GCCC exam

Home ยป GCCC exam

Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?

Leave a comment

Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed.

Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?
A . Keep the files in the log archives synchronized with another location.
B . Store the files read-only and keep hashes of the logs separately.
C . Install a tier one timeserver on the network to keep log devices synchronized.
D . Encrypt the log files with an asymmetric key and remove the cleartext version.

Answer: B

How can they best protect against injection attacks against their custom web application and database applications?

Leave a comment

An organization is implementing a control within the Application Software Security CIS Control.

How can they best protect against injection attacks against their custom web application and database applications?
A . Ensure the web application server logs are going to a central log host
B . Filter input to only allow safe characters and strings
C . Configure the web server to use Unicode characters only
D . Check user input against a list of reserved database terms

Answer: B

Which event should they receive an alert on?

Leave a comment

As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic.

Which event should they receive an alert on?
A . The number of website hits is higher that the daily average
B . The logfiles of the webserver are rotated and archived
C . The website does not respond to a SYN packet for 30 minutes
D . The website issues a RST to a client after the connection is idle

Answer: C

Given the audit finding below, which CIS Control was being measured?

Leave a comment

Given the audit finding below, which CIS Control was being measured?

A . Controlled Access Based on the Need to Know
B . Controlled Use of Administrative Privilege
C . Limitation and Control of Network Ports, Protocols and Services
D . Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
E . Inventory and Control of Hardware Assets

Answer: B

Which actions would best protect the computers with the software package installed?

Leave a comment

After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations.

Which actions would best protect the computers with the software package installed?
A . Document the port number and request approval from a change control group
B . Redirect traffic to and from the software management port to a non-default port
C . Block TCP 23456 at the network perimeter firewall
D . Determine which service controls the software management function and opens the port, and disable it

Answer: D

Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?

Leave a comment

Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log.

Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?
A . access-list outbound permit tcp host 10.1.1.7 any eq smtp
B . access-list outbound deny tcp any host 74.125.228.2 eq www
C . access-list inbound permit tcp 8.8.0.0 0.0.0.255 10.10.12.252 eq 8080
D . access-list inbound permit tcp host 8.8.207.97 host 10.10.12.100 eq ssh

Answer: D