• Home
  • Articles
  • Best GIAC GCCC 2024 Training With 95 QA's [Q51-Q76]

Best GIAC GCCC 2024 Training With 95 QA's [Q51-Q76]

Share

Best GIAC GCCC 2024 Training With 95 QA's

GIAC GCCC Certification Exam Questions

NEW QUESTION # 51
Implementing which of the following will decrease spoofed e-mail messages?

  • A. Network Address Translation
  • B. Sender Policy Framework
  • C. Finger Protocol
  • D. Internet Message Access Protocol

Answer: B


NEW QUESTION # 52
Allied services have recently purchased NAC devices to detect and prevent non-company owned devices from attaching to their internal wired and wireless network. Corporate devices will be automatically added to the approved device list by querying Active Directory for domain devices. Non-approved devices will be placed on a protected VLAN with no network access. The NAC also offers a web portal that can be integrated with Active Directory to allow for employee device registration which will not be utilized in this deployment.
Which of the following recommendations would make NAC installation more secure?

  • A. Change the wireless password following the NAC implementation
  • B. Enforce company configuration standards for personal mobile devices
  • C. Disable the web portal device registration service
  • D. Configure Active Directory to push an updated inventory to the NAC daily

Answer: C


NEW QUESTION # 53
Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed. Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?

  • A. Install a tier one timeserver on the network to keep log devices synchronized.
  • B. Keep the files in the log archives synchronized with another location.
  • C. Encrypt the log files with an asymmetric key and remove the cleartext version.
  • D. Store the files read-only and keep hashes of the logs separately.

Answer: D


NEW QUESTION # 54
A need has been identified to organize and control access to different classifications of information stored on a fileserver. Which of the following approaches will meet this need?

  • A. Organize files according to the user that created them and allow the user to determine permissions
  • B. Divide the documents into confidential, internal, and public folders, and ser permissions on each folder
  • C. Divide the documents by department and set permissions on each departmental folder
  • D. Set user roles by job or position, and create permission by role for each file

Answer: B


NEW QUESTION # 55
Which of the following statements is appropriate in an incident response report?

  • A. The backup process may have failed at 2345 due to lack of available bandwidth
  • B. There had been a storm on September 27th that may have caused a power surge
  • C. The attacker may have been able to access the systems due to missing KB2965111
  • D. The registry entry was modified on September 29th at 22:37

Answer: D


NEW QUESTION # 56
As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic. Which event should they receive an alert on?

  • A. The website issues a RST to a client after the connection is idle
  • B. The logfiles of the webserver are rotated and archived
  • C. The website does not respond to a SYN packet for 30 minutes
  • D. The number of website hits is higher that the daily average

Answer: C


NEW QUESTION # 57
What tool creates visual network topology output and results that can be analyzed by Ndiff to determine if a service or network asset has changed?

  • A. CIS-CAT
  • B. Ngrep
  • C. Netscreen
  • D. Zenmap

Answer: D


NEW QUESTION # 58
John a network administrator at Northeast High School. Faculty have been complaining that although they can detect and authenticate to the faculty wireless network, they are unable to connect. While troubleshooting, John discovers that the wireless network server is out of DHCP addresses due to a large number of unauthorized student devices connecting to the network. Which course of action would be an effective temporary stopgap to secure the network until a permanent solution can be found?

  • A. Limit access to allowed MAC addresses
  • B. Shorten the DHCP lease time
  • C. Increase the size of the DHCP pool
  • D. Change the password immediately

Answer: D


NEW QUESTION # 59
An organization has implemented a control for penetration testing and red team exercises conducted on their network. They have compiled metrics showing the success of the penetration testing (Penetration Tests), as well as the number of actual adversary attacks they have sustained (External Attacks). Assess the metrics below and determine the appropriate interpretation with respect to this control.

  • A. The blue team is adequately protecting the network
  • B. There are too many internal penetration tests being conducted
  • C. The methods the red team is using are not effectively testing the network
  • D. The red team is improving their capability to measure network security

Answer: C


NEW QUESTION # 60
Which of the following is a benefit of stress-testing a network?

  • A. To determine the security configurations of the network
  • B. To determine the connectivity of the network
  • C. To determine device behavior in a DoS condition.
  • D. To determine bandwidth needs for the network.

Answer: C


NEW QUESTION # 61
Janice is auditing the perimeter of the network at Sugar Water InC. According to documentation, external SMTP traffic is only allowed to and from 10.10.10.25. Which of the following actions would demonstrate the rules are configured incorrectly?

  • A. Receive spam from a known bad domain
  • B. Successfully deliver mail from another host inside the network directly to an external contact
  • C. Receive mail at Sugar Water Inc. account using Outlook as a mail client
  • D. Successfully deliver mail from web client using another host inside the network to an external contact.

Answer: B


NEW QUESTION # 62
An auditor is focusing on potential vulnerabilities. Which of the following should cause an alert?

  • A. Workstation on which a domain admin has never logged in
  • B. Windows host with an uptime of 382 days
  • C. Server that has zero browser plug-ins
  • D. Fully patched guest machine that is not in the asset inventory

Answer: B


NEW QUESTION # 63
Based on the data shown below.

Which wireless access point has the manufacturer default settings still in place?

  • A. Linksys
  • B. Interwebz
  • C. Hhonors
  • D. Starbucks

Answer: A


NEW QUESTION # 64
What is a recommended defense for the CIS Control for Application Software Security?

  • A. Keep debugging code in production web applications for quick troubleshooting
  • B. Display system error messages for only non-kernel related events
  • C. Limit access to the web application production environment to just the developers
  • D. Run a dedicated vulnerability scanner against backend databases

Answer: D


NEW QUESTION # 65
During a security audit which test should result in a source packet failing to reach its intended destination?

  • A. A new connection request from the internet is sent to the company's DNS server
  • B. A new connection request from the Internet is sent to a host on the company 's internal net work
  • C. A packet originating from the company's internal network is sent to the company's DNS server
  • D. A packet originating from the company's DMZ is sent to a host on the company's internal network

Answer: B


NEW QUESTION # 66
Which of the options below will do the most to reduce an organization's attack surface on the internet?

  • A. Ensure that rotation of duties is used with employees in order to compartmentalize the most important tasks
  • B. Deploy antivirus software on internet-facing hosts, and ensure that the signatures are updated regularly
  • C. Ensure only necessary services are running on Internet-facing hosts, and that they are hardened according to best practices
  • D. Deploy an access control list on the perimeter router and limit inbound ICMP messages to echo requests only

Answer: C


NEW QUESTION # 67
An Internet retailer's database was recently exploited by a foreign criminal organization via a remote attack.
The initial exploit resulted in immediate root-level access. What could have been done to prevent this level of access being given to the intruder upon successful exploitation?

  • A. Configure the DMZ firewall to block unnecessary service
  • B. Install updated anti-virus software
  • C. Configure the database to run with lower privileges
  • D. Install host integrity monitoring software

Answer: C


NEW QUESTION # 68
An organization has created a policy that allows software from an approved list of applications to be installed on workstations. Programs not on the list should not be installed. How can the organization best monitor compliance with the policy?

  • A. Auditing Active Directory and alerting when new accounts are created
  • B. Performing regular port scans of workstations on the network
  • C. Comparing system snapshots and alerting when changes are made
  • D. Creating an IDS signature to alert based on unknown "User-Agent " strings

Answer: D


NEW QUESTION # 69
An organization has implemented a control for Controlled Use of Administrative Privilege. The control requires users to enter a password from their own user account before being allowed elevated privileges, and that no client applications (e.g. web browsers, e-mail clients) can be run with elevated privileges. Which of the following actions will validate this control is implemented properly?

  • A. Run a script at intervals to identify processes running with administrative privilege.
  • B. Force the root account to only be accessible from the system console.
  • C. Check the log entries to match privilege use with access from authorized users.

Answer: A


NEW QUESTION # 70
A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.
Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator's account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?

  • A. Account Monitoring and Control
  • B. Incident Response and Management
  • C. Maintenance, Monitoring, and Analysis of Audit Logs
  • D. Controlled Use of Administrative Privilege

Answer: B


NEW QUESTION # 71
An organization has failed a test for compliance with a policy of continual detection and removal of malicious software on its network. Which of the following errors is the root cause?

  • A. A host ran malicious software that exploited a vulnerability for which there was no patch
  • B. The intrusion prevention system failed to update to the newest signature list
  • C. The security console alerted when a host anti-virus ran whitelisted software
  • D. A newly discovered vulnerability was not detected by the intrusion detection system

Answer: B


NEW QUESTION # 72
An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user. What action can they take to rectify this?

  • A. Force the root account to only be accessible from the system console.
  • B. Force user accounts to use 'sudo' f or privileged use.
  • C. Turn on SELinux and user process accounting for the MySQL server.
  • D. Blacklist client applications from being run in privileged mode.

Answer: B


NEW QUESTION # 73
Which activity increases the risk of a malware infection?

  • A. Editing webpages with a Linux system
  • B. Online banking in Incognito mode
  • C. Charging a smartphone using a computer USB port
  • D. Reading email using a plain text email client

Answer: C


NEW QUESTION # 74
What documentation should be gathered and reviewed for evaluating an Incident Response program?

  • A. Staff member interviews
  • B. Policy and Procedures
  • C. NIST Cybersecurity Framework
  • D. Results from security training assessments

Answer: B


NEW QUESTION # 75
An analyst investigated unused organizational accounts. The investigation found that:
-10% of accounts still have their initial login password, indicating they were never used
-10% of accounts have not been used in over six months
Which change in policy would mitigate the security risk associated with both findings?

  • A. Accounts must have passwords of at least 8 characters, with one number or symbol
  • B. Accounts without login activity for 15 days are automatically locked
  • C. Users are required to change their password at the next login after three months

Answer: B


NEW QUESTION # 76
......

Quickly and Easily Pass GIAC Exam with GCCC real Dumps: https://2cram.actualtestsit.com/GIAC/GCCC-exam-prep-dumps.html

Related Articles

more
GIAC GCCC Certification Practice Exam