GCCC Online Practice Questions and Answers
Which of the following is a requirement in order to implement the principle of least privilege?
A. Mandatory Access Control (MAC)
B. Data normalization
C. Data classification
D. Discretionary Access Control (DAC)
An organization wants to test its procedure for data recovery. Which of the following will be most effective?
A. Verifying a file can be recovered from backup media
B. Verifying that backup process is running when it should
C. Verifying that network backups can't be read in transit
D. Verifying there are no errors in the backup server logs
What is an organization's goal in deploying a policy to encrypt all mobile devices?
A. Enabling best practices for the protection of their software licenses
B. Providing their employees, a secure method of connecting to the corporate network
C. Controlling unauthorized access to sensitive information
D. Applying the principle of defense in depth to their mobile devices
Which of the following is necessary for implementing and automating the Continuous Vulnerability Assessment and Remediation CIS Control?
A. Software Whitelisting System
B. System Configuration Enforcement System
C. Patch Management System
D. Penetration Testing System
Which projects enumerates or maps security issues to CVE?
A. SCAP
B. CIS Controls
C. NIST
D. ISO 2700
John is implementing a commercial backup solution for his organization. Which of the following steps should be on the configuration checklist?
A. Enable encryption if it 's not enabled by default
B. Disable software-level encryption to increase speed of transfer
C. Develop a unique encryption scheme
Which of the following actions will assist an organization specifically with implementing web application software security?
A. Making sure that all hosts are patched during regularly scheduled maintenance
B. Providing end-user security training to both internal staff and vendors
C. Establishing network activity baselines among public-facing servers
D. Having a plan to scan vulnerabilities of an application prior to deployment
According to attack lifecycle models, what is the attacker's first step in compromising an organization?
A. Privilege Escalation
B. Exploitation
C. Initial Compromise
D. Reconnaissance
An organization is implementing a control within the Application Software Security CIS Control. How can they best protect against injection attacks against their custom web application and database applications?
A. Ensure the web application server logs are going to a central log host
B. Filter input to only allow safe characters and strings
C. Configure the web server to use Unicode characters only
D. Check user input against a list of reserved database terms
Acme Corporation is doing a core evaluation of its centralized logging capabilities. Which of the following scenarios indicates a failure in more than one CIS Control?
A. The loghost is missing logs from 3 servers in the inventory
B. The loghost is receiving logs from hosts with different timezone values
C. The loghost time is out-of-sync with an external host
D. The loghost is receiving out-of-sync logs from undocumented servers
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2025 leads4pass.com.