최신GIAC Critical Controls Certification (GCCC) - GCCC무료샘플문제

A. Reports can be sent to the CIO for performance benchmarks

B. Results can be included in audit evidence failures

C. Results can be provided to network engineers as actionable feedback

D. Scanners can correct network configurations issues

A. Ensure that rotation of duties is used with employees in order to compartmentalize the most important tasks

B. Deploy antivirus software on internet-facing hosts, and ensure that the signatures are updated regularly

C. Ensure only necessary services are running on Internet-facing hosts, and that they are hardened according to best practices

D. Deploy an access control list on the perimeter router and limit inbound ICMP messages to echo requests only

A. Limitation and Control of Network Ports, Protocols and Services

B. Inventory and Control of Hardware Assets

C. Controlled Use of Administrative Privilege

D. Controlled Access Based on the Need to Know

E. Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

A. Heartbleed

B. FIPS 140-2

C. Code Red

D. EICAR

A. Run a script at intervals to identify processes running with administrative privilege.

B. Check the log entries to match privilege use with access from authorized users.

C. Force the root account to only be accessible from the system console.

A. Finger Protocol

B. Internet Message Access Protocol

C. Network Address Translation

D. Sender Policy Framework

A. Logging the connection requests to the web application server from outside hosts

B. Creating signatures for their IDS to detect attacks specific to their web application

C. Providing the source code for their web application to existing sales partners

D. Identifying high-risk assets that are on the same network as the web application server

A. To determine device behavior in a DoS condition.

B. To determine the connectivity of the network

C. To determine the security configurations of the network

D. To determine bandwidth needs for the network.

A. There had been a storm on September 27th that may have caused a power surge

B. The attacker may have been able to access the systems due to missing KB2965111

C. The registry entry was modified on September 29th at 22:37

D. The backup process may have failed at 2345 due to lack of available bandwidth

A. Recommending against the use of Google Docs

B. Establishing email filters to block no-reply address emails

C. Having employee's complete user awareness training

D. Making web filters to prevent accessing Google Docs