GIAC Cyber Security GCCC Questions & Answers

• Question 41:

  After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations. Which actions would best protect the computers with the software package installed?

  A. Document the port number and request approval from a change control group

  B. Redirect traffic to and from the software management port to a non-default port

  C. Block TCP 23456 at the network perimeter firewall

  D. Determine which service controls the software management function and opens the port, and disable it

  Correct Answer: D

• Question 42:

  Which of the following should be measured and analyzed regularly when implementing the Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CIS Control?

  A. How long does it take to identify new unauthorized listening ports on the network systems

  B. How long does it take to remove unauthorized software from the organization's systems

  C. What percentage of the organization's applications are using sandboxing products

  D. What percentage of assets will have their settings enforced and redeployed

  E. What percentage of systems in the organization are using Network Level Authentication (NLA)

  Correct Answer: D

• Question 43:

  An organization has installed a firewall for Boundary Defense. It allows only outbound traffic from internal workstations for web and SSH, allows connections from the internet to the DMZ, and allows guest wireless access to the internet only. How can an auditor validate these rules?

  

  A. Check for packets going from the Internet to the Web server

  B. Try to send email from a wireless guest account

  C. Check for packages going from the web server to the user workstations

  D. Try to access the internal network from the wireless router

  Correct Answer: D

• Question 44:

  What is a recommended defense for the CIS Control for Application Software Security?

  A. Keep debugging code in production web applications for quick troubleshooting

  B. Limit access to the web application production environment to just the developers

  C. Run a dedicated vulnerability scanner against backend databases

  D. Display system error messages for only non-kernel related events

  Correct Answer: C

• Question 45:

  Allied services have recently purchased NAC devices to detect and prevent non-company owned devices from attaching to their internal wired and wireless network. Corporate devices will be automatically added to the approved device list by querying Active Directory for domain devices. Non-approved devices will be placed on a protected VLAN with no network access. The NAC also offers a web portal that can be integrated with Active Directory to allow for employee device registration which will not be utilized in this deployment. Which of the following recommendations would make NAC installation more secure?

  A. Enforce company configuration standards for personal mobile devices

  B. Configure Active Directory to push an updated inventory to the NAC daily

  C. Disable the web portal device registration service

  D. Change the wireless password following the NAC implementation

  Correct Answer: C

• Question 46:

  Acme Corporation performed an investigation of its centralized logging capabilities. It found that the central server is missing several types of logs from three servers in Acme's inventory. Given these findings, what is the most appropriate next step?

  A. Define processes to manually review logs for the problem servers

  B. Restart or reinstall the logging service on each of the problem servers

  C. Perform analysis to identify the source of the logging problems

  D. Document the missing logs in the core evaluation report as a minor issue

  Correct Answer: C

• Question 47:

  An auditor is validating the policies and procedures for an organization with respect to a control for Data Recovery. The organization's control states they will completely back up critical servers weekly, with incremental backups every four hours. Which action will best verify success of the policy?

  A. Verify that the backup media cannot be read without the encryption key

  B. Check the backup logs from the critical servers and verify there are no errors

  C. Select a random file from a critical server and verify it is present in a backup set

  D. Restore the critical server data from backup and see if data is missing

  Correct Answer: D

• Question 48:

  What is the business goal of the Inventory and Control of Software Assets Control?

  A. Only authorized software should be installed on the agency 's c omput er s ys t ems

  B. All software conforms to licensing requirements for the business

  C. Accurate software versions are captured to enable patching

  D. Accurate software versions and counts are documented for licensing updates

  Correct Answer: A

• Question 49:

  What is the first step suggested before implementing any single CIS Control?

  A. Develop an effectiveness test

  B. Perform a gap analysis

  C. Perform a vulnerability scan

  D. Develop a roll-out schedule

  Correct Answer: B

• Question 50:

  Which type of scan is best able to determine if user workstations are missing any important patches?

  A. A network vulnerability scan using aggressive scanning

  B. A source code scan

  C. A port scan using banner grabbing

  D. A web application/database scan

  E. A vulnerability scan using valid credentials

  Correct Answer: E