GIAC GCCC Real Exam Questions Test Engine Dumps Training With 95 Questions [Q24-Q46]

Rate this post

GIAC GCCC Real Exam Questions Test Engine Dumps Training With 95 Questions

GCCC Actual Questions Answers PDF 100% Cover Real Exam Questions

NO.24 What tool creates visual network topology output and results that can be analyzed by Ndiff to determine if a service or network asset has changed?

Ngrep

CIS-CAT

Netscreen

Zenmap

NO.25 A security incident investigation identified the following modified version of a legitimate system file on a compromised client:
C:WindowsSystem32winxml.dll Addition Jan. 16, 2014 4:53:11 PM
The infection vector was determined to be a vulnerable browser plug-in installed by the user. Which of the organization’s CIS Controls failed?

Application Software Security

Inventory and Control of Software Assets

Maintenance, Monitoring, and Analysis of Audit Logs

Inventory and Control of Hardware Assets

NO.26 An administrator looking at a web application’s log file found login attempts by the same host over several seconds. Each user ID was attempted with three different passwords. The event took place over 5 seconds.
* ROOT
* TEST
* ADMIN
* SQL
* USER
* NAGIOSGUEST
What is the most likely source of this event?

An IT administrator attempting to use outdated credentials to enter the site

An attempted Denial of Service attack by locking out administrative accounts

An automated tool that attempts to use a dictionary attack to infiltrate a website

An attempt to use SQL Injection to gain information from a web-connected database

NO.27 An organization has installed a firewall for Boundary Defense. It allows only outbound traffic from internal workstations for web and SSH, allows connections from the internet to the DMZ, and allows guest wireless access to the internet only. How can an auditor validate these rules?

Check for packets going from the Internet to the Web server

Try to send email from a wireless guest account

Check for packages going from the web server to the user workstations

Try to access the internal network from the wireless router

NO.28 John is implementing a commercial backup solution for his organization. Which of the following steps should be on the configuration checklist?

Enable encryption if it ‘s not enabled by default

Disable software-level encryption to increase speed of transfer

Develop a unique encryption scheme

NO.29 Which type of scan is best able to determine if user workstations are missing any important patches?

A network vulnerability scan using aggressive scanning

A source code scan

A port scan using banner grabbing

A web application/database scan

A vulnerability scan using valid credentials

NO.30 Scan 1 was taken on Monday. Scan 2 was taken of the same network on Wednesday. Which of the following findings is accurate based on the information contained in the scans?

The host located at 192.168.177.7 is no longer on the network

The host with MAC Address D8:50:E6:9F:EE:60 is no longer on the network

The host located at 192.168.177.21 is a new host on the network

The host with MAC Address D8:50:E6:9F:EE:60 had an IP address change

NO.31 Which projects enumerates or maps security issues to CVE?

CIS Controls

SCAP

ISO 2700

NIST

NO.32 Which approach is recommended by the CIS Controls for performing penetration tests?

Document a single vulnerability per system

Utilize a single attack vector at a time

Complete intrusive tests on test systems

Execute all tests during network maintenance windows

NO.33 Which of the following actions would best mitigate against phishing attempts such as the example below?

Establishing email filters to block no-reply address emails

Making web filters to prevent accessing Google Docs

Having employee’s complete user awareness training

Recommending against the use of Google Docs

NO.34 An organization is implementing a control for the Limitation and Control of Network Ports, Protocols, and Services CIS Control. Which action should they take when they discover that an application running on a web server is no longer needed?

Uninstall the application providing the service

Turn the service off in the host configuration files

Block the protocol for the unneeded service at the firewall

Create an access list on the router to filter traffic to the host

NO.35 Kenya is a system administrator for SANS. Per the recommendations of the CIS Controls she has a dedicated host (kenya- adminbox / 10.10.10.10) for any administrative tasks. She logs into the dedicated host with her domain admin credentials. Which of the following connections should not exist from kenya-adminbox?

10.10.245.3389

Mail.jane.org.25

Firewall_charon.jane.org.22

10.10.10.33.443

NO.36 Which of the following is a benefit of stress-testing a network?

To determine device behavior in a DoS condition.

To determine bandwidth needs for the network.

To determine the connectivity of the network

To determine the security configurations of the network

NO.37 A need has been identified to organize and control access to different classifications of information stored on a fileserver. Which of the following approaches will meet this need?

Organize files according to the user that created them and allow the user to determine permissions

Divide the documents into confidential, internal, and public folders, and ser permissions on each folder

Set user roles by job or position, and create permission by role for each file

Divide the documents by department and set permissions on each departmental folder

NO.38 Acme Corporation performed an investigation of its centralized logging capabilities. It found that the central server is missing several types of logs from three servers in Acme’s inventory. Given these findings, what is the most appropriate next step?

Define processes to manually review logs for the problem servers

Restart or reinstall the logging service on each of the problem servers

Perform analysis to identify the source of the logging problems

Document the missing logs in the core evaluation report as a minor issue

NO.39 Which of the options below will do the most to reduce an organization’s attack surface on the internet?

Deploy an access control list on the perimeter router and limit inbound ICMP messages to echo requests only

Deploy antivirus software on internet-facing hosts, and ensure that the signatures are updated regularly

Ensure that rotation of duties is used with employees in order to compartmentalize the most important tasks

Ensure only necessary services are running on Internet-facing hosts, and that they are hardened according to best practices

NO.40 Which of the following should be measured and analyzed regularly when implementing the Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CIS Control?

How long does it take to identify new unauthorized listening ports on the network systems

How long does it take to remove unauthorized software from the organization’s systems

What percentage of the organization’s applications are using sandboxing products

What percentage of assets will have their settings enforced and redeployed

What percentage of systems in the organization are using Network Level Authentication (NLA)

NO.41 What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?

Package diagram

Deployment diagram

Class diagram

Use case diagram

NO.42 An organization has implemented a control for penetration testing and red team exercises conducted on their network. They have compiled metrics showing the success of the penetration testing (Penetration Tests), as well as the number of actual adversary attacks they have sustained (External Attacks). Assess the metrics below and determine the appropriate interpretation with respect to this control.

The blue team is adequately protecting the network

There are too many internal penetration tests being conducted

The methods the red team is using are not effectively testing the network

The red team is improving their capability to measure network security

NO.43 As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic. Which event should they receive an alert on?

The number of website hits is higher that the daily average

The logfiles of the webserver are rotated and archived

The website does not respond to a SYN packet for 30 minutes

The website issues a RST to a client after the connection is idle

NO.44 An Internet retailer’s database was recently exploited by a foreign criminal organization via a remote attack.
The initial exploit resulted in immediate root-level access. What could have been done to prevent this level of access being given to the intruder upon successful exploitation?

Configure the DMZ firewall to block unnecessary service

Install host integrity monitoring software

Install updated anti-virus software

Configure the database to run with lower privileges

NO.45 Why is it important to enable event log storage on a system immediately after it is installed?

To allow system to be restored to a known good state if it is compromised

To create the ability to separate abnormal behavior from normal behavior during an incident

To compare it performance with other systems already on the network

To identify root kits included on the system out of the box

NO.46 Review the below results of an audit on a server. Based on these results, which document would you recommend be reviewed for training or updates?