New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

All GCCC Test Inside GIAC Questions

Page: 2 / 3
Total 93 questions

GIAC Critical Controls Certification (GCCC) Questions and Answers

Question 5

What is a recommended defense for the CIS Control for Application Software Security?

Options:

A.

Keep debugging code in production web applications for quick troubleshooting

B.

Limit access to the web application production environment to just the developers

C.

Run a dedicated vulnerability scanner against backend databases

D.

Display system error messages for only non-kernel related events

Question 6

A security incident investigation identified the following modified version of a legitimate system file on a compromised client:

C:\Windows\System32\winxml.dll Addition Jan. 16, 2014 4:53:11 PM

The infection vector was determined to be a vulnerable browser plug-in installed by the user. Which of the organization’s CIS Controls failed?

Options:

A.

Application Software Security

B.

Inventory and Control of Software Assets

C.

Maintenance, Monitoring, and Analysis of Audit Logs

D.

Inventory and Control of Hardware Assets

Question 7

Which of the following is necessary to automate a control for Inventory and Control of Hardware Assets?

Options:

A.

A method of device scanning

B.

A centralized time server

C.

An up-to-date hardening guide

D.

An inventory of unauthorized assets

Question 8

Allied services have recently purchased NAC devices to detect and prevent non-company owned devices from attaching to their internal wired and wireless network. Corporate devices will be automatically added to the approved device list by querying Active Directory for domain devices. Non-approved devices will be placed on a protected VLAN with no network access. The NAC also offers a web portal that can be integrated with Active Directory to allow for employee device registration which will not be utilized in this deployment. Which of the following recommendations would make NAC installation more secure?

Options:

A.

Enforce company configuration standards for personal mobile devices

B.

Configure Active Directory to push an updated inventory to the NAC daily

C.

Disable the web portal device registration service

D.

Change the wireless password following the NAC implementation

Page: 2 / 3
Total 93 questions