Free GIAC GCCC Practice Exam with Questions & Answers | Set: 3

Name: How to Pass GCCC Exams
Brand: Examstrack
SKU: gccc
Price: 42 USD
Availability: InStock

Questions 21

An organization has implemented a control for penetration testing and red team exercises conducted on their network. They have compiled metrics showing the success of the penetration testing (Penetration Tests), as well as the number of actual adversary attacks they have sustained (External Attacks). Assess the metrics below and determine the appropriate interpretation with respect to this control.

GCCC Question 21

Options:

The blue team is adequately protecting the network

There are too many internal penetration tests being conducted

The methods the red team is using are not effectively testing the network

The red team is improving their capability to measure network security

GIAC GCCC Premium Access

Questions 22

John is implementing a commercial backup solution for his organization. Which of the following steps should be on the configuration checklist?

Options:

Enable encryption if it ’s not enabled by default

Disable software-level encryption to increase speed of transfer

Develop a unique encryption scheme

Questions 23

What is the first step suggested before implementing any single CIS Control?

Options:

Develop an effectiveness test

Perform a gap analysis

Perform a vulnerability scan

Develop a roll-out schedule

Questions 24

What is a zero-day attack?

Options:

An attack that has a known attack signature but no available patch

An attack that utilizes a vulnerability unknown to the software developer

An attack that deploys at the end of a countdown sequence

An attack that is launched the day the patch is released

Questions 25

As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic. Which event should they receive an alert on?

Options:

The number of website hits is higher that the daily average

The logfiles of the webserver are rotated and archived

The website does not respond to a SYN packet for 30 minutes

The website issues a RST to a client after the connection is idle

Questions 26

What is an organization’s goal in deploying a policy to encrypt all mobile devices?

Options:

Enabling best practices for the protection of their software licenses

Providing their employees, a secure method of connecting to the corporate network C. Controlling unauthorized access to sensitive information

Applying the principle of defense in depth to their mobile devices

Questions 27

An organization is implementing a control for the Limitation and Control of Network Ports, Protocols, and Services CIS Control. Which action should they take when they discover that an application running on a web server is no longer needed?

Options:

Uninstall the application providing the service

Turn the service off in the host configuration files

Block the protocol for the unneeded service at the firewall

Create an access list on the router to filter traffic to the host