Father's Day Flat 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s55disc

GCCC PDF

$42.75

$94.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

GCCC PDF + Testing Engine

$63

$139.99

3 Months Free Update

  • Exam Name: GIAC Critical Controls Certification (GCCC)
  • Last Update: Jun 10, 2021
  • Questions and Answers: 93
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

GCCC Engine

$49.5

$109.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

GCCC GIAC Critical Controls Certification (GCCC) Questions and Answers

Question # 4

How often should the security awareness program be communicated to employees?

A.

Continuously

B.

Annually

C.

Monthly

D.

At orientation and review times

Full Access
Question # 5

An organization is implementing an application software security control their custom-written code that provides web—based database access to sales partners. Which action will help mitigate the risk of the application being compromised?

A.

Providing the source code for their web application to existing sales partners

B.

Identifying high-risk assets that are on the same network as the web application server

C.

Creating signatures for their IDS to detect attacks specific to their web application

D.

Logging the connection requests to the web application server from outside hosts

Full Access
Question # 6

Which of the following baselines is considered necessary to implement the Boundary Defense CIS Control?

A.

Multi-Factor Authentication Standard

B.

Network Traffic/Service Baseline

C.

Network Device Configuration Baselines

D.

Network Information Flow

Full Access
Question # 7

What could a security team use the command line tool Nmap for when implementing the Inventory and Control of Hardware Assets Control?

A.

Control which devices can connect to the network

B.

Passively identify new devices

C.

Inventory offline databases

D.

Actively identify new servers

Full Access
Question # 8

John a network administrator at Northeast High School. Faculty have been complaining that although they can detect and authenticate to the faculty wireless network, they are unable to connect. While troubleshooting, John discovers that the wireless network server is out of DHCP addresses due to a large number of unauthorized student devices connecting to the network. Which course of action would be an effective temporary stopgap to secure the network until a permanent solution can be found?

A.

Limit access to allowed MAC addresses

B.

Increase the size of the DHCP pool

C.

Change the password immediately

D.

Shorten the DHCP lease time

Full Access
Question # 9

Implementing which of the following will decrease spoofed e-mail messages?

A.

Finger Protocol

B.

Sender Policy Framework

C.

Network Address Translation

D.

Internet Message Access Protocol

Full Access
Question # 10

Which of the following statements is appropriate in an incident response report?

A.

There had been a storm on September 27th that may have caused a power surge

B.

The registry entry was modified on September 29th at 22:37

C.

The attacker may have been able to access the systems due to missing KB2965111

D.

The backup process may have failed at 2345 due to lack of available bandwidth

Full Access
Question # 11

An organization has implemented a policy to continually detect and remove malware from its network. Which of the following is a detective control needed for this?

A.

Host-based firewall sends alerts when packets are sent to a closed port

B.

Network Intrusion Prevention sends alerts when RST packets are received

C.

Network Intrusion Detection devices sends alerts when signatures are updated

D.

Host-based anti-virus sends alerts to a central security console

Full Access
Question # 12

What is a zero-day attack?

A.

An attack that has a known attack signature but no available patch

B.

An attack that utilizes a vulnerability unknown to the software developer

C.

An attack that deploys at the end of a countdown sequence

D.

An attack that is launched the day the patch is released

Full Access
Question # 13

Which of the following CIS Controls is used to manage the security lifecycle by validating that the documented controls are in place?

A.

Controlled Use of Administrative Privilege

B.

Account Monitoring and Control

C.

Data Protection

D.

Penetration Tests and Red Team Exercises

Full Access