GIAC GCCC Exam Practice Test Instant Access

Question 1

Which of the following actions will assist an organization specifically with implementing web application software security?

AMaking sure that all hosts are patched during regularly scheduled maintenance

BProviding end-user security training to both internal staff and vendors

CEstablishing network activity baselines among public-facing servers

DHaving a plan to scan vulnerabilities of an application prior to deployment

Answer : D

Question 2

Allied services have recently purchased NAC devices to detect and prevent non-company owned devices from attaching to their internal wired and wireless network. Corporate devices will be automatically added to the approved device list by querying Active Directory for domain devices. Non-approved devices will be placed on a protected VLAN with no network access. The NAC also offers a web portal that can be integrated with Active Directory to allow for employee device registration which will not be utilized in this deployment. Which of the following recommendations would make NAC installation more secure?

AEnforce company configuration standards for personal mobile devices

BConfigure Active Directory to push an updated inventory to the NAC daily

CDisable the web portal device registration service

DChange the wireless password following the NAC implementation

Answer : C

Question 3

An auditor is focusing on potential vulnerabilities. Which of the following should cause an alert?

AWorkstation on which a domain admin has never logged in

BWindows host with an uptime of 382 days

CServer that has zero browser plug-ins

DFully patched guest machine that is not in the asset inventory

Answer : B

Question 4

What tool creates visual network topology output and results that can be analyzed by Ndiff to determine if a service or network asset has changed?

ANgrep

BCIS-CAT

CNetscreen

DZenmap

Answer : D

Question 5

According to attack lifecycle models, what is the attacker's first step in compromising an organization?

APrivilege Escalation

BExploitation

CInitial Compromise

DReconnaissance

Answer : D

Question 6

John is implementing a commercial backup solution for his organization. Which of the following steps should be on the configuration checklist?

AEnable encryption if it 's not enabled by default

BDisable software-level encryption to increase speed of transfer

CDevelop a unique encryption scheme

Answer : A

Question 7

Which of the following actions produced the output seen below?

AAn access rule was removed from firewallrules.txt

BAn access rule was added to firewallrules2.txt

CAn access rule was added to firewallrules.txt

DAn access rule was removed from firewallrules2.txt

Answer : B

GIAC Critical Controls Certification Exam Practice Test