2023年最新の実際に出ると確認されたGCCC試験問題集と解答でGCCC無料更新
実際問題を使ってGCCC問題集で100%無料GCCC試験問題集
質問 # 57
Which of the following is a reliable way to test backed up data?
- A. Restore the data to a system
- B. Confirm the backup service is running at the proper time
- C. Verify the file size of the backup
- D. Compare data hashes of backed up data to original systems
正解:A
質問 # 58
Which of the following can be enabled on a Linux based system in order to make it more difficult for an attacker to execute malicious code after launching a buffer overflow attack?
- A. ASLR
- B. Iptables
- C. TCP Wrappers
- D. Tripwire
- E. SUID
正解:A
質問 # 59
Based on the data shown below.
Which wireless access point has the manufacturer default settings still in place?
- A. Hhonors
- B. Starbucks
- C. Linksys
- D. Interwebz
正解:C
質問 # 60
Given the audit finding below, which CIS Control was being measured?
- A. Controlled Use of Administrative Privilege
- B. Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
- C. Limitation and Control of Network Ports, Protocols and Services
- D. Controlled Access Based on the Need to Know
- E. Inventory and Control of Hardware Assets
正解:A
質問 # 61
An organization has implemented a control for Controlled Use of Administrative Privilege. The control requires users to enter a password from their own user account before being allowed elevated privileges, and that no client applications (e.g. web browsers, e-mail clients) can be run with elevated privileges. Which of the following actions will validate this control is implemented properly?
- A. Check the log entries to match privilege use with access from authorized users.
- B. Run a script at intervals to identify processes running with administrative privilege.
- C. Force the root account to only be accessible from the system console.
正解:B
質問 # 62
What is the first step suggested before implementing any single CIS Control?
- A. Perform a vulnerability scan
- B. Develop a roll-out schedule
- C. Perform a gap analysis
- D. Develop an effectiveness test
正解:C
質問 # 63
Which of the following baselines is considered necessary to implement the Boundary Defense CIS Control?
- A. Network Device Configuration Baselines
- B. Network Traffic/Service Baseline
- C. Multi-Factor Authentication Standard
- D. Network Information Flow
正解:D
質問 # 64
Which of the following is necessary for implementing and automating the Continuous Vulnerability Assessment and Remediation CIS Control?
- A. Software Whitelisting System
- B. System Configuration Enforcement System
- C. Patch Management System
- D. Penetration Testing System
正解:C
質問 # 65
Which of the following should be used to test antivirus software?
- A. Code Red
- B. FIPS 140-2
- C. EICAR
- D. Heartbleed
正解:C
質問 # 66
How can the results of automated network configuration scans be used to improve the security of the network?
- A. Reports can be sent to the CIO for performance benchmarks
- B. Results can be provided to network engineers as actionable feedback
- C. Results can be included in audit evidence failures
- D. Scanners can correct network configurations issues
正解:B
質問 # 67
Which of the following is necessary to automate a control for Inventory and Control of Hardware Assets?
- A. An inventory of unauthorized assets
- B. A method of device scanning
- C. A centralized time server
- D. An up-to-date hardening guide
正解:B
質問 # 68
An organization has created a policy that allows software from an approved list of applications to be installed on workstations. Programs not on the list should not be installed. How can the organization best monitor compliance with the policy?
- A. Performing regular port scans of workstations on the network
- B. Comparing system snapshots and alerting when changes are made
- C. Creating an IDS signature to alert based on unknown "User-Agent " strings
- D. Auditing Active Directory and alerting when new accounts are created
正解:C
質問 # 69
Which of the following will decrease the likelihood of eavesdropping on a wireless network?
- A. Using EAP/TLS authentication and WPA2 with AES encryption
- B. Putting the wireless network on a separate VLAN
- C. Using Wired Equivalent Protocol (WEP)
- D. Broadcasting in the 5Ghz frequency
正解:A
質問 # 70
Which of the options below will do the most to reduce an organization's attack surface on the internet?
- A. Ensure only necessary services are running on Internet-facing hosts, and that they are hardened according to best practices
- B. Deploy an access control list on the perimeter router and limit inbound ICMP messages to echo requests only
- C. Ensure that rotation of duties is used with employees in order to compartmentalize the most important tasks
- D. Deploy antivirus software on internet-facing hosts, and ensure that the signatures are updated regularly
正解:A
質問 # 71
An organization is implementing a control for the Account Monitoring and Control CIS Control, and have set the Account Lockout Policy as shown below. What is the risk presented by these settings?
- A. Once accounts are locked, they cannot be unlocked.
- B. Legitimate users could be unable to access resources.
- C. Brute-force password attacks could be more effective.
- D. Password length and complexity will be automatically reduced.
正解:B
質問 # 72
Which approach is recommended by the CIS Controls for performing penetration tests?
- A. Execute all tests during network maintenance windows
- B. Complete intrusive tests on test systems
- C. Utilize a single attack vector at a time
- D. Document a single vulnerability per system
正解:B
質問 # 73
Which of the following is a requirement in order to implement the principle of least privilege?
- A. Data classification
- B. Data normalization
- C. Discretionary Access Control (DAC)
- D. Mandatory Access Control (MAC)
正解:A
質問 # 74
Which CIS Control includes storing system images on a hardened server, scanning production systems for out-of-date software, and using file integrity assessment tools like tripwire?
- A. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- B. Inventory of Authorized and Unauthorized Software
- C. Secure Configurations for Network Devices such as Firewalls, Routers and Switches
- D. Continuous Vulnerability Management
正解:A
質問 # 75
The settings in the screenshot would be configured as part of which CIS Control?
- A. Inventory and Control of Hardware Assets
- B. Account Monitoring and Control
- C. Controlled Use of Administrative Privileges
- D. Application Software Security
正解:A
質問 # 76
What is the relationship between a service and its associated port?
- A. A service closes a port after a period of inactivity
- B. A service opens the port and listens for network traffic
- C. A service relies on the port to select the protocol
- D. A service sets limits on the volume of traffic sent through the port
正解:B
質問 # 77
Janice is auditing the perimeter of the network at Sugar Water InC. According to documentation, external SMTP traffic is only allowed to and from 10.10.10.25. Which of the following actions would demonstrate the rules are configured incorrectly?
- A. Successfully deliver mail from web client using another host inside the network to an external contact.
- B. Receive spam from a known bad domain
- C. Receive mail at Sugar Water Inc. account using Outlook as a mail client
- D. Successfully deliver mail from another host inside the network directly to an external contact
正解:D
質問 # 78
Which type of scan is best able to determine if user workstations are missing any important patches?
- A. A port scan using banner grabbing
- B. A network vulnerability scan using aggressive scanning
- C. A web application/database scan
- D. A source code scan
- E. A vulnerability scan using valid credentials
正解:E
質問 # 79
Which of the following items would be used reactively for incident response?
- A. A phone tree used to contact necessary personnel
- B. A script used to verify patches are installed on systems
- C. A schedule for creating and storing backup
- D. An IPS rule that prevents web access from international locations
正解:A
質問 # 80
An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user. What action can they take to rectify this?
- A. Force user accounts to use 'sudo' f or privileged use.
- B. Blacklist client applications from being run in privileged mode.
- C. Turn on SELinux and user process accounting for the MySQL server.
- D. Force the root account to only be accessible from the system console.
正解:A
質問 # 81
Which of the following is used to prevent spoofing of e-mail addresses?
- A. Public-Key Cryptography
- B. Simple Mail Transfer Protocol
- C. DNS Security Extensions
- D. Sender Policy Framework
正解:D
質問 # 82
......
合格させるGCCC試験問題は更新された95問あります:https://jp.fast2test.com/GCCC-premium-file.html