[2026] GIAC Critical Controls Certification (GCCC)

문제1

An attacker is able to successfully access a web application as root using ' or 1 = 1 . as the password. The successful access indicates a failure of what process?

A. URL Encoding

B. Output Sanitization

C. Account Management

D. Input Validation

정답: D

문제2

When evaluating the Wireless Access Control CIS Control, which of the following systems needs to be tested?

A. 802.1x authentication systems

B. PII data scanner

C. Log management system

D. Data classification and access baselines

정답: A

문제3

An administrator looking at a web application's log file found login attempts by the same host over several seconds. Each user ID was attempted with three different passwords. The event took place over 5 seconds.
* ROOT
* TEST
* ADMIN
* SQL
* USER
* NAGIOSGUEST
What is the most likely source of this event?

A. An attempt to use SQL Injection to gain information from a web-connected database

B. An attempted Denial of Service attack by locking out administrative accounts

C. An IT administrator attempting to use outdated credentials to enter the site

D. An automated tool that attempts to use a dictionary attack to infiltrate a website

정답: D

문제4

Based on the data shown below.

Which wireless access point has the manufacturer default settings still in place?

A. Linksys

B. Starbucks

C. Interwebz

D. Hhonors

정답: A

문제5

After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations. Which actions would best protect the computers with the software package installed?

A. Block TCP 23456 at the network perimeter firewall

B. Determine which service controls the software management function and opens the port, and disable it

C. Redirect traffic to and from the software management port to a non-default port

D. Document the port number and request approval from a change control group

정답: B

문제6

An organization is implementing a control for the Account Monitoring and Control CIS Control, and have set the Account Lockout Policy as shown below. What is the risk presented by these settings?

A. Once accounts are locked, they cannot be unlocked.

B. Legitimate users could be unable to access resources.

C. Password length and complexity will be automatically reduced.

D. Brute-force password attacks could be more effective.

정답: B

문제7

Which of the following actions produced the output seen below?

A. An access rule was added to firewallrules2.txt

B. An access rule was removed from firewallrules.txt

C. An access rule was added to firewallrules.txt

D. An access rule was removed from firewallrules2.txt

정답: A

문제8

An organization has created a policy that allows software from an approved list of applications to be installed on workstations. Programs not on the list should not be installed. How can the organization best monitor compliance with the policy?

A. Auditing Active Directory and alerting when new accounts are created

B. Comparing system snapshots and alerting when changes are made

C. Performing regular port scans of workstations on the network

D. Creating an IDS signature to alert based on unknown "User-Agent " strings

정답: D

문제9

What could a security team use the command line tool Nmap for when implementing the Inventory and Control of Hardware Assets Control?

A. Control which devices can connect to the network

B. Inventory offline databases

C. Passively identify new devices

D. Actively identify new servers

정답: D

문제10

Which of the following actions will assist an organization specifically with implementing web application software security?

A. Establishing network activity baselines among public-facing servers

B. Providing end-user security training to both internal staff and vendors

C. Having a plan to scan vulnerabilities of an application prior to deployment

D. Making sure that all hosts are patched during regularly scheduled maintenance

정답: C

GIAC Critical Controls Certification (GCCC) - GCCC무료 덤프문제 풀어보기

우리와 연락하기

유용한 링크

최신 업데이트