Cyber Monday Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

GCCC GIAC Critical Controls Certification (GCCC) Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC GCCC GIAC Critical Controls Certification (GCCC) certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC GCCC Premium Access     Download Demo    
Page: 2 / 2
Total 93 questions

Which of the following best describes the CIS Controls?

A.

Technical, administrative, and policy controls based on research provided by the SANS Institute

B.

Technical controls designed to provide protection from the most damaging attacks based on current threat data

C.

Technical controls designed to augment the NIST 800 series

D.

Technical, administrative, and policy controls based on current regulations and security best practices

Which of the following assigns a number indicating the severity of a discovered software vulnerability?

A.

CPE

B.

CVE

C.

CCE

D.

CVSS

Executive management approved the storage of sensitive data on smartphones and tablets as long as they were encrypted. Later a vulnerability was announced at an information security conference that allowed attackers to bypass the device’s authentication process, making the data accessible. The smartphone manufacturer said it would take six months for the vulnerability to be fixed and distributed through the cellular carriers. Four months after the vulnerability was announced, an employee lost his tablet and the sensitive information became public.

What was the failure that led to the information being lost?

A.

There was no risk acceptance review after the risk changed

B.

The employees failed to maintain their devices at the most current software version

C.

Vulnerability scans were not done to identify the devices that we at risk

D.

Management had not insured against the possibility of the information being lost

What is a zero-day attack?

A.

An attack that has a known attack signature but no available patch

B.

An attack that utilizes a vulnerability unknown to the software developer

C.

An attack that deploys at the end of a countdown sequence

D.

An attack that is launched the day the patch is released

Which of the following items would be used reactively for incident response?

A.

A schedule for creating and storing backup

B.

A phone tree used to contact necessary personnel

C.

A script used to verify patches are installed on systems

D.

An IPS rule that prevents web access from international locations

Which projects enumerates or maps security issues to CVE?

A.

SCAP

B.

CIS Controls

C.

NIST

D.

ISO 2700

A need has been identified to organize and control access to different classifications of information stored on a fileserver. Which of the following approaches will meet this need?

A.

Organize files according to the user that created them and allow the user to determine permissions

B.

Divide the documents into confidential, internal, and public folders, and ser permissions on each folder

C.

Set user roles by job or position, and create permission by role for each file

D.

Divide the documents by department and set permissions on each departmental folder

GIAC GCCC Premium Access     Download Demo    
Page: 2 / 2
Total 93 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved