Cyber Monday Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC GCCC - GIAC Critical Controls Certification (GCCC)

GIAC GCCC Premium Access     Download Demo    
Page: 2 / 3
Total 93 questions

Acme Corporation performed an investigation of its centralized logging capabilities. It found that the central server is missing several types of logs from three servers in Acme's inventory. Given these findings, what is the most appropriate next step?

A.

Define processes to manually review logs for the problem servers

B.

Restart or reinstall the logging service on each of the problem servers

C.

Perform analysis to identify the source of the logging problems

D.

Document the missing logs in the core evaluation report as a minor issue

Which of the following is a benefit of stress-testing a network?

A.

To determine device behavior in a DoS condition.

B.

To determine bandwidth needs for the network.

C.

To determine the connectivity of the network

D.

To determine the security configurations of the network

Which of the following best describes the CIS Controls?

A.

Technical, administrative, and policy controls based on research provided by the SANS Institute

B.

Technical controls designed to provide protection from the most damaging attacks based on current threat data

C.

Technical controls designed to augment the NIST 800 series

D.

Technical, administrative, and policy controls based on current regulations and security best practices

An organization is implementing an application software security control their custom-written code that provides web—based database access to sales partners. Which action will help mitigate the risk of the application being compromised?

A.

Providing the source code for their web application to existing sales partners

B.

Identifying high-risk assets that are on the same network as the web application server

C.

Creating signatures for their IDS to detect attacks specific to their web application

D.

Logging the connection requests to the web application server from outside hosts

After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations. Which actions would best protect the computers with the software package installed?

A.

Document the port number and request approval from a change control group

B.

Redirect traffic to and from the software management port to a non-default port

C.

Block TCP 23456 at the network perimeter firewall

D.

Determine which service controls the software management function and opens the port, and disable it

How does an organization's hardware inventory support the control for secure configurations?

A.

It provides a list of managed devices that should be secured

B.

It provides a list of unauthorized devices on the network

C.

It provides the MAC addresses for insecure network adapters

D.

It identifies the life cycle of manufacturer support for hardware devices

Based on the data shown below.

Which wireless access point has the manufacturer default settings still in place?

A.

Starbucks

B.

Linksys

C.

Hhonors

D.

Interwebz

Executive management approved the storage of sensitive data on smartphones and tablets as long as they were encrypted. Later a vulnerability was announced at an information security conference that allowed attackers to bypass the device’s authentication process, making the data accessible. The smartphone manufacturer said it would take six months for the vulnerability to be fixed and distributed through the cellular carriers. Four months after the vulnerability was announced, an employee lost his tablet and the sensitive information became public.

What was the failure that led to the information being lost?

A.

There was no risk acceptance review after the risk changed

B.

The employees failed to maintain their devices at the most current software version

C.

Vulnerability scans were not done to identify the devices that we at risk

D.

Management had not insured against the possibility of the information being lost

An auditor is validating the policies and procedures for an organization with respect to a control for Data Recovery. The organization’s control states they will completely back up critical servers weekly, with incremental backups every four hours. Which action will best verify success of the policy?

A.

Verify that the backup media cannot be read without the encryption key

B.

Check the backup logs from the critical servers and verify there are no errors

C.

Select a random file from a critical server and verify it is present in a backup set

D.

Restore the critical server data from backup and see if data is missing

As part of a scheduled network discovery scan, what function should the automated scanning tool perform?

A.

Uninstall listening services that have not been used since the last scheduled scan

B.

Compare discovered ports and services to a known baseline to report deviations

C.

Alert the incident response team on ports and services added since the last scan

D.

Automatically close ports and services not included in the current baseline