GCCC Online Practice Questions and Answers

A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.

Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator's account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?

A. Maintenance, Monitoring, and Analysis of Audit Logs

B. Controlled Use of Administrative Privilege

C. Incident Response and Management

D. Account Monitoring and Control

Which of the following actions produced the output seen below?

A. An access rule was removed from firewallrules.txt

B. An access rule was added to firewallrules2.txt

C. An access rule was added to firewallrules.txt

D. An access rule was removed from firewallrules2.txt

An organization has implemented a control for Controlled Use of Administrative Privilege. The control requires users to enter a password from their own user account before being allowed elevated privileges, and that no client applications (e.g. web browsers, e-mail clients) can be run with elevated privileges. Which of the following actions will validate this control is implemented properly?

A. Check the log entries to match privilege use with access from authorized users.

B. Run a script at intervals to identify processes running with administrative privilege.

C. Force the root account to only be accessible from the system console.

An administrator looking at a web application's log file found login attempts by the same host over several seconds. Each user ID was attempted with three different passwords. The event took place over 5 seconds.

ROOT TEST ADMIN SQL USER NAGIOSGUEST

What is the most likely source of this event?

A. An IT administrator attempting to use outdated credentials to enter the site

B. An attempted Denial of Service attack by locking out administrative accounts

C. An automated tool that attempts to use a dictionary attack to infiltrate a website

D. An attempt to use SQL Injection to gain information from a web-connected database

Which of the following is necessary for implementing and automating the Continuous Vulnerability Assessment and Remediation CIS Control?

A. Software Whitelisting System

B. System Configuration Enforcement System

C. Patch Management System

D. Penetration Testing System

What is the business goal of the Inventory and Control of Software Assets Control?

A. Only authorized software should be installed on the agency 's c omput er s ys t ems

B. All software conforms to licensing requirements for the business

C. Accurate software versions are captured to enable patching

D. Accurate software versions and counts are documented for licensing updates

An organization has failed a test for compliance with a policy of continual detection and removal of malicious software on its network. Which of the following errors is the root cause?

A. A host ran malicious software that exploited a vulnerability for which there was no patch

B. The security console alerted when a host anti-virus ran whitelisted software

C. The intrusion prevention system failed to update to the newest signature list

D. A newly discovered vulnerability was not detected by the intrusion detection system

Which CIS Control includes storing system images on a hardened server, scanning production systems for out-of-date software, and using file integrity assessment tools like tripwire?

A. Inventory of Authorized and Unauthorized Software

B. Continuous Vulnerability Management

C. Secure Configurations for Network Devices such as Firewalls, Routers and Switches

D. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

A security incident investigation identified the following modified version of a legitimate system file on a compromised client:

C:\Windows\System32\winxml.dll Addition Jan. 16, 2014 4:53:11 PM

The infection vector was determined to be a vulnerable browser plug-in installed by the user. Which of the organization's CIS Controls failed?

A. Application Software Security

B. Inventory and Control of Software Assets

C. Maintenance, Monitoring, and Analysis of Audit Logs

D. Inventory and Control of Hardware Assets

A global corporation has major data centers in Seattle, New York, London and Tokyo. Which of the following is the correct approach from an intrusion detection and event correlation perspective?

A. Configure all data center systems to use local time

B. Configure all data center systems to use GMT time

C. Configure all systems to use their default time settings

D. Synchronize between Seattle and New York, and use local time for London and Tokyo