01. A global corporation has major data centers in Seattle, New York, London and Tokyo. Which of the following is the correct approach from an intrusion detection and event correlation perspective?
a) Configure all data center systems to use local time
b) Configure all data center systems to use GMT time
c) Configure all systems to use their default time settings
d) Synchronize between Seattle and New York, and use local time for London and Tokyo
02. Which of the following actions would best mitigate against phishing attempts such as the example below?
a) Establishing email filters to block no-reply address emails
b) Making web filters to prevent accessing Google Docs
c) Having employee’s complete user awareness training
d) Recommending against the use of Google Docs
03. An Internet retailer's database was recently exploited by a foreign criminal organization via a remote attack. The initial exploit resulted in immediate root-level access. What could have been done to prevent this level of access being given to the intruder upon successful exploitation?
a) Configure the DMZ firewall to block unnecessary service
b) Install host integrity monitoring software
c) Install updated anti-virus software
d) Configure the database to run with lower privileges
04. Which type of scan is best able to determine if user workstations are missing any important patches?
a) A network vulnerability scan using aggressive scanning
b) A source code scan
c) A port scan using banner grabbing
d) A web application/database scan
e) A vulnerability scan using valid credentials
05. Of the options shown below, what is the first step in protecting network devices?
a) Scanning the devices for known vulnerabilities
b) Applying all known security patches
c) Implementing IDS to detect attacks
d) Creating standard secure configurations for all devices
06. What is the list displaying?
a) Missing patches from a patching server
b) Unauthorized programs detected in a software inventory
c) Allowed program in a software inventory application
d) Installed software on an end-user device
07. What is the first step suggested before implementing any single CIS Control?
a) Develop an effectiveness test
b) Perform a gap analysis
c) Perform a vulnerability scan
d) Develop a roll-out schedule
08. What tool creates visual network topology output and results that can be analyzed by Ndiff to determine if a service or network asset has changed?
a) Netscreen
b) CIS-CAT
c) Zenmap
d) Ngrep
09. An organization has implemented a policy to continually detect and remove malware from its network. Which of the following is a detective control needed for this?
a) Host-based firewall sends alerts when packets are sent to a closed port
b) Network Intrusion Prevention sends alerts when RST packets are received
c) Network Intrusion Detection devices sends alerts when signatures are updated
d) Host-based anti-virus sends alerts to a central security console
10. When evaluating the Wireless Access Control CIS Control, which of the following systems needs to be tested?
a) Log management system
b) 802.1x authentication systems
c) Data classification and access baselines
d) PII data scanner
The purpose of this Sample Question Set is to provide you with information about the GIAC Critical Controls Certification (GCCC) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GCCC certification test. To get familiar with real exam environment, we suggest you try our Sample GIAC GCCC Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual GIAC Critical Controls Certification (GCCC) exam.