• Home
  • Blogs
  • NEW 2024 Certification Sample Questions GCCC Dumps & Practice Exam [Q21-Q37]

NEW 2024 Certification Sample Questions GCCC Dumps & Practice Exam [Q21-Q37]

Share

NEW 2024 Certification Sample Questions GCCC Dumps & Practice Exam

GCCC Deluxe Study Guide with Online Test Engine


GIAC Critical Controls Certification (GCCC) exam is designed for individuals who are responsible for managing and assessing an organization's security posture. GCCC exam covers a broad range of topics, including the implementation of critical security controls, the identification and assessment of risks, and the management of security incidents. GCCC exam is a rigorous test of the candidate's knowledge and skills, and passing it demonstrates that the candidate has the necessary expertise to manage an organization's security posture effectively.

 

NEW QUESTION # 21
An organization wants to test its procedure for data recovery. Which of the following will be most effective?

  • A. Verifying that network backups can't be read in transit
  • B. Verifying a file can be recovered from backup media
  • C. Verifying that backup process is running when it should
  • D. Verifying there are no errors in the backup server logs

Answer: B


NEW QUESTION # 22
Below is a screenshot from a deployed next-generation firewall. These configuration settings would be a defensive measure for which CIS Control?

  • A. Limitation and Control of Network Ports, Protocols and Services
  • B. Controlled Access Based on the Need to Know
  • C. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches.
  • D. Email and Web Browser Protections

Answer: D


NEW QUESTION # 23
How can the results of automated network configuration scans be used to improve the security of the network?

  • A. Reports can be sent to the CIO for performance benchmarks
  • B. Results can be included in audit evidence failures
  • C. Results can be provided to network engineers as actionable feedback
  • D. Scanners can correct network configurations issues

Answer: C


NEW QUESTION # 24
Which of the following actions will assist an organization specifically with implementing web application software security?

  • A. Establishing network activity baselines among public-facing servers
  • B. Providing end-user security training to both internal staff and vendors
  • C. Having a plan to scan vulnerabilities of an application prior to deployment
  • D. Making sure that all hosts are patched during regularly scheduled maintenance

Answer: C


NEW QUESTION # 25
What is the list displaying?

  • A. Installed software on an end-user device
  • B. Allowed program in a software inventory application
  • C. Unauthorized programs detected in a software inventory
  • D. Missing patches from a patching server

Answer: B


NEW QUESTION # 26
A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.
Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator's account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?

  • A. Controlled Use of Administrative Privilege
  • B. Maintenance, Monitoring, and Analysis of Audit Logs
  • C. Incident Response and Management
  • D. Account Monitoring and Control

Answer: C


NEW QUESTION # 27
Why is it important to enable event log storage on a system immediately after it is installed?

  • A. To identify root kits included on the system out of the box
  • B. To compare it performance with other systems already on the network
  • C. To allow system to be restored to a known good state if it is compromised
  • D. To create the ability to separate abnormal behavior from normal behavior during an incident

Answer: D


NEW QUESTION # 28
As part of a scheduled network discovery scan, what function should the automated scanning tool perform?

  • A. Uninstall listening services that have not been used since the last scheduled scan
  • B. Compare discovered ports and services to a known baseline to report deviations
  • C. Alert the incident response team on ports and services added since the last scan
  • D. Automatically close ports and services not included in the current baseline

Answer: B


NEW QUESTION # 29
What is a recommended defense for the CIS Control for Application Software Security?

  • A. Run a dedicated vulnerability scanner against backend databases
  • B. Limit access to the web application production environment to just the developers
  • C. Keep debugging code in production web applications for quick troubleshooting
  • D. Display system error messages for only non-kernel related events

Answer: A


NEW QUESTION # 30
What is a zero-day attack?

  • A. An attack that is launched the day the patch is released
  • B. An attack that deploys at the end of a countdown sequence
  • C. An attack that utilizes a vulnerability unknown to the software developer
  • D. An attack that has a known attack signature but no available patch

Answer: C


NEW QUESTION # 31
An Internet retailer's database was recently exploited by a foreign criminal organization via a remote attack.
The initial exploit resulted in immediate root-level access. What could have been done to prevent this level of access being given to the intruder upon successful exploitation?

  • A. Install host integrity monitoring software
  • B. Configure the DMZ firewall to block unnecessary service
  • C. Configure the database to run with lower privileges
  • D. Install updated anti-virus software

Answer: C


NEW QUESTION # 32
Which of the following should be measured and analyzed regularly when implementing the Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CIS Control?

  • A. How long does it take to remove unauthorized software from the organization's systems
  • B. What percentage of systems in the organization are using Network Level Authentication (NLA)
  • C. How long does it take to identify new unauthorized listening ports on the network systems
  • D. What percentage of the organization's applications are using sandboxing products
  • E. What percentage of assets will have their settings enforced and redeployed

Answer: E


NEW QUESTION # 33
Executive management approved the storage of sensitive data on smartphones and tablets as long as they were encrypted. Later a vulnerability was announced at an information security conference that allowed attackers to bypass the device's authentication process, making the data accessible. The smartphone manufacturer said it would take six months for the vulnerability to be fixed and distributed through the cellular carriers. Four months after the vulnerability was announced, an employee lost his tablet and the sensitive information became public.
What was the failure that led to the information being lost?

  • A. There was no risk acceptance review after the risk changed
  • B. The employees failed to maintain their devices at the most current software version
  • C. Vulnerability scans were not done to identify the devices that we at risk
  • D. Management had not insured against the possibility of the information being lost

Answer: A


NEW QUESTION # 34
An organization has implemented a control for Controlled Use of Administrative Privilege. The control requires users to enter a password from their own user account before being allowed elevated privileges, and that no client applications (e.g. web browsers, e-mail clients) can be run with elevated privileges. Which of the following actions will validate this control is implemented properly?

  • A. Check the log entries to match privilege use with access from authorized users.
  • B. Force the root account to only be accessible from the system console.
  • C. Run a script at intervals to identify processes running with administrative privilege.

Answer: C


NEW QUESTION # 35
What documentation should be gathered and reviewed for evaluating an Incident Response program?

  • A. Staff member interviews
  • B. NIST Cybersecurity Framework
  • C. Policy and Procedures
  • D. Results from security training assessments

Answer: C


NEW QUESTION # 36
An auditor is validating the policies and procedures for an organization with respect to a control for Data Recovery. The organization's control states they will completely back up critical servers weekly, with incremental backups every four hours. Which action will best verify success of the policy?

  • A. Verify that the backup media cannot be read without the encryption key
  • B. Select a random file from a critical server and verify it is present in a backup set
  • C. Restore the critical server data from backup and see if data is missing
  • D. Check the backup logs from the critical servers and verify there are no errors

Answer: C


NEW QUESTION # 37
......

GCCC dumps review - Professional Quiz Study Materials: https://www.lead1pass.com/GIAC/GCCC-practice-exam-dumps.html

GCCC Test Prep Training Practice Exam Questions Practice Tests: https://drive.google.com/open?id=12vreTiK9whbz9V4U5MRMchytcf1_stVA

Related Blogs

more
GIAC GCCC Certification Practice Exam