GCCC GIAC Critical Controls Certification (GCCC) Questions and Answers

A schedule for creating and storing backup

A phone tree used to contact necessary personnel

A script used to verify patches are installed on systems

An IPS rule that prevents web access from international locations

Receive spam from a known bad domain

Receive mail at Sugar Water Inc. account using Outlook as a mail client

Successfully deliver mail from another host inside the network directly to an external contact

Successfully deliver mail from web client using another host inside the network to an external contact.

Ensure the web application server logs are going to a central log host

Filter input to only allow safe characters and strings

Configure the web server to use Unicode characters only

Check user input against a list of reserved database terms

Technical, administrative, and policy controls based on research provided by the SANS Institute

Technical controls designed to provide protection from the most damaging attacks based on current threat data

Technical controls designed to augment the NIST 800 series

Technical, administrative, and policy controls based on current regulations and security best practices

The loghost is missing logs from 3 servers in the inventory

The loghost is receiving logs from hosts with different timezone values

The loghost time is out-of-sync with an external host

The loghost is receiving out-of-sync logs from undocumented servers

Allowed program in a software inventory application

Unauthorized programs detected in a software inventory

Missing patches from a patching server

Installed software on an end-user device

Enable encryption if it ’s not enabled by default

Disable software-level encryption to increase speed of transfer

Develop a unique encryption scheme

Workstation on which a domain admin has never logged in

Windows host with an uptime of 382 days

Server that has zero browser plug-ins

Fully patched guest machine that is not in the asset inventory

Charging a smartphone using a computer USB port

Editing webpages with a Linux system

Reading email using a plain text email client

Online banking in Incognito mode

Input Validation

Output Sanitization

URL Encoding

Account Management