Big Halloween Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. GIAC
  3. Cyber Security
  4. GCCC
  5. GIAC Critical Controls Certification (GCCC) Questions and Answers

Pass the GIAC Cyber Security GCCC Questions and answers with CertsForce

 GIAC Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions
Questions # 21:

Which of the following should be measured and analyzed regularly when implementing the Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CIS Control?

Options:
A.

How long does it take to identify new unauthorized listening ports on the network systems

B.

How long does it take to remove unauthorized software from the organization’s systems

C.

What percentage of the organization’s applications are using sandboxing products

D.

What percentage of assets will have their settings enforced and redeployed

E.

What percentage of systems in the organization are using Network Level Authentication (NLA)

Expert Solution
Questions # 22:

What is a recommended defense for the CIS Control for Application Software Security?

Options:
A.

Keep debugging code in production web applications for quick troubleshooting

B.

Limit access to the web application production environment to just the developers

C.

Run a dedicated vulnerability scanner against backend databases

D.

Display system error messages for only non-kernel related events

Expert Solution
Questions # 23:

An organization has implemented a policy to continually detect and remove malware from its network. Which of the following is a detective control needed for this?

Options:
A.

Host-based firewall sends alerts when packets are sent to a closed port

B.

Network Intrusion Prevention sends alerts when RST packets are received

C.

Network Intrusion Detection devices sends alerts when signatures are updated

D.

Host-based anti-virus sends alerts to a central security console

Expert Solution
Questions # 24:

Implementing which of the following will decrease spoofed e-mail messages?

Options:
A.

Finger Protocol

B.

Sender Policy Framework

C.

Network Address Translation

D.

Internet Message Access Protocol

Expert Solution
Questions # 25:

Which projects enumerates or maps security issues to CVE?

Options:
A.

SCAP

B.

CIS Controls

C.

NIST

D.

ISO 2700

Expert Solution
Questions # 26:

An auditor is validating the policies and procedures for an organization with respect to a control for Data Recovery. The organization’s control states they will completely back up critical servers weekly, with incremental backups every four hours. Which action will best verify success of the policy?

Options:
A.

Verify that the backup media cannot be read without the encryption key

B.

Check the backup logs from the critical servers and verify there are no errors

C.

Select a random file from a critical server and verify it is present in a backup set

D.

Restore the critical server data from backup and see if data is missing

Expert Solution
Questions # 27:

Which of the following is used to prevent spoofing of e-mail addresses?

Options:
A.

Sender Policy Framework

B.

DNS Security Extensions

C.

Public-Key Cryptography

D.

Simple Mail Transfer Protocol

Expert Solution
Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions