GCCC GIAC Exam Questions and Free Practice Test

Question 13

An organization has failed a test for compliance with a policy of continual detection and removal of malicious software on its network. Which of the following errors is the root cause?

A. A host ran malicious software that exploited a vulnerability for which there was no patch

B. The security console alerted when a host anti-virus ran whitelisted software

C. The intrusion prevention system failed to update to the newest signature list

D. A newly discovered vulnerability was not detected by the intrusion detection system

Correct Answer:C

Question 14

What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?

A. Package diagram

B. Deployment diagram

C. Class diagram

D. Use case diagram

Correct Answer:A

Question 15

Review the below results of an audit on a server. Based on these results, which document would you recommend be reviewed for training or updates?
GCCC dumps exhibit

A. Procedure for authorizing remote server access

B. Procedure for modifying file permissions

C. Procedure for adjusting network share permissions

D. Procedure for setting and resetting user passwords

Correct Answer:D

Question 16

An organization has implemented a control for penetration testing and red team exercises conducted on their network. They have compiled metrics showing the success of the penetration testing (Penetration Tests), as well as the number of actual adversary attacks they have sustained (External Attacks). Assess the metrics below and determine the appropriate interpretation with respect to this control.
GCCC dumps exhibit

A. The blue team is adequately protecting the network

B. There are too many internal penetration tests being conducted

C. The methods the red team is using are not effectively testing the network

D. The red team is improving their capability to measure network security

Correct Answer:C

Question 17

Given the audit finding below, which CIS Control was being measured?
GCCC dumps exhibit

A. Controlled Access Based on the Need to Know

B. Controlled Use of Administrative Privilege

C. Limitation and Control of Network Ports, Protocols and Services

D. Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

E. Inventory and Control of Hardware Assets

Correct Answer:B

Question 18

An organization is implementing a control for the Account Monitoring and Control CIS Control, and have set the Account Lockout Policy as shown below. What is the risk presented by these settings?
GCCC dumps exhibit

A. Brute-force password attacks could be more effective.

B. Legitimate users could be unable to access resources.

C. Password length and complexity will be automatically reduced.

D. Once accounts are locked, they cannot be unlocked.

Correct Answer:B

START GCCC EXAM