無料ダウンロードGIAC GCCCリアル試験問題ゲットせよ
最新のGIAC GCCCリアル試験問題集PDF
GIAC Critical Controls Certification(GCCC)試験は、サイバーセキュリティ分野で非常に求められる認定資格です。この認定資格は、組織の資産を保護するために必要な重要なセキュリティコントロールの特定と実装に焦点を当てています。GCCC試験は、サイバーセキュリティコントロールに深い理解を持ち、それらを実装および管理する責任がある個人を対象としています。
GCCC認定試験は、情報セキュリティ認証の大手プロバイダーであるGlobal Information Assurance Certification(GIAC)によって提供されます。試験は115の複数選択の質問で構成されており、3時間以内に完了する必要があります。試験の合格スコアは73%で、認定は4年間有効です。
GIACクリティカルコントロール認証(GCCC)試験は、組織に重要なセキュリティ管理の実施と維持に関する専門知識を実証したいサイバーセキュリティの専門家向けに設計されています。この認定は、重要なセキュリティ制御に関連するリスクを特定、評価、および緩和するために必要なスキルと知識を検証します。この試験では、ネットワークセキュリティ、インシデント対応、脆弱性管理、データ保護など、幅広いトピックをカバーしています。
質問 # 46
Which of the following should be measured and analyzed regularly when implementing the Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CIS Control?
- A. What percentage of the organization's applications are using sandboxing products
- B. How long does it take to remove unauthorized software from the organization's systems
- C. What percentage of systems in the organization are using Network Level Authentication (NLA)
- D. What percentage of assets will have their settings enforced and redeployed
- E. How long does it take to identify new unauthorized listening ports on the network systems
正解:D
質問 # 47
Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed. Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?
- A. Keep the files in the log archives synchronized with another location.
- B. Store the files read-only and keep hashes of the logs separately.
- C. Install a tier one timeserver on the network to keep log devices synchronized.
- D. Encrypt the log files with an asymmetric key and remove the cleartext version.
正解:B
質問 # 48
If an attacker wanted to dump hashes or run wmic commands on a target machine, which of the following tools would he use?
- A. Metasploit
- B. OpenVAS
- C. Mimikatz
正解:A
質問 # 49
An organization has implemented a control for penetration testing and red team exercises conducted on their network. They have compiled metrics showing the success of the penetration testing (Penetration Tests), as well as the number of actual adversary attacks they have sustained (External Attacks). Assess the metrics below and determine the appropriate interpretation with respect to this control.
- A. The blue team is adequately protecting the network
- B. The red team is improving their capability to measure network security
- C. There are too many internal penetration tests being conducted
- D. The methods the red team is using are not effectively testing the network
正解:D
質問 # 50
Which of the following is necessary to automate a control for Inventory and Control of Hardware Assets?
- A. An inventory of unauthorized assets
- B. A method of device scanning
- C. A centralized time server
- D. An up-to-date hardening guide
正解:B
質問 # 51
An organization is implementing a control for the Account Monitoring and Control CIS Control, and have set the Account Lockout Policy as shown below. What is the risk presented by these settings?
- A. Password length and complexity will be automatically reduced.
- B. Legitimate users could be unable to access resources.
- C. Brute-force password attacks could be more effective.
- D. Once accounts are locked, they cannot be unlocked.
正解:B
質問 # 52
A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.
Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator's account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?
- A. Account Monitoring and Control
- B. Maintenance, Monitoring, and Analysis of Audit Logs
- C. Controlled Use of Administrative Privilege
- D. Incident Response and Management
正解:D
質問 # 53
Why is it important to enable event log storage on a system immediately after it is installed?
- A. To allow system to be restored to a known good state if it is compromised
- B. To identify root kits included on the system out of the box
- C. To compare it performance with other systems already on the network
- D. To create the ability to separate abnormal behavior from normal behavior during an incident
正解:D
質問 # 54
What is the business goal of the Inventory and Control of Software Assets Control?
- A. Accurate software versions and counts are documented for licensing updates
- B. Accurate software versions are captured to enable patching
- C. All software conforms to licensing requirements for the business
- D. Only authorized software should be installed on the agency 's c omput er s ys t ems
正解:D
質問 # 55
Of the options shown below, what is the first step in protecting network devices?
- A. Scanning the devices for known vulnerabilities
- B. Creating standard secure configurations for all devices
- C. Implementing IDS to detect attacks
- D. Applying all known security patches
正解:B
質問 # 56
Acme Corporation performed an investigation of its centralized logging capabilities. It found that the central server is missing several types of logs from three servers in Acme's inventory. Given these findings, what is the most appropriate next step?
- A. Define processes to manually review logs for the problem servers
- B. Restart or reinstall the logging service on each of the problem servers
- C. Document the missing logs in the core evaluation report as a minor issue
- D. Perform analysis to identify the source of the logging problems
正解:D
質問 # 57
Which of the following will decrease the likelihood of eavesdropping on a wireless network?
- A. Putting the wireless network on a separate VLAN
- B. Broadcasting in the 5Ghz frequency
- C. Using EAP/TLS authentication and WPA2 with AES encryption
- D. Using Wired Equivalent Protocol (WEP)
正解:C
質問 # 58
An auditor is validating the policies and procedures for an organization with respect to a control for Data Recovery. The organization's control states they will completely back up critical servers weekly, with incremental backups every four hours. Which action will best verify success of the policy?
- A. Select a random file from a critical server and verify it is present in a backup set
- B. Verify that the backup media cannot be read without the encryption key
- C. Restore the critical server data from backup and see if data is missing
- D. Check the backup logs from the critical servers and verify there are no errors
正解:C
質問 # 59
An organization has implemented a policy to continually detect and remove malware from its network. Which of the following is a detective control needed for this?
- A. Host-based anti-virus sends alerts to a central security console
- B. Network Intrusion Prevention sends alerts when RST packets are received
- C. Network Intrusion Detection devices sends alerts when signatures are updated
- D. Host-based firewall sends alerts when packets are sent to a closed port
正解:A
質問 # 60
What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?
- A. Class diagram
- B. Use case diagram
- C. Deployment diagram
- D. Package diagram
正解:D
質問 # 61
The settings in the screenshot would be configured as part of which CIS Control?
- A. Application Software Security
- B. Controlled Use of Administrative Privileges
- C. Account Monitoring and Control
- D. Inventory and Control of Hardware Assets
正解:D
質問 # 62
Review the below results of an audit on a server. Based on these results, which document would you recommend be reviewed for training or updates?
- A. Procedure for adjusting network share permissions
- B. Procedure for setting and resetting user passwords
- C. Procedure for modifying file permissions
- D. Procedure for authorizing remote server access
正解:B
質問 # 63
Which of the following is a requirement in order to implement the principle of least privilege?
- A. Discretionary Access Control (DAC)
- B. Data classification
- C. Mandatory Access Control (MAC)
- D. Data normalization
正解:B
質問 # 64
......
PDF問題(2024年最新)実際のGIAC GCCC試験問題:https://jp.fast2test.com/GCCC-premium-file.html