GIAC Critical Controls Certification GCCC Practice Test V8.02 Killtest 2021

2. The safer , easier way to help you pass any IT exams. 1.Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log. Which of the following lines in your firewall ruleset has expired and should be removed from the configuration? A. access-list outbound permit tcp host 10.1.1.7 any eq smtp B. access-list outbound deny tcp any host 74.125.228.2 eq www C. access-list inbound permit tcp 8.8.0.0 0.0.0.255 10.10.12.252 eq 8080 D. access-list inbound permit tcp host 8.8.207.97 host 10.10.12.100 eq ssh Answer: D GIAC Critical Controls Certification GCCC Practice Test V8.02 Killtest 2021 D. Training users to recognize potential phishing attempts Answer: B 2.Which of the following actions produced the output seen below? A. An access rule was removed from firewallrules.txt B. An access rule was added to firewallrules2.txt C. An access rule was added to firewallrules.txt D. An access rule was removed from firewallrules2.txt Answer: B 3.An organization has implemented a policy to detect and remove malicious software from its network. Which of the following actions is focused on correcting rather than preventing attack? A. Configuring a firewall to only allow communication to whitelisted hosts and ports B. Using Network access control to disable communication by hosts with viruses C. Disabling autorun features on all workstations on the network 4.An Internet retailer's database was recently exploited by a foreign criminal organization via a remote attack. The initial exploit resulted in immediate root-level access. What could have been done to prevent this level of access being given to the intruder upon successful exploitation? A. Configure the DMZ firewall to block unnecessary service B. Install host integrity monitoring software C. Install updated anti-virus software D. Configure the database to run with lower privileges 2 / 7

3. The safer , easier way to help you pass any IT exams. Answer: D 5.As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic. Which event should they receive an alert on? A. The number of website hits is higher that the daily average B. The logfiles of the webserver are rotated and archived C. The website does not respond to a SYN packet for 30 minutes D. The website issues a RST to a client after the connection is idle Answer: C GIAC Critical Controls Certification GCCC Practice Test V8.02 Killtest 2021 C. Limitation and Control of Network Ports, Protocols and Services D. Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers E. Inventory and Control of Hardware Assets Answer: B 6.Implementing which of the following will decrease spoofed e-mail messages? A. Finger Protocol B. Sender Policy Framework C. Network Address Translation D. Internet Message Access Protocol Answer: B 7.After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations. Which actions would best protect the computers with the software package installed? A. Document the port number and request approval from a change control group B. Redirect traffic to and from the software management port to a non-default port C. Block TCP 23456 at the network perimeter firewall D. Determine which service controls the software management function and opens the port, and disable it Answer: D 8.Given the audit finding below, which CIS Control was being measured? A. Controlled Access Based on the Need to Know B. Controlled Use of Administrative Privilege 9.According to attack lifecycle models, what is the attacker’s first step in compromising an organization? A. Privilege Escalation B. Exploitation C. Initial Compromise D. Reconnaissance Answer: D 3 / 7

4. The safer , easier way to help you pass any IT exams. 10.Which of the following items would be used reactively for incident response? A. A schedule for creating and storing backup B. A phone tree used to contact necessary personnel C. A script used to verify patches are installed on systems D. An IPS rule that prevents web access from international locations Answer: B 11.A security incident investigation identified the following modified version of a legitimate system file on a compromised client: C:\Windows\System32\winxml.dll Addition Jan. 16, 2014 4:53:11 PM The infection vector was determined to be a vulnerable browser plug-in installed by the user. Which of the organization’s CIS Controls failed? A. Application Software Security B. Inventory and Control of Software Assets C. Maintenance, Monitoring, and Analysis of Audit Logs D. Inventory and Control of Hardware Assets Answer: B GIAC Critical Controls Certification GCCC Practice Test V8.02 Killtest 2021 D. Check user input against a list of reserved database terms Answer: B 12.What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system? A. Package diagram B. Deployment diagram C. Class diagram D. Use case diagram Answer: A 13.An organization is implementing a control within the Application Software Security CIS Control. How can they best protect against injection attacks against their custom web application and database applications? A. Ensure the web application server logs are going to a central log host B. Filter input to only allow safe characters and strings C. Configure the web server to use Unicode characters only 14.What is a recommended defense for the CIS Control for Application Software Security? A. Keep debugging code in production web applications for quick troubleshooting B. Limit access to the web application production environment to just the developers C. Run a dedicated vulnerability scanner against backend databases D. Display system error messages for only non-kernel related events Answer: C 15.A need has been identified to organize and control access to different classifications of 4 / 7

5. The safer , easier way to help you pass any IT exams. information stored on a fileserver. Which of the following approaches will meet this need? A. Organize files according to the user that created them and allow the user to determine permissions B. Divide the documents into confidential, internal, and public folders, and ser permissions on each folder C. Set user roles by job or position, and create permission by role for each file D. Divide the documents by department and set permissions on each departmental folder Answer: B 16.Below is a screenshot from a deployed next-generation firewall. These configuration settings would be a defensive measure for which CIS Control? GIAC Critical Controls Certification GCCC Practice Test V8.02 Killtest 2021 D. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches. Answer: C A. Controlled Access Based on the Need to Know B. Limitation and Control of Network Ports, Protocols and Services C. Email and Web Browser Protections 17.Based on the data shown below. 5 / 7

6. The safer , easier way to help you pass any IT exams. GIAC Critical Controls Certification GCCC Practice Test V8.02 Killtest 2021 C. Heartbleed D. EICAR Answer: D Which wireless access point has the manufacturer default settings still in place? A. Starbucks B. Linksys C. Hhonors D. Interwebz Answer: B 18.Which of the following should be used to test antivirus software? A. FIPS 140-2 B. Code Red 19.Which of the following best describes the CIS Controls? A. Technical, administrative, and policy controls based on research provided by the SANS Institute B. Technical controls designed to provide protection from the most damaging attacks based on current threat data C. Technical controls designed to augment the NIST 800 series D. Technical, administrative, and policy controls based on current regulations and security best practices Answer: B 6 / 7

7. The safer , easier way to help you pass any IT exams. 20.An attacker is able to successfully access a web application as root using ‘ or 1 = 1 . as the password. The successful access indicates a failure of what process? A. Input Validation B. Output Sanitization C. URL Encoding D. Account Management Answer: A 21.An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user. What action can they take to rectify this? A. Force the root account to only be accessible from the system console. B. Turn on SELinux and user process accounting for the MySQL server. C. Force user accounts to use ‘sudo’ f or privileged use. D. Blacklist client applications from being run in privileged mode. Answer: C GIAC Critical Controls Certification GCCC Practice Test V8.02 Killtest 2021 C. To determine the connectivity of the network D. To determine the security configurations of the network Answer: A 22.Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed. Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps? A. Keep the files in the log archives synchronized with another location. B. Store the files read-only and keep hashes of the logs separately. C. Install a tier one timeserver on the network to keep log devices synchronized. D. Encrypt the log files with an asymmetric key and remove the cleartext version. Answer: B 23.Which of the following is a benefit of stress-testing a network? A. To determine device behavior in a DoS condition. B. To determine bandwidth needs for the network. 7 / 7