GIAC GCCC Questions and Answers Guarantee you Oass the Test Easily [Q39-Q61]

GIAC GCCC Questions and Answers Guarantee you Oass the Test Easily

Share Latest GCCC DUMP with 95 Questions and Answers

NEW QUESTION # 39
Which of the following statements is appropriate in an incident response report?

• A. The attacker may have been able to access the systems due to missing KB2965111
• B. There had been a storm on September 27th that may have caused a power surge
• C. The registry entry was modified on September 29th at 22:37
• D. The backup process may have failed at 2345 due to lack of available bandwidth

Answer: C

NEW QUESTION # 40
Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed. Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?

• A. Encrypt the log files with an asymmetric key and remove the cleartext version.
• B. Install a tier one timeserver on the network to keep log devices synchronized.
• C. Store the files read-only and keep hashes of the logs separately.
• D. Keep the files in the log archives synchronized with another location.

Answer: C

NEW QUESTION # 41
An organization has installed a firewall for Boundary Defense. It allows only outbound traffic from internal workstations for web and SSH, allows connections from the internet to the DMZ, and allows guest wireless access to the internet only. How can an auditor validate these rules?

• A. Check for packets going from the Internet to the Web server
• B. Check for packages going from the web server to the user workstations
• C. Try to access the internal network from the wireless router
• D. Try to send email from a wireless guest account

Answer: C

NEW QUESTION # 42
An organization is implementing an application software security control their custom-written code that provides web-based database access to sales partners. Which action will help mitigate the risk of the application being compromised?

• A. Creating signatures for their IDS to detect attacks specific to their web application
• B. Logging the connection requests to the web application server from outside hosts
• C. Providing the source code for their web application to existing sales partners
• D. Identifying high-risk assets that are on the same network as the web application server

Answer: A

NEW QUESTION # 43
Which of the following is a reliable way to test backed up data?

• A. Compare data hashes of backed up data to original systems
• B. Confirm the backup service is running at the proper time
• C. Verify the file size of the backup
• D. Restore the data to a system

Answer: D

NEW QUESTION # 44
Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log. Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?

• A. access-list inbound permit tcp 8.8.0.0 0.0.0.255 10.10.12.252 eq 8080
• B. access-list outbound deny tcp any host 74.125.228.2 eq www
• C. access-list outbound permit tcp host 10.1.1.7 any eq smtp
• D. access-list inbound permit tcp host 8.8.207.97 host 10.10.12.100 eq ssh

Answer: D

NEW QUESTION # 45
Which of the following is a benefit of stress-testing a network?

• A. To determine the connectivity of the network
• B. To determine device behavior in a DoS condition.
• C. To determine the security configurations of the network
• D. To determine bandwidth needs for the network.

Answer: B

NEW QUESTION # 46
During a security audit which test should result in a source packet failing to reach its intended destination?

• A. A new connection request from the Internet is sent to a host on the company 's internal net work
• B. A new connection request from the internet is sent to the company's DNS server
• C. A packet originating from the company's internal network is sent to the company's DNS server
• D. A packet originating from the company's DMZ is sent to a host on the company's internal network

Answer: A

NEW QUESTION # 47
Which of the following CIS Controls is used to manage the security lifecycle by validating that the documented controls are in place?

• A. Controlled Use of Administrative Privilege
• B. Penetration Tests and Red Team Exercises
• C. Data Protection
• D. Account Monitoring and Control

Answer: B

NEW QUESTION # 48
Which of the following should be used to test antivirus software?

• A. FIPS 140-2
• B. Code Red
• C. Heartbleed
• D. EICAR

Answer: D

NEW QUESTION # 49
Which approach is recommended by the CIS Controls for performing penetration tests?

• A. Utilize a single attack vector at a time
• B. Document a single vulnerability per system
• C. Execute all tests during network maintenance windows
• D. Complete intrusive tests on test systems

Answer: D

NEW QUESTION # 50
Of the options shown below, what is the first step in protecting network devices?

• A. Applying all known security patches
• B. Scanning the devices for known vulnerabilities
• C. Creating standard secure configurations for all devices
• D. Implementing IDS to detect attacks

Answer: C

NEW QUESTION # 51
What is the relationship between a service and its associated port?

• A. A service closes a port after a period of inactivity
• B. A service opens the port and listens for network traffic
• C. A service sets limits on the volume of traffic sent through the port
• D. A service relies on the port to select the protocol

Answer: B

NEW QUESTION # 52
An organization has implemented a control for penetration testing and red team exercises conducted on their network. They have compiled metrics showing the success of the penetration testing (Penetration Tests), as well as the number of actual adversary attacks they have sustained (External Attacks). Assess the metrics below and determine the appropriate interpretation with respect to this control.

• A. There are too many internal penetration tests being conducted
• B. The red team is improving their capability to measure network security
• C. The blue team is adequately protecting the network
• D. The methods the red team is using are not effectively testing the network

Answer: D

NEW QUESTION # 53
Why is it important to enable event log storage on a system immediately after it is installed?

• A. To compare it performance with other systems already on the network
• B. To identify root kits included on the system out of the box
• C. To allow system to be restored to a known good state if it is compromised
• D. To create the ability to separate abnormal behavior from normal behavior during an incident

Answer: D

NEW QUESTION # 54
An organization has implemented a policy to continually detect and remove malware from its network. Which of the following is a detective control needed for this?

• A. Network Intrusion Detection devices sends alerts when signatures are updated
• B. Network Intrusion Prevention sends alerts when RST packets are received
• C. Host-based firewall sends alerts when packets are sent to a closed port
• D. Host-based anti-virus sends alerts to a central security console

Answer: D

NEW QUESTION # 55
An organization is implementing a control for the Account Monitoring and Control CIS Control, and have set the Account Lockout Policy as shown below. What is the risk presented by these settings?

• A. Once accounts are locked, they cannot be unlocked.
• B. Password length and complexity will be automatically reduced.
• C. Brute-force password attacks could be more effective.
• D. Legitimate users could be unable to access resources.

Answer: D

NEW QUESTION # 56
An auditor is validating the policies and procedures for an organization with respect to a control for Data Recovery. The organization's control states they will completely back up critical servers weekly, with incremental backups every four hours. Which action will best verify success of the policy?

• A. Select a random file from a critical server and verify it is present in a backup set
• B. Verify that the backup media cannot be read without the encryption key
• C. Check the backup logs from the critical servers and verify there are no errors
• D. Restore the critical server data from backup and see if data is missing

Answer: D

NEW QUESTION # 57
When evaluating the Wireless Access Control CIS Control, which of the following systems needs to be tested?

• A. Data classification and access baselines
• B. PII data scanner
• C. 802.1x authentication systems
• D. Log management system

Answer: C

NEW QUESTION # 58
Review the below results of an audit on a server. Based on these results, which document would you recommend be reviewed for training or updates?

• A. Procedure for authorizing remote server access
• B. Procedure for adjusting network share permissions
• C. Procedure for modifying file permissions
• D. Procedure for setting and resetting user passwords

Answer: D

NEW QUESTION # 59
Kenya is a system administrator for SANS. Per the recommendations of the CIS Controls she has a dedicated host (kenya- adminbox / 10.10.10.10) for any administrative tasks. She logs into the dedicated host with her domain admin credentials. Which of the following connections should not exist from kenya-adminbox?

• A. 10.10.245.3389
• B. 10.10.10.33.443
• C. Firewall_charon.jane.org.22
• D. Mail.jane.org.25

Answer: D

NEW QUESTION # 60
An organization wants to test its procedure for data recovery. Which of the following will be most effective?

• A. Verifying a file can be recovered from backup media
• B. Verifying there are no errors in the backup server logs
• C. Verifying that network backups can't be read in transit
• D. Verifying that backup process is running when it should

Answer: A

NEW QUESTION # 61
......

Dumps for Free GCCC Practice Exam Questions: https://www.dumpexams.com/GCCC-real-answers.html

PDF Dumps 2024 Exam Questions with Practice Test: https://drive.google.com/open?id=18ufuXhKBaWCwol1MZLad3q4Ar6O_jlMM