Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free GIAC GCCC Practice Exam with Questions & Answers

Questions 1

Which of the following actions would best mitigate against phishing attempts such as the example below?

GCCC Question 1

Options:
A.

Establishing email filters to block no-reply address emails

B.

Making web filters to prevent accessing Google Docs

C.

Having employee’s complete user awareness training

D.

Recommending against the use of Google Docs

GIAC GCCC Premium Access
Questions 2

Which of the following best describes the CIS Controls?

Options:
A.

Technical, administrative, and policy controls based on research provided by the SANS Institute

B.

Technical controls designed to provide protection from the most damaging attacks based on current threat data

C.

Technical controls designed to augment the NIST 800 series

D.

Technical, administrative, and policy controls based on current regulations and security best practices

Questions 3

A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.

Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator’s account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?

Options:
A.

Maintenance, Monitoring, and Analysis of Audit Logs

B.

Controlled Use of Administrative Privilege

C.

Incident Response and Management

D.

Account Monitoring and Control

Questions 4

Which of the following CIS Controls is used to manage the security lifecycle by validating that the documented controls are in place?

Options:
A.

Controlled Use of Administrative Privilege

B.

Account Monitoring and Control

C.

Data Protection

D.

Penetration Tests and Red Team Exercises

Questions 5

Which of the following will decrease the likelihood of eavesdropping on a wireless network?

Options:
A.

Broadcasting in the 5Ghz frequency

B.

Using Wired Equivalent Protocol (WEP)

C.

Using EAP/TLS authentication and WPA2 with AES encryption

D.

Putting the wireless network on a separate VLAN

Questions 6

Which of the following archiving methods would maximize log integrity?

Options:
A.

DVD-R

B.

USB flash drive

C.

Magnetic Tape

D.

CD-RW

Questions 7

When evaluating the Wireless Access Control CIS Control, which of the following systems needs to be tested?

Options:
A.

Log management system

B.

802.1x authentication systems

C.

Data classification and access baselines

D.

PII data scanner

Questions 8

A need has been identified to organize and control access to different classifications of information stored on a fileserver. Which of the following approaches will meet this need?

Options:
A.

Organize files according to the user that created them and allow the user to determine permissions

B.

Divide the documents into confidential, internal, and public folders, and ser permissions on each folder

C.

Set user roles by job or position, and create permission by role for each file

D.

Divide the documents by department and set permissions on each departmental folder

Questions 9

As part of a scheduled network discovery scan, what function should the automated scanning tool perform?

Options:
A.

Uninstall listening services that have not been used since the last scheduled scan

B.

Compare discovered ports and services to a known baseline to report deviations

C.

Alert the incident response team on ports and services added since the last scan

D.

Automatically close ports and services not included in the current baseline

Questions 10

Acme Corporation performed an investigation of its centralized logging capabilities. It found that the central server is missing several types of logs from three servers in Acme's inventory. Given these findings, what is the most appropriate next step?

Options:
A.

Define processes to manually review logs for the problem servers

B.

Restart or reinstall the logging service on each of the problem servers

C.

Perform analysis to identify the source of the logging problems

D.

Document the missing logs in the core evaluation report as a minor issue

Exam Code: GCCC
Certification Provider: GIAC
Exam Name: GIAC Critical Controls Certification (GCCC)
Last Update: Sep 12, 2025
Questions: 93

How to Pass GCCC Exams

PDF + Testing Engine
$164.99
$66
Add to Cart
Testing Engine
$124.99
$50
Add to Cart
PDF (Q&A)
$104.99
$42
Add to Cart

GIAC Related Exams

How to pass GIAC GPPA - GIAC Certified Perimeter Protection Analyst Exam
How to pass GIAC GCFR - GIAC Cloud Forensics Responder (GCFR) Exam
GCFW - GIAC Certified Firewall Analyst
GPEN - GIAC Penetration Tester
GSEC - GIAC Security Essentials
GSNA - GIAC Systems and Network Auditor
GPYC - GIAC Python Coder (GPYC)
GASF - GIAC Advanced Smartphone Forensics
GSSP-.NET - GIAC GIAC Secure Software Programmer - C#.NET
GISP - GIAC Information Security Professional
GCPM - GIAC Certified Project Manager Certification Practice Test
GSSP-Java - GIAC Secure Software Programmer – Java
GSLC - GIAC Security Leadership Certification (GSLC)
GCED - GIAC Certified Enterprise Defender
GIAC Free Access
Get GIAC Full Access

GIAC Free Exams
GIAC Free Exams
Prepare for GIAC certification with free access to reliable study resources and practice tests at Examstrack.