GCCC GIAC Exam Questions and Free Practice Test

Question 7

Which type of scan is best able to determine if user workstations are missing any important patches?

A. A network vulnerability scan using aggressive scanning

B. A source code scan

C. A port scan using banner grabbing

D. A web application/database scan

E. A vulnerability scan using valid credentials

Correct Answer:E

Question 8

What is the relationship between a service and its associated port?

A. A service closes a port after a period of inactivity

B. A service relies on the port to select the protocol

C. A service sets limits on the volume of traffic sent through the port

D. A service opens the port and listens for network traffic

Correct Answer:D

Question 9

An organization has created a policy that allows software from an approved list of applications to be installed on workstations. Programs not on the list should not be installed. How can the organization best monitor compliance with the policy?

A. Performing regular port scans of workstations on the network

B. Auditing Active Directory and alerting when new accounts are created

C. Creating an IDS signature to alert based on unknown ??User-Agent ?? strings

D. Comparing system snapshots and alerting when changes are made

Correct Answer:C

Question 10

Which of the following actions would best mitigate against phishing attempts such as the example below?
GCCC dumps exhibit

A. Establishing email filters to block no-reply address emails

B. Making web filters to prevent accessing Google Docs

C. Having employee??s complete user awareness training

D. Recommending against the use of Google Docs

Correct Answer:C

Question 11

What is the first step suggested before implementing any single CIS Control?

A. Develop an effectiveness test

B. Perform a gap analysis

C. Perform a vulnerability scan

D. Develop a roll-out schedule

Correct Answer:B

Question 12

Which of the following baselines is considered necessary to implement the Boundary Defense CIS Control?

A. Multi-Factor Authentication Standard

B. Network Traffic/Service Baseline

C. Network Device Configuration Baselines

D. Network Information Flow

Correct Answer:D

START GCCC EXAM