is a screenshot from a deployed next-generation firewall. These configuration settings would be a defensive measure for which CIS Control?

Options:

A.

Controlled Access Based on the Need to Know

B.

Limitation and Control of Network Ports, Protocols and Services

C.

Email and Web Browser Protections

D.

Secure Configuration for Network Devices, such as Firewalls, Routers and Switches.

Buy Now
Question 2

What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?

Options:

A.

Package diagram

B.

Deployment diagram

C.

Class diagram

D.

Use case diagram

Question 3

Review the below results of an audit on a server. Based on these results, which document would you recommend be reviewed for training or updates?

Options:

A.

Procedure for authorizing remote server access

B.

Procedure for modifying file permissions

C.

Procedure for adjusting network share permissions

D.

Procedure for setting and resetting user passwords

Question 4

An organization has implemented a control for Controlled Use of Administrative Privilege. The control requires users to enter a password from their own user account before being allowed elevated privileges, and that no client applications (e.g. web browsers, e-mail clients) can be run with elevated privileges. Which of the following actions will validate this control is implemented properly?

Options:

A.

Check the log entries to match privilege use with access from authorized users.

B.

Run a script at intervals to identify processes running with administrative privilege.

C.

Force the root account to only be accessible from the system console.

Question 5

What is a recommended defense for the CIS Control for Application Software Security?

Options:

A.

Keep debugging code in production web applications for quick troubleshooting

B.

Limit access to the web application production environment to just the developers

C.

Run a dedicated vulnerability scanner against backend databases

D.

Display system error messages for only non-kernel related events

Question 6

A security incident investigation identified the following modified version of a legitimate system file on a compromised client:

C:\Windows\System32\winxml.dll Addition Jan. 16, 2014 4:53:11 PM

The infection vector was determined to be a vulnerable browser plug-in installed by the user. Which of the organization’s CIS Controls failed?

Options:

A.

Application Software Security

B.

Inventory and Control of Software Assets

C.

Maintenance, Monitoring, and Analysis of Audit Logs

D.

Inventory and Control of Hardware Assets

Question 7

Which of the following is necessary to automate a control for Inventory and Control of Hardware Assets?

Options:

A.

A method of device scanning

B.

A centralized time server

C.

An up-to-date hardening guide

D.

An inventory of unauthorized assets

Question 8

Allied services have recently purchased NAC devices to detect and prevent non-company owned devices from attaching to their internal wired and wireless network. Corporate devices will be automatically added to the approved device list by querying Active Directory for domain devices. Non-approved devices will be placed on a protected VLAN with no network access. The NAC also offers a web portal that can be integrated with Active Directory to allow for employee device registration which will not be utilized in this deployment. Which of the following recommendations would make NAC installation more secure?

Options:

A.

Enforce company configuration standards for personal mobile devices

B.

Configure Active Directory to push an updated inventory to the NAC daily

C.

Disable the web portal device registration service

D.

Change the wireless password following the NAC implementation

Question 9

What is the relationship between a service and its associated port?

Options:

A.

A service closes a port after a period of inactivity

B.

A service relies on the port to select the protocol

C.

A service sets limits on the volume of traffic sent through the port

D.

A service opens the port and listens for network traffic

Question 10

According to attack lifecycle models, what is the attacker’s first step in compromising an organization?

Options:

A.

Privilege Escalation

B.

Exploitation

C.

Initial Compromise

D.

Reconnaissance

Question 11

A need has been identified to organize and control access to different classifications of information stored on a fileserver. Which of the following approaches will meet this need?

Options:

A.

Organize files according to the user that created them and allow the user to determine permissions

B.

Divide the documents into confidential, internal, and public folders, and ser permissions on each folder

C.

Set user roles by job or position, and create permission by role for each file

D.

Divide the documents by department and set permissions on each departmental folder

Question 12

To effectively implement the Data Protection CIS Control, which task needs to be implemented first?

Options:

A.

The organization’s proprietary data needs to be encrypted

B.

Employees need to be notified that proprietary data should be protected

C.

The organization’s proprietary data needs to be identified

D.

Appropriate file content matching needs to be configured

Question 13

What is the first step suggested before implementing any single CIS Control?

Options:

A.

Develop an effectiveness test

B.

Perform a gap analysis

C.

Perform a vulnerability scan

D.

Develop a roll-out schedule

Page: 1 / 3
Total 93 questions
Get GCCC Full Access Download GCCC PDF