Weekend Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. GIAC
  3. Cyber Security
  4. GCCC
  5. GCCC - GIAC Critical Controls Certification (GCCC)

GIAC GCCC GIAC Critical Controls Certification (GCCC) Exam Practice Test

Page: 1 / 9
Total 93 questions
Get GCCC Full Access Download GCCC PDF

GIAC Critical Controls Certification (GCCC) Questions and Answers

Question 1

IDS alerts at Service Industries are received by email. A typical day process over 300 emails with fewer than 50 requiring action. A recent attack was successful and went unnoticed due to the number of generated alerts. What should be done to prevent this from recurring?

Options:

A.

Tune the IDS rules to decrease false positives.

B.

Increase the number of staff responsible for processing IDS alerts.

C.

Change the alert method from email to text message.

D.

Configure the IDS alerts to only alert on high priority systems.

Question 2

Acme Corporation is doing a core evaluation of its centralized logging capabilities. Which of the following scenarios indicates a failure in more than one CIS Control?

Options:

A.

The loghost is missing logs from 3 servers in the inventory

B.

The loghost is receiving logs from hosts with different timezone values

C.

The loghost time is out-of-sync with an external host

D.

The loghost is receiving out-of-sync logs from undocumented servers

Question 3

Which of the following actions produced the output seen below?

Question # 3

Options:

A.

An access rule was removed from firewallrules.txt

B.

An access rule was added to firewallrules2.txt

C.

An access rule was added to firewallrules.txt

D.

An access rule was removed from firewallrules2.txt

Question 4

An organization is implementing a control for the Account Monitoring and Control CIS Control, and have set the Account Lockout Policy as shown below. What is the risk presented by these settings?

Question # 4

Options:

A.

Brute-force password attacks could be more effective.

B.

Legitimate users could be unable to access resources.

C.

Password length and complexity will be automatically reduced.

D.

Once accounts are locked, they cannot be unlocked.

Question 5

An organization has implemented a control for penetration testing and red team exercises conducted on their network. They have compiled metrics showing the success of the penetration testing (Penetration Tests), as well as the number of actual adversary attacks they have sustained (External Attacks). Assess the metrics below and determine the appropriate interpretation with respect to this control.

Question # 5

Options:

A.

The blue team is adequately protecting the network

B.

There are too many internal penetration tests being conducted

C.

The methods the red team is using are not effectively testing the network

D.

The red team is improving their capability to measure network security

Question 6

An organization has installed a firewall for Boundary Defense. It allows only outbound traffic from internal workstations for web and SSH, allows connections from the internet to the DMZ, and allows guest wireless access to the internet only. How can an auditor validate these rules?

Question # 6

Options:

A.

Check for packets going from the Internet to the Web server

B.

Try to send email from a wireless guest account

C.

Check for packages going from the web server to the user workstations

D.

Try to access the internal network from the wireless router

Question 7

Which of the following archiving methods would maximize log integrity?

Options:

A.

DVD-R

B.

USB flash drive

C.

Magnetic Tape

D.

CD-RW

Question 8

An organization has implemented a policy to continually detect and remove malware from its network. Which of the following is a detective control needed for this?

Options:

A.

Host-based firewall sends alerts when packets are sent to a closed port

B.

Network Intrusion Prevention sends alerts when RST packets are received

C.

Network Intrusion Detection devices sends alerts when signatures are updated

D.

Host-based anti-virus sends alerts to a central security console

Question 9

Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log. Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?

Question # 9

Options:

A.

access-list outbound permit tcp host 10.1.1.7 any eq smtp

B.

access-list outbound deny tcp any host 74.125.228.2 eq www

C.

access-list inbound permit tcp 8.8.0.0 0.0.0.255 10.10.12.252 eq 8080

D.

access-list inbound permit tcp host 8.8.207.97 host 10.10.12.100 eq ssh

Question 10

When evaluating the Wireless Access Control CIS Control, which of the following systems needs to be tested?

Options:

A.

Log management system

B.

802.1x authentication systems

C.

Data classification and access baselines

D.

PII data scanner

Question 11

Given the audit finding below, which CIS Control was being measured?

Question # 11

Options:

A.

Controlled Access Based on the Need to Know

B.

Controlled Use of Administrative Privilege

C.

Limitation and Control of Network Ports, Protocols and Services

D.

Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

E.

Inventory and Control of Hardware Assets

Question 12

What tool creates visual network topology output and results that can be analyzed by Ndiff to determine if a service or network asset has changed?

Options:

A.

Ngrep

B.

CIS-CAT

C.

Netscreen

D.

Zenmap

Question 13

Which type of scan is best able to determine if user workstations are missing any important patches?

Options:

A.

A network vulnerability scan using aggressive scanning

B.

A source code scan

C.

A port scan using banner grabbing

D.

A web application/database scan

E.

A vulnerability scan using valid credentials

Load More GCCC Questions 
Page: 1 / 9
Total 93 questions
Get GCCC Full Access Download GCCC PDF