New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > GIAC > Cyber Security > GCCC

GCCC GIAC Critical Controls Certification (GCCC) Question and Answers

Question # 4

Which of the following can be enabled on a Linux based system in order to make it more difficult for an attacker to execute malicious code after launching a buffer overflow attack?

A.

ASLR

B.

Tripwire

C.

SUID

D.

Iptables

E.

TCP Wrappers

Full Access
Question # 5

An organization has implemented a policy to continually detect and remove malware from its network. Which of the following is a detective control needed for this?

A.

Host-based firewall sends alerts when packets are sent to a closed port

B.

Network Intrusion Prevention sends alerts when RST packets are received

C.

Network Intrusion Detection devices sends alerts when signatures are updated

D.

Host-based anti-virus sends alerts to a central security console

Full Access
Question # 6

What is the first step suggested before implementing any single CIS Control?

A.

Develop an effectiveness test

B.

Perform a gap analysis

C.

Perform a vulnerability scan

D.

Develop a roll-out schedule

Full Access
Question # 7

How often should the security awareness program be communicated to employees?

A.

Continuously

B.

Annually

C.

Monthly

D.

At orientation and review times

Full Access
Question # 8

Janice is auditing the perimeter of the network at Sugar Water InC. According to documentation, external SMTP traffic is only allowed to and from 10.10.10.25. Which of the following actions would demonstrate the rules are configured incorrectly?

A.

Receive spam from a known bad domain

B.

Receive mail at Sugar Water Inc. account using Outlook as a mail client

C.

Successfully deliver mail from another host inside the network directly to an external contact

D.

Successfully deliver mail from web client using another host inside the network to an external contact.

Full Access
Question # 9

Kenya is a system administrator for SANS. Per the recommendations of the CIS Controls she has a dedicated host (kenya- adminbox / 10.10.10.10) for any administrative tasks. She logs into the dedicated host with her domain admin credentials. Which of the following connections should not exist from kenya-adminbox?

A.

10.10.245.3389

B.

Mail.jane.org.25

C.

Firewall_charon.jane.org.22

D.

10.10.10.33.443

Full Access
Question # 10

As part of a scheduled network discovery scan, what function should the automated scanning tool perform?

A.

Uninstall listening services that have not been used since the last scheduled scan

B.

Compare discovered ports and services to a known baseline to report deviations

C.

Alert the incident response team on ports and services added since the last scan

D.

Automatically close ports and services not included in the current baseline

Full Access
Question # 11

Which activity increases the risk of a malware infection?

A.

Charging a smartphone using a computer USB port

B.

Editing webpages with a Linux system

C.

Reading email using a plain text email client

D.

Online banking in Incognito mode

Full Access
Question # 12

Which of the following is necessary for implementing and automating the Continuous Vulnerability Assessment and Remediation CIS Control?

A.

Software Whitelisting System

B.

System Configuration Enforcement System

C.

Patch Management System

D.

Penetration Testing System

Full Access
Question # 13

An organization has created a policy that allows software from an approved list of applications to be installed on workstations. Programs not on the list should not be installed. How can the organization best monitor compliance with the policy?

A.

Performing regular port scans of workstations on the network

B.

Auditing Active Directory and alerting when new accounts are created

C.

Creating an IDS signature to alert based on unknown “User-Agent ” strings

D.

Comparing system snapshots and alerting when changes are made

Full Access