01. An administrator needs to ensure compliance with a policy that mandates two-factor authentication. Which of the following scenarios would be compliant?
a) A system access using a password and security questions.
b) A system access using a password and a biometric input.
c) A system access using a hardware token and a mobile push notification.
d) A system access using a password only.
02. Why is maintaining an accurate software inventory crucial for organizational security?
a) It reduces the cost of software licenses.
b) It allows for faster software updates.
c) It ensures software compliance with industry standards.
d) It helps identify unauthorized software that may pose security risks.
03. For an organization using a federated identity management system, what is a key security advantage?
a) Centralized management of all user credentials and permissions.
b) Decentralized storage of sensitive user data.
c) Reduced need for multiple user accounts and passwords.
d) Increased transparency in user activity tracking.
04. When implementing an access review process, which of the following activities are crucial?
(Choose Two)
a) Periodically confirming that user access is still aligned with current roles and responsibilities.
b) Ensuring that user privileges are expansive to promote ease of use.
c) Reviewing and adjusting privileges based on user activity and behavior patterns.
d) Allowing users to modify their own privilege levels to suit their workflow needs.
05. How do NGFWs differ from traditional firewalls in terms of threat intelligence?
a) NGFWs cannot integrate with external threat intelligence sources.
b) NGFWs use static routing protocols only.
c) NGFWs integrate global threat intelligence to improve threat detection and blocking.
d) NGFWs focus exclusively on managing internal network policies.
06. What are effective methods to detect configuration drift in an IT environment?
(Choose Three)
a) Manual weekly checks by IT staff.
b) Automated configuration scanning tools.
c) Regular user reports on system performance.
d) Use of a configuration management tool.
07. Which method can improve the detection of encrypted intrusions without decrypting the traffic?
a) Relying solely on IP address filtering
b) Analyzing the timing and size of encrypted packets
c) Implementing strict firewall rules to block all encrypted traffic
d) Monitoring only unencrypted traffic
08. What method is most effective for automatically managing and cycling credentials for privileged accounts?
(Choose Three)
a) Manual rotation by system administrators.
b) Automated privileged identity management solutions.
c) Using a single, strong static password for all accounts.
d) Implementation of a privileged access management (PAM) tool.
09. Endpoint discovery typically includes identification of what types of devices?
a) Only mobile devices
b) Workstations, mobile devices, and servers
c) Only network printers
d) Only servers
10. In device monitoring, what is the purpose of implementing a Security Information and Event Management (SIEM) system?
a) To provide real-time analysis of security alerts generated by applications and network hardware.
b) To create a physical security barrier around devices.
c) To ensure that all devices use the same operating system.
d) To increase the processing power of endpoint devices.
The purpose of this Sample Question Set is to provide you with information about the GIAC Continuous Monitoring (GMON) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GMON certification test. To get familiar with real exam environment, we suggest you try our Sample GIAC GMON Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual GIAC Continuous Monitoring (GMON) certification exam.