GIAC Critical Controls Certification (GCCC) Exam Questions (93 Q&As)

The GIAC Critical Controls Certification is the only certification based on the Critical Security Controls, a prioritized, risk based approach to security. This certification ensures that candidates have the knowledge and skills to implement and execute the Critical Security Controls recommended by the Council on Cybersecurity, and perform audits based on the standard. PassQuestion new released GIAC Critical Controls Certification (GCCC) Exam Questions with 93 questions and answers to ensure you pass your GCCC Certification exam successfully in your first try.

Test Online GIAC Critical Controls Certification (GCCC) Free Questions

1. Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log.

Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?

access-list outbound permit tcp host 10.1.1.7 any eq smtp

access-list outbound deny tcp any host 74.125.228.2 eq www

access-list inbound permit tcp 8.8.0.0 0.0.0.255 10.10.12.252 eq 8080

access-list inbound permit tcp host 8.8.207.97 host 10.10.12.100 eq ssh

2. Which of the following actions produced the output seen below?

An access rule was removed from firewallrules.txt

An access rule was added to firewallrules2.txt

An access rule was added to firewallrules.txt

An access rule was removed from firewallrules2.txt

3. An organization has implemented a policy to detect and remove malicious software from its network.

Which of the following actions is focused on correcting rather than preventing attack?

Configuring a firewall to only allow communication to whitelisted hosts and ports

Using Network access control to disable communication by hosts with viruses

Disabling autorun features on all workstations on the network

Training users to recognize potential phishing attempts

4. An Internet retailer’s database was recently exploited by a foreign criminal organization via a remote attack. The initial exploit resulted in immediate root-level access.

What could have been done to prevent this level of access being given to the intruder upon successful exploitation?

Configure the DMZ firewall to block unnecessary service

Install host integrity monitoring software

Install updated anti-virus software

Configure the database to run with lower privileges

5. As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic.

Which event should they receive an alert on?

The number of website hits is higher that the daily average

The logfiles of the webserver are rotated and archived

The website does not respond to a SYN packet for 30 minutes

The website issues a RST to a client after the connection is idle

6. Implementing which of the following will decrease spoofed e-mail messages?

Finger Protocol

Sender Policy Framework

Network Address Translation

Internet Message Access Protocol

7. After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations.

Which actions would best protect the computers with the software package installed?

Document the port number and request approval from a change control group

Redirect traffic to and from the software management port to a non-default port

Block TCP 23456 at the network perimeter firewall

Determine which service controls the software management function and opens the port, and disable it

8. Given the audit finding below, which CIS Control was being measured?

Controlled Access Based on the Need to Know

Controlled Use of Administrative Privilege

Limitation and Control of Network Ports, Protocols and Services

Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

Inventory and Control of Hardware Assets

9. According to attack lifecycle models, what is the attacker’s first step in compromising an organization?

Privilege Escalation

Exploitation

Initial Compromise

Reconnaissance

10. Which of the following items would be used reactively for incident response?

A schedule for creating and storing backup

A phone tree used to contact necessary personnel

A script used to verify patches are installed on systems

An IPS rule that prevents web access from international locations

11. A security incident investigation identified the following modified version of a legitimate system file on a compromised client:

C:WindowsSystem32winxml.dll Addition Jan. 16, 2014 4:53:11 PM

The infection vector was determined to be a vulnerable browser plug-in installed by the user.

Which of the organization’s CIS Controls failed?

Application Software Security

Inventory and Control of Software Assets

Maintenance, Monitoring, and Analysis of Audit Logs

Inventory and Control of Hardware Assets

12. What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?

Package diagram

Deployment diagram

Class diagram

Use case diagram

13. An organization is implementing a control within the Application Software Security CIS Control.

How can they best protect against injection attacks against their custom web application and database applications?

Ensure the web application server logs are going to a central log host

Filter input to only allow safe characters and strings

Configure the web server to use Unicode characters only

Check user input against a list of reserved database terms

14. What is a recommended defense for the CIS Control for Application Software Security?

Keep debugging code in production web applications for quick troubleshooting

Limit access to the web application production environment to just the developers

Run a dedicated vulnerability scanner against backend databases

Display system error messages for only non-kernel related events

15. A need has been identified to organize and control access to different classifications of

information stored on a fileserver.

Which of the following approaches will meet this need?

Organize files according to the user that created them and allow the user to determine permissions

Divide the documents into confidential, internal, and public folders, and ser permissions on each folder

Set user roles by job or position, and create permission by role for each file

Divide the documents by department and set permissions on each departmental folder

16. Below is a screenshot from a deployed next-generation firewall.

These configuration settings would be a defensive measure for which CIS Control?

Controlled Access Based on the Need to Know

Limitation and Control of Network Ports, Protocols and Services

Email and Web Browser Protections

Secure Configuration for Network Devices, such as Firewalls, Routers and Switches.

17. Based on the data shown below.

Which wireless access point has the manufacturer default settings still in place?

Starbucks

Linksys

Hhonors

Interwebz

18. Which of the following should be used to test antivirus software?

FIPS 140-2

Code Red

Heartbleed

EICAR

19. Which of the following best describes the CIS Controls?

Technical, administrative, and policy controls based on research provided by the SANS Institute

Technical controls designed to provide protection from the most damaging attacks based on current threat data

Technical controls designed to augment the NIST 800 series

Technical, administrative, and policy controls based on current regulations and security best practices

20. An attacker is able to successfully access a web application as root using ‘ or 1 = 1 . as the password. The successful access indicates a failure of what process?

Input Validation

Output Sanitization

URL Encoding

Account Management

21. An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user.

What action can they take to rectify this?

Force the root account to only be accessible from the system console.

Turn on SELinux and user process accounting for the MySQL server.

Force user accounts to use ‘sudo’ f or privileged use.

Blacklist client applications from being run in privileged mode.

22. Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed.

Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?

Keep the files in the log archives synchronized with another location.

Store the files read-only and keep hashes of the logs separately.

Install a tier one timeserver on the network to keep log devices synchronized.

Encrypt the log files with an asymmetric key and remove the cleartext version.

23. Which of the following is a benefit of stress-testing a network?

To determine device behavior in a DoS condition.

To determine bandwidth needs for the network.

To determine the connectivity of the network

To determine the security configurations of the network

24. Which of the following is a reliable way to test backed up data?

Verify the file size of the backup

Confirm the backup service is running at the proper time

Compare data hashes of backed up data to original systems

Restore the data to a system

25. John a network administrator at Northeast High School. Faculty have been complaining that although they can detect and authenticate to the faculty wireless network, they are unable to connect. While troubleshooting, John discovers that the wireless network server is out of DHCP addresses due to a large number of unauthorized student devices connecting to the network.

Which course of action would be an effective temporary stopgap to secure the network until a permanent solution can be found?

Limit access to allowed MAC addresses

Increase the size of the DHCP pool

Change the password immediately

Shorten the DHCP lease time

26. An organization is implementing a control for the Limitation and Control of Network Ports, Protocols, and Services CIS Control.

Which action should they take when they discover that an application running on a web server is no longer needed?

Uninstall the application providing the service

Turn the service off in the host configuration files

Block the protocol for the unneeded service at the firewall

Create an access list on the router to filter traffic to the host

27. What is the first step suggested before implementing any single CIS Control?

Develop an effectiveness test

Perform a gap analysis

Perform a vulnerability scan

Develop a roll-out schedule

28. Which of the following assigns a number indicating the severity of a discovered software vulnerability?

CPE

CVE

CCE

CVSS

29. What could a security team use the command line tool Nmap for when implementing the Inventory and Control of Hardware Assets Control?

Control which devices can connect to the network

Passively identify new devices

Inventory offline databases

Actively identify new servers

30. An organization wants to test its procedure for data recovery.

Which of the following will be most effective?

Verifying a file can be recovered from backup media

Verifying that backup process is running when it should

Verifying that network backups can’t be read in transit

Verifying there are no errors in the backup server logs

Question 1 of 30

GIAC Critical Controls Certification (GCCC) Exam Questions (93 Q&As)

Test Online GIAC Critical Controls Certification (GCCC) Free Questions

Leave a Reply Cancel reply