GCCC Online Practice Questions and Answers

Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed. Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?

A. Keep the files in the log archives synchronized with another location.

B. Store the files read-only and keep hashes of the logs separately.

C. Install a tier one timeserver on the network to keep log devices synchronized.

D. Encrypt the log files with an asymmetric key and remove the cleartext version.

An organization is implementing an application software security control their custom-written code that provides web--based database access to sales partners. Which action will help mitigate the risk of the application being compromised?

A. Providing the source code for their web application to existing sales partners

B. Identifying high-risk assets that are on the same network as the web application server

C. Creating signatures for their IDS to detect attacks specific to their web application

D. Logging the connection requests to the web application server from outside hosts

What is a recommended defense for the CIS Control for Application Software Security?

A. Keep debugging code in production web applications for quick troubleshooting

B. Limit access to the web application production environment to just the developers

C. Run a dedicated vulnerability scanner against backend databases

D. Display system error messages for only non-kernel related events

What tool creates visual network topology output and results that can be analyzed by Ndiff to determine if a service or network asset has changed?

A. Ngrep

B. CIS-CAT

C. Netscreen

D. Zenmap

What is the list displaying?

A. Allowed program in a software inventory application

B. Unauthorized programs detected in a software inventory

C. Missing patches from a patching server

D. Installed software on an end-user device

What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?

A. Package diagram

B. Deployment diagram

C. Class diagram

D. Use case diagram

Which of the following is necessary to automate a control for Inventory and Control of Hardware Assets?

A. A method of device scanning

B. A centralized time server

C. An up-to-date hardening guide

D. An inventory of unauthorized assets

Of the options shown below, what is the first step in protecting network devices?

A. Creating standard secure configurations for all devices

B. Scanning the devices for known vulnerabilities

C. Implementing IDS to detect attacks

D. Applying all known security patches

Which of the following is used to prevent spoofing of e-mail addresses?

A. Sender Policy Framework

B. DNS Security Extensions

C. Public-Key Cryptography

D. Simple Mail Transfer Protocol

Based on the data shown below.

Which wireless access point has the manufacturer default settings still in place?

A. Starbucks

B. Linksys

C. Hhonors

D. Interwebz