• Home
  • Articles
  • GIAC New 2021 GCCC Sample Questions Reliable GCCC Test Engine [Q22-Q47]

GIAC New 2021 GCCC Sample Questions Reliable GCCC Test Engine [Q22-Q47]

Share

GIAC New 2021 GCCC Sample Questions Reliable GCCC Test Engine

Feel GIAC GCCC Dumps PDF Will likely be The best Option


GIAC GCCC Exam Syllabus Topics:

TopicDetails
Topic 1
  • Inventory and Control of Hardware Assets
  • Malware Defenses
Topic 2
  • Incident Response and Management
  • Background, History, Purpose & Implementation of the 20 CC
Topic 3
  • Secure Configurations for Network Devices
  • Application Software Security
Topic 4
  • Inventory and Control of Software Assets
  • Boundary Defense
Topic 5
  • Penetration Tests and Red Team Exercises
  • Controlled Use of Administrative Privileges

 

NEW QUESTION 22
Which of the following archiving methods would maximize log integrity?

  • A. CD-RW
  • B. Magnetic Tape
  • C. USB flash drive
  • D. DVD-R

Answer: D

 

NEW QUESTION 23
Which of the following actions produced the output seen below?

  • A. An access rule was added to firewallrules.txt
  • B. An access rule was added to firewallrules2.txt
  • C. An access rule was removed from firewallrules.txt
  • D. An access rule was removed from firewallrules2.txt

Answer: B

 

NEW QUESTION 24
How does an organization's hardware inventory support the control for secure configurations?

  • A. It provides a list of unauthorized devices on the network
  • B. It identifies the life cycle of manufacturer support for hardware devices
  • C. It provides a list of managed devices that should be secured
  • D. It provides the MAC addresses for insecure network adapters

Answer: C

 

NEW QUESTION 25
An auditor is validating the policies and procedures for an organization with respect to a control for Data Recovery. The organization's control states they will completely back up critical servers weekly, with incremental backups every four hours. Which action will best verify success of the policy?

  • A. Restore the critical server data from backup and see if data is missing
  • B. Check the backup logs from the critical servers and verify there are no errors
  • C. Verify that the backup media cannot be read without the encryption key
  • D. Select a random file from a critical server and verify it is present in a backup set

Answer: A

 

NEW QUESTION 26
A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.
Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator's account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?

  • A. Account Monitoring and Control
  • B. Controlled Use of Administrative Privilege
  • C. Maintenance, Monitoring, and Analysis of Audit Logs
  • D. Incident Response and Management

Answer: D

 

NEW QUESTION 27
Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed. Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?

  • A. Store the files read-only and keep hashes of the logs separately.
  • B. Encrypt the log files with an asymmetric key and remove the cleartext version.
  • C. Keep the files in the log archives synchronized with another location.
  • D. Install a tier one timeserver on the network to keep log devices synchronized.

Answer: A

 

NEW QUESTION 28
As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic. Which event should they receive an alert on?

  • A. The website issues a RST to a client after the connection is idle
  • B. The number of website hits is higher that the daily average
  • C. The logfiles of the webserver are rotated and archived
  • D. The website does not respond to a SYN packet for 30 minutes

Answer: D

 

NEW QUESTION 29
IDS alerts at Service Industries are received by email. A typical day process over 300 emails with fewer than
50 requiring action. A recent attack was successful and went unnoticed due to the number of generated alerts.
What should be done to prevent this from recurring?

  • A. Increase the number of staff responsible for processing IDS alerts.
  • B. Change the alert method from email to text message.
  • C. Configure the IDS alerts to only alert on high priority systems.
  • D. Tune the IDS rules to decrease false positives.

Answer: D

 

NEW QUESTION 30
Acme Corporation is doing a core evaluation of its centralized logging capabilities. Which of the following scenarios indicates a failure in more than one CIS Control?

  • A. The loghost is receiving out-of-sync logs from undocumented servers
  • B. The loghost is missing logs from 3 servers in the inventory
  • C. The loghost time is out-of-sync with an external host
  • D. The loghost is receiving logs from hosts with different timezone values

Answer: A

 

NEW QUESTION 31
Which projects enumerates or maps security issues to CVE?

  • A. CIS Controls
  • B. ISO 2700
  • C. SCAP
  • D. NIST

Answer: C

 

NEW QUESTION 32
An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user. What action can they take to rectify this?

  • A. Force the root account to only be accessible from the system console.
  • B. Force user accounts to use 'sudo' f or privileged use.
  • C. Turn on SELinux and user process accounting for the MySQL server.
  • D. Blacklist client applications from being run in privileged mode.

Answer: B

 

NEW QUESTION 33
The settings in the screenshot would be configured as part of which CIS Control?

  • A. Account Monitoring and Control
  • B. Controlled Use of Administrative Privileges
  • C. Inventory and Control of Hardware Assets
  • D. Application Software Security

Answer: C

 

NEW QUESTION 34
An auditor is focusing on potential vulnerabilities. Which of the following should cause an alert?

  • A. Workstation on which a domain admin has never logged in
  • B. Windows host with an uptime of 382 days
  • C. Fully patched guest machine that is not in the asset inventory
  • D. Server that has zero browser plug-ins

Answer: B

 

NEW QUESTION 35
Which of the following statements is appropriate in an incident response report?

  • A. The attacker may have been able to access the systems due to missing KB2965111
  • B. There had been a storm on September 27th that may have caused a power surge
  • C. The registry entry was modified on September 29th at 22:37
  • D. The backup process may have failed at 2345 due to lack of available bandwidth

Answer: C

 

NEW QUESTION 36
Why is it important to enable event log storage on a system immediately after it is installed?

  • A. To create the ability to separate abnormal behavior from normal behavior during an incident
  • B. To identify root kits included on the system out of the box
  • C. To compare it performance with other systems already on the network
  • D. To allow system to be restored to a known good state if it is compromised

Answer: A

 

NEW QUESTION 37
After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations. Which actions would best protect the computers with the software package installed?

  • A. Redirect traffic to and from the software management port to a non-default port
  • B. Determine which service controls the software management function and opens the port, and disable it
  • C. Block TCP 23456 at the network perimeter firewall
  • D. Document the port number and request approval from a change control group

Answer: B

 

NEW QUESTION 38
An organization has implemented a policy to detect and remove malicious software from its network. Which of the following actions is focused on correcting rather than preventing attack?

  • A. Training users to recognize potential phishing attempts
  • B. Using Network access control to disable communication by hosts with viruses
  • C. Disabling autorun features on all workstations on the network
  • D. Configuring a firewall to only allow communication to whitelisted hosts and ports

Answer: B

 

NEW QUESTION 39
What is a zero-day attack?

  • A. An attack that deploys at the end of a countdown sequence
  • B. An attack that is launched the day the patch is released
  • C. An attack that utilizes a vulnerability unknown to the software developer
  • D. An attack that has a known attack signature but no available patch

Answer: C

 

NEW QUESTION 40
Which of the following should be used to test antivirus software?

  • A. EICAR
  • B. Code Red
  • C. Heartbleed
  • D. FIPS 140-2

Answer: A

 

NEW QUESTION 41
During a security audit which test should result in a source packet failing to reach its intended destination?

  • A. A new connection request from the Internet is sent to a host on the company 's internal net work
  • B. A packet originating from the company's DMZ is sent to a host on the company's internal network
  • C. A new connection request from the internet is sent to the company's DNS server
  • D. A packet originating from the company's internal network is sent to the company's DNS server

Answer: A

 

NEW QUESTION 42
Allied services have recently purchased NAC devices to detect and prevent non-company owned devices from attaching to their internal wired and wireless network. Corporate devices will be automatically added to the approved device list by querying Active Directory for domain devices. Non-approved devices will be placed on a protected VLAN with no network access. The NAC also offers a web portal that can be integrated with Active Directory to allow for employee device registration which will not be utilized in this deployment.
Which of the following recommendations would make NAC installation more secure?

  • A. Enforce company configuration standards for personal mobile devices
  • B. Change the wireless password following the NAC implementation
  • C. Configure Active Directory to push an updated inventory to the NAC daily
  • D. Disable the web portal device registration service

Answer: D

 

NEW QUESTION 43
An organization has implemented a control for penetration testing and red team exercises conducted on their network. They have compiled metrics showing the success of the penetration testing (Penetration Tests), as well as the number of actual adversary attacks they have sustained (External Attacks). Assess the metrics below and determine the appropriate interpretation with respect to this control.

  • A. There are too many internal penetration tests being conducted
  • B. The red team is improving their capability to measure network security
  • C. The blue team is adequately protecting the network
  • D. The methods the red team is using are not effectively testing the network

Answer: D

 

NEW QUESTION 44
Which of the following best describes the CIS Controls?

  • A. Technical controls designed to provide protection from the most damaging attacks based on current threat data
  • B. Technical, administrative, and policy controls based on current regulations and security best practices
  • C. Technical controls designed to augment the NIST 800 series
  • D. Technical, administrative, and policy controls based on research provided by the SANS Institute

Answer: A

 

NEW QUESTION 45
What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?

  • A. Class diagram
  • B. Package diagram
  • C. Deployment diagram
  • D. Use case diagram

Answer: B

 

NEW QUESTION 46
Which of the following baselines is considered necessary to implement the Boundary Defense CIS Control?

  • A. Network Traffic/Service Baseline
  • B. Network Information Flow
  • C. Multi-Factor Authentication Standard
  • D. Network Device Configuration Baselines

Answer: B

 

NEW QUESTION 47
......

Use Valid New GCCC Test Notes & GCCC Valid Exam Guide: https://examcollection.prep4sureguide.com/GCCC-prep4sure-exam-guide.html

Related Articles

more
GIAC GCCC Certification Practice Exam

Our reliable site provides you with good services and helps you learn. Our Study Materials make it easy for you to take notes on it so that your free time can be well utilized. Our Training Materials are absolutely safe and virus-free to use.

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

Copyright © 2026 Prep4sureGuide NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy