Cyber Monday Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

GCCC GIAC Critical Controls Certification (GCCC) Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC GCCC GIAC Critical Controls Certification (GCCC) certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC GCCC Premium Access     Download Demo    
Page: 1 / 2
Total 93 questions

Which of the following is a reliable way to test backed up data?

A.

Verify the file size of the backup

B.

Confirm the backup service is running at the proper time

C.

Compare data hashes of backed up data to original systems

D.

Restore the data to a system

As part of a scheduled network discovery scan, what function should the automated scanning tool perform?

A.

Uninstall listening services that have not been used since the last scheduled scan

B.

Compare discovered ports and services to a known baseline to report deviations

C.

Alert the incident response team on ports and services added since the last scan

D.

Automatically close ports and services not included in the current baseline

An administrator looking at a web application’s log file found login attempts by the same host over several seconds. Each user ID was attempted with three different passwords. The event took place over 5 seconds.

    ROOT

    TEST

    ADMIN

    SQL

    USER

    NAGIOSGUEST

What is the most likely source of this event?

A.

An IT administrator attempting to use outdated credentials to enter the site

B.

An attempted Denial of Service attack by locking out administrative accounts

C.

An automated tool that attempts to use a dictionary attack to infiltrate a website

D.

An attempt to use SQL Injection to gain information from a web-connected database

Why is it important to enable event log storage on a system immediately after it is installed?

A.

To allow system to be restored to a known good state if it is compromised

B.

To create the ability to separate abnormal behavior from normal behavior during an incident

C.

To compare it performance with other systems already on the network

D.

To identify root kits included on the system out of the box

According to attack lifecycle models, what is the attacker’s first step in compromising an organization?

A.

Privilege Escalation

B.

Exploitation

C.

Initial Compromise

D.

Reconnaissance

DHCP logging output in the screenshot would be used for which of the following?

A.

Enforcing port-based network access control to prevent unauthorized devices on the network.

B.

Identifying new connections to maintain an up-to-date inventory of devices on the network.

C.

Detecting malicious activity by compromised or unauthorized devices on the network.

D.

Providing ping sweep results to identify live network hosts for vulnerability scanning.

What is the first step suggested before implementing any single CIS Control?

A.

Develop an effectiveness test

B.

Perform a gap analysis

C.

Perform a vulnerability scan

D.

Develop a roll-out schedule

During a security audit which test should result in a source packet failing to reach its intended destination?

A.

A new connection request from the Internet is sent to a host on the company ’s internal net work

B.

A packet originating from the company’s DMZ is sent to a host on the company’s internal network

C.

A new connection request from the internet is sent to the company’s DNS server

D.

A packet originating from the company’s internal network is sent to the company’s DNS server

Which of the following archiving methods would maximize log integrity?

A.

DVD-R

B.

USB flash drive

C.

Magnetic Tape

D.

CD-RW

What is the relationship between a service and its associated port?

A.

A service closes a port after a period of inactivity

B.

A service relies on the port to select the protocol

C.

A service sets limits on the volume of traffic sent through the port

D.

A service opens the port and listens for network traffic

Below is a screenshot from a deployed next-generation firewall. These configuration settings would be a defensive measure for which CIS Control?

A.

Controlled Access Based on the Need to Know

B.

Limitation and Control of Network Ports, Protocols and Services

C.

Email and Web Browser Protections

D.

Secure Configuration for Network Devices, such as Firewalls, Routers and Switches.

Which of the following baselines is considered necessary to implement the Boundary Defense CIS Control?

A.

Multi-Factor Authentication Standard

B.

Network Traffic/Service Baseline

C.

Network Device Configuration Baselines

D.

Network Information Flow

An organization has implemented a policy to continually detect and remove malware from its network. Which of the following is a detective control needed for this?

A.

Host-based firewall sends alerts when packets are sent to a closed port

B.

Network Intrusion Prevention sends alerts when RST packets are received

C.

Network Intrusion Detection devices sends alerts when signatures are updated

D.

Host-based anti-virus sends alerts to a central security console

An Internet retailer's database was recently exploited by a foreign criminal organization via a remote attack. The initial exploit resulted in immediate root-level access. What could have been done to prevent this level of access being given to the intruder upon successful exploitation?

A.

Configure the DMZ firewall to block unnecessary service

B.

Install host integrity monitoring software

C.

Install updated anti-virus software

D.

Configure the database to run with lower privileges

Which of the following is necessary to automate a control for Inventory and Control of Hardware Assets?

A.

A method of device scanning

B.

A centralized time server

C.

An up-to-date hardening guide

D.

An inventory of unauthorized assets

An attacker is able to successfully access a web application as root using ‘ or 1 = 1 . as the password. The successful access

indicates a failure of what process?

A.

Input Validation

B.

Output Sanitization

C.

URL Encoding

D.

Account Management

Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed. Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?

A.

Keep the files in the log archives synchronized with another location.

B.

Store the files read-only and keep hashes of the logs separately.

C.

Install a tier one timeserver on the network to keep log devices synchronized.

D.

Encrypt the log files with an asymmetric key and remove the cleartext version.

Of the options shown below, what is the first step in protecting network devices?

A.

Creating standard secure configurations for all devices

B.

Scanning the devices for known vulnerabilities

C.

Implementing IDS to detect attacks

D.

Applying all known security patches

What is a recommended defense for the CIS Control for Application Software Security?

A.

Keep debugging code in production web applications for quick troubleshooting

B.

Limit access to the web application production environment to just the developers

C.

Run a dedicated vulnerability scanner against backend databases

D.

Display system error messages for only non-kernel related events

John is implementing a commercial backup solution for his organization. Which of the following steps should be on the configuration checklist?

A.

Enable encryption if it ’s not enabled by default

B.

Disable software-level encryption to increase speed of transfer

C.

Develop a unique encryption scheme

GIAC GCCC Premium Access     Download Demo    
Page: 1 / 2
Total 93 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved