GIAC Critical Controls Certification (GCCC) GCCC Dumps

1. Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log.

Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?

2. Which of the following actions produced the output seen below?

3. An organization has implemented a policy to detect and remove malicious software from its network.

Which of the following actions is focused on correcting rather than preventing attack?

4. An Internet retailer's database was recently exploited by a foreign criminal organization via a remote attack. The initial exploit resulted in immediate root-level access.

What could have been done to prevent this level of access being given to the intruder upon successful exploitation?

5. As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic.

Which event should they receive an alert on?

6. Implementing which of the following will decrease spoofed e-mail messages?

7. After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations.

Which actions would best protect the computers with the software package installed?

8. Given the audit finding below, which CIS Control was being measured?

9. According to attack lifecycle models, what is the attacker’s first step in compromising an organization?

10. Which of the following items would be used reactively for incident response?

11. A security incident investigation identified the following modified version of a legitimate system file on a compromised client:

C:WindowsSystem32winxml.dll Addition Jan. 16, 2014 4:53:11 PM

The infection vector was determined to be a vulnerable browser plug-in installed by the user.

Which of the organization’s CIS Controls failed?

12. What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?

13. An organization is implementing a control within the Application Software Security CIS Control.

How can they best protect against injection attacks against their custom web application and database applications?

14. What is a recommended defense for the CIS Control for Application Software Security?

15. A need has been identified to organize and control access to different classifications of

information stored on a fileserver.

Which of the following approaches will meet this need?

16. Below is a screenshot from a deployed next-generation firewall.

These configuration settings would be a defensive measure for which CIS Control?

17. Based on the data shown below.

Which wireless access point has the manufacturer default settings still in place?

18. Which of the following should be used to test antivirus software?

19. Which of the following best describes the CIS Controls?

20. An attacker is able to successfully access a web application as root using ‘ or 1 = 1 . as the password. The successful access indicates a failure of what process?

21. An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user.

What action can they take to rectify this?

22. Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed.

Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?

23. Which of the following is a benefit of stress-testing a network?

24. Which of the following is a reliable way to test backed up data?

25. John a network administrator at Northeast High School. Faculty have been complaining that although they can detect and authenticate to the faculty wireless network, they are unable to connect. While troubleshooting, John discovers that the wireless network server is out of DHCP addresses due to a large number of unauthorized student devices connecting to the network.

Which course of action would be an effective temporary stopgap to secure the network until a permanent solution can be found?

26. An organization is implementing a control for the Limitation and Control of Network Ports, Protocols, and Services CIS Control.

Which action should they take when they discover that an application running on a web server is no longer needed?

27. What is the first step suggested before implementing any single CIS Control?

28. Which of the following assigns a number indicating the severity of a discovered software vulnerability?

29. What could a security team use the command line tool Nmap for when implementing the Inventory and Control of Hardware Assets Control?

30. An organization wants to test its procedure for data recovery.

Which of the following will be most effective?