Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

GCCC Exam Dumps - GIAC Cyber Security Questions and Answers

Question # 4

Which of the following assigns a number indicating the severity of a discovered software vulnerability?

Options:

A.

CPE

B.

CVE

C.

CCE

D.

CVSS

Buy Now
Question # 5

Which type of scan is best able to determine if user workstations are missing any important patches?

Options:

A.

A network vulnerability scan using aggressive scanning

B.

A source code scan

C.

A port scan using banner grabbing

D.

A web application/database scan

E.

A vulnerability scan using valid credentials

Buy Now
Question # 6

What could a security team use the command line tool Nmap for when implementing the Inventory and Control of Hardware Assets Control?

Options:

A.

Control which devices can connect to the network

B.

Passively identify new devices

C.

Inventory offline databases

D.

Actively identify new servers

Buy Now
Question # 7

What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?

Options:

A.

Package diagram

B.

Deployment diagram

C.

Class diagram

D.

Use case diagram

Buy Now
Question # 8

Which projects enumerates or maps security issues to CVE?

Options:

A.

SCAP

B.

CIS Controls

C.

NIST

D.

ISO 2700

Buy Now
Question # 9

A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.

Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator’s account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?

Options:

A.

Maintenance, Monitoring, and Analysis of Audit Logs

B.

Controlled Use of Administrative Privilege

C.

Incident Response and Management

D.

Account Monitoring and Control

Buy Now
Question # 10

An organization has failed a test for compliance with a policy of continual detection and removal of malicious software on its network. Which of the following errors is the root cause?

Options:

A.

A host ran malicious software that exploited a vulnerability for which there was no patch

B.

The security console alerted when a host anti-virus ran whitelisted software

C.

The intrusion prevention system failed to update to the newest signature list

D.

A newly discovered vulnerability was not detected by the intrusion detection system

Buy Now
Question # 11

A global corporation has major data centers in Seattle, New York, London and Tokyo. Which of the following is the correct approach from an intrusion detection and event correlation perspective?

Options:

A.

Configure all data center systems to use local time

B.

Configure all data center systems to use GMT time

C.

Configure all systems to use their default time settings

D.

Synchronize between Seattle and New York, and use local time for London and Tokyo

Buy Now
Question # 12

Which approach is recommended by the CIS Controls for performing penetration tests?

Options:

A.

Document a single vulnerability per system

B.

Utilize a single attack vector at a time

C.

Complete intrusive tests on test systems

D.

Execute all tests during network maintenance windows

Buy Now
Question # 13

Which of the following actions would best mitigate against phishing attempts such as the example below?

Options:

A.

Establishing email filters to block no-reply address emails

B.

Making web filters to prevent accessing Google Docs

C.

Having employee’s complete user awareness training

D.

Recommending against the use of Google Docs

Buy Now
Exam Code: GCCC
Exam Name: GIAC Critical Controls Certification (GCCC)
Last Update: Aug 24, 2025
Questions: 93
GCCC pdf

GCCC PDF

$25.5  $84.99
GCCC Engine

GCCC Testing Engine

$28.5  $94.99
GCCC PDF + Engine

GCCC PDF + Testing Engine

$40.5  $134.99