• Home
  • Articles
  • Pass Your GCCC Exam at the First Try with 100% Real Exam Questions [Q17-Q37]

Pass Your GCCC Exam at the First Try with 100% Real Exam Questions [Q17-Q37]

Share

Pass Your GCCC Exam at the First Try with 100% Real Exam Questions

New GIAC GCCC Dumps & Questions Updated on 2024

NEW QUESTION # 17
What is a zero-day attack?

  • A. An attack that deploys at the end of a countdown sequence
  • B. An attack that utilizes a vulnerability unknown to the software developer
  • C. An attack that is launched the day the patch is released
  • D. An attack that has a known attack signature but no available patch

Answer: B


NEW QUESTION # 18
Which of the options below will do the most to reduce an organization's attack surface on the internet?

  • A. Deploy antivirus software on internet-facing hosts, and ensure that the signatures are updated regularly
  • B. Ensure that rotation of duties is used with employees in order to compartmentalize the most important tasks
  • C. Ensure only necessary services are running on Internet-facing hosts, and that they are hardened according to best practices
  • D. Deploy an access control list on the perimeter router and limit inbound ICMP messages to echo requests only

Answer: C


NEW QUESTION # 19
What is the list displaying?

  • A. Installed software on an end-user device
  • B. Allowed program in a software inventory application
  • C. Unauthorized programs detected in a software inventory
  • D. Missing patches from a patching server

Answer: B


NEW QUESTION # 20
Which activity increases the risk of a malware infection?

  • A. Charging a smartphone using a computer USB port
  • B. Editing webpages with a Linux system
  • C. Online banking in Incognito mode
  • D. Reading email using a plain text email client

Answer: A


NEW QUESTION # 21
A global corporation has major data centers in Seattle, New York, London and Tokyo. Which of the following is the correct approach from an intrusion detection and event correlation perspective?

  • A. Configure all data center systems to use local time
  • B. Synchronize between Seattle and New York, and use local time for London and Tokyo
  • C. Configure all data center systems to use GMT time
  • D. Configure all systems to use their default time settings

Answer: A


NEW QUESTION # 22
To effectively implement the Data Protection CIS Control, which task needs to be implemented first?

  • A. The organization's proprietary data needs to be identified
  • B. Appropriate file content matching needs to be configured
  • C. The organization's proprietary data needs to be encrypted
  • D. Employees need to be notified that proprietary data should be protected

Answer: A


NEW QUESTION # 23
An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user. What action can they take to rectify this?

  • A. Turn on SELinux and user process accounting for the MySQL server.
  • B. Force the root account to only be accessible from the system console.
  • C. Force user accounts to use 'sudo' f or privileged use.
  • D. Blacklist client applications from being run in privileged mode.

Answer: C


NEW QUESTION # 24
A need has been identified to organize and control access to different classifications of information stored on a fileserver. Which of the following approaches will meet this need?

  • A. Organize files according to the user that created them and allow the user to determine permissions
  • B. Divide the documents into confidential, internal, and public folders, and ser permissions on each folder
  • C. Set user roles by job or position, and create permission by role for each file
  • D. Divide the documents by department and set permissions on each departmental folder

Answer: B


NEW QUESTION # 25
As part of a scheduled network discovery scan, what function should the automated scanning tool perform?

  • A. Alert the incident response team on ports and services added since the last scan
  • B. Uninstall listening services that have not been used since the last scheduled scan
  • C. Compare discovered ports and services to a known baseline to report deviations
  • D. Automatically close ports and services not included in the current baseline

Answer: C


NEW QUESTION # 26
An administrator looking at a web application's log file found login attempts by the same host over several seconds. Each user ID was attempted with three different passwords. The event took place over 5 seconds.
* ROOT
* TEST
* ADMIN
* SQL
* USER
* NAGIOSGUEST
What is the most likely source of this event?

  • A. An attempted Denial of Service attack by locking out administrative accounts
  • B. An attempt to use SQL Injection to gain information from a web-connected database
  • C. An automated tool that attempts to use a dictionary attack to infiltrate a website
  • D. An IT administrator attempting to use outdated credentials to enter the site

Answer: C


NEW QUESTION # 27
An organization has failed a test for compliance with a policy of continual detection and removal of malicious software on its network. Which of the following errors is the root cause?

  • A. A newly discovered vulnerability was not detected by the intrusion detection system
  • B. The security console alerted when a host anti-virus ran whitelisted software
  • C. The intrusion prevention system failed to update to the newest signature list
  • D. A host ran malicious software that exploited a vulnerability for which there was no patch

Answer: C


NEW QUESTION # 28
Which of the following is a reliable way to test backed up data?

  • A. Verify the file size of the backup
  • B. Compare data hashes of backed up data to original systems
  • C. Confirm the backup service is running at the proper time
  • D. Restore the data to a system

Answer: D


NEW QUESTION # 29
An organization has created a policy that allows software from an approved list of applications to be installed on workstations. Programs not on the list should not be installed. How can the organization best monitor compliance with the policy?

  • A. Creating an IDS signature to alert based on unknown "User-Agent " strings
  • B. Auditing Active Directory and alerting when new accounts are created
  • C. Performing regular port scans of workstations on the network
  • D. Comparing system snapshots and alerting when changes are made

Answer: A


NEW QUESTION # 30
An auditor is validating the policies and procedures for an organization with respect to a control for Data Recovery. The organization's control states they will completely back up critical servers weekly, with incremental backups every four hours. Which action will best verify success of the policy?

  • A. Check the backup logs from the critical servers and verify there are no errors
  • B. Verify that the backup media cannot be read without the encryption key
  • C. Select a random file from a critical server and verify it is present in a backup set
  • D. Restore the critical server data from backup and see if data is missing

Answer: D


NEW QUESTION # 31
After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations. Which actions would best protect the computers with the software package installed?

  • A. Determine which service controls the software management function and opens the port, and disable it
  • B. Document the port number and request approval from a change control group
  • C. Redirect traffic to and from the software management port to a non-default port
  • D. Block TCP 23456 at the network perimeter firewall

Answer: A


NEW QUESTION # 32
Kenya is a system administrator for SANS. Per the recommendations of the CIS Controls she has a dedicated host (kenya- adminbox / 10.10.10.10) for any administrative tasks. She logs into the dedicated host with her domain admin credentials. Which of the following connections should not exist from kenya-adminbox?

  • A. Firewall_charon.jane.org.22
  • B. 10.10.10.33.443
  • C. 10.10.245.3389
  • D. Mail.jane.org.25

Answer: D


NEW QUESTION # 33
An organization has implemented a control for penetration testing and red team exercises conducted on their network. They have compiled metrics showing the success of the penetration testing (Penetration Tests), as well as the number of actual adversary attacks they have sustained (External Attacks). Assess the metrics below and determine the appropriate interpretation with respect to this control.

  • A. There are too many internal penetration tests being conducted
  • B. The blue team is adequately protecting the network
  • C. The red team is improving their capability to measure network security
  • D. The methods the red team is using are not effectively testing the network

Answer: D


NEW QUESTION # 34
An analyst investigated unused organizational accounts. The investigation found that:
-10% of accounts still have their initial login password, indicating they were never used
-10% of accounts have not been used in over six months
Which change in policy would mitigate the security risk associated with both findings?

  • A. Users are required to change their password at the next login after three months
  • B. Accounts without login activity for 15 days are automatically locked
  • C. Accounts must have passwords of at least 8 characters, with one number or symbol

Answer: B


NEW QUESTION # 35
An auditor is focusing on potential vulnerabilities. Which of the following should cause an alert?

  • A. Fully patched guest machine that is not in the asset inventory
  • B. Windows host with an uptime of 382 days
  • C. Workstation on which a domain admin has never logged in
  • D. Server that has zero browser plug-ins

Answer: B


NEW QUESTION # 36
An organization is implementing a control for the Account Monitoring and Control CIS Control, and have set the Account Lockout Policy as shown below. What is the risk presented by these settings?

  • A. Brute-force password attacks could be more effective.
  • B. Once accounts are locked, they cannot be unlocked.
  • C. Password length and complexity will be automatically reduced.
  • D. Legitimate users could be unable to access resources.

Answer: D


NEW QUESTION # 37
......

Updated Exam GCCC Dumps with New Questions: https://www.validtorrent.com/GCCC-valid-exam-torrent.html

Dumps to Pass your GCCC Exam with 100% Real Questions and Answers: https://drive.google.com/open?id=1AR8TkSRd7w_yqZROqNhKyHaFpmn3gMpG

Related Articles

more
GIAC GCCC Certification Practice Exam

Copyright © 2026 ValidTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy