How To Study GIAC Critical Controls Certification (GCCC) Easily?

How To Study GIAC Critical Controls Certification (GCCC) Easily?

Want to achieve GCCC Certification to improve your credential? GIAC Critical Controls Certification (GCCC) is the only certification based on the CIS Controls, a prioritized, risk-based approach to security. If you are preparing for GCCC exam, you should get latest GCCC exam dumps to pass in the first try. You can try these GCCC sample exam questions to see if you are ready for the real exam. We provide latest updated and valid real exam questions. 100% pass rate is guaranteed.

To help you prepare for the exam, take a free practice test.

Page 1 of 3

1. What is the business goal of the Inventory and Control of Software Assets Control?

2. An analyst investigated unused organizational accounts.

The investigation found that:

- 10% of accounts still have their initial login password, indicating they were never used

- 10% of accounts have not been used in over six months

Which change in policy would mitigate the security risk associated with both findings?

3. Kenya is a system administrator for SANS. Per the recommendations of the CIS Controls she has a dedicated host (kenya- adminbox / for any administrative tasks. She logs into the dedicated host with her domain admin credentials.

Which of the following connections should not exist from kenya-adminbox?

4. Which of the following is necessary for implementing and automating the Continuous Vulnerability Assessment and Remediation CIS Control?

5. How can the results of automated network configuration scans be used to improve the security of the network?

6. A security incident investigation identified the following modified version of a legitimate system file on a compromised client:

C:WindowsSystem32winxml.dll Addition Jan. 16, 2014 4:53:11 PM

The infection vector was determined to be a vulnerable browser plug-in installed by the user.

Which of the organization’s CIS Controls failed?

7. What is an organization’s goal in deploying a policy to encrypt all mobile devices?

8. As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic.

Which event should they receive an alert on?

9. Which of the following should be used to test antivirus software?

10. Which type of scan is best able to determine if user workstations are missing any important patches?


Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *