The Realest Study Materials GCCC Dumps Updated Jan 19, 2025 [Q52-Q76]

NO.52 An analyst investigated unused organizational accounts. The investigation found that:
-10% of accounts still have their initial login password, indicating they were never used
-10% of accounts have not been used in over six months
Which change in policy would mitigate the security risk associated with both findings?

NO.53 An organization is implementing a control within the Application Software Security CIS Control. How can they best protect against injection attacks against their custom web application and database applications?

NO.54 An organization has failed a test for compliance with a policy of continual detection and removal of malicious software on its network. Which of the following errors is the root cause?

NO.55 An attacker is able to successfully access a web application as root using ‘ or 1 = 1 . as the password. The successful access indicates a failure of what process?

NO.56 Which of the following should be used to test antivirus software?

NO.57 Which of the following is used to prevent spoofing of e-mail addresses?

NO.58 Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log. Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?

NO.59 As part of a scheduled network discovery scan, what function should the automated scanning tool perform?

NO.60 An organization is implementing a control for the Account Monitoring and Control CIS Control, and have set the Account Lockout Policy as shown below. What is the risk presented by these settings?

NO.61 After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations. Which actions would best protect the computers with the software package installed?

NO.62 What tool creates visual network topology output and results that can be analyzed by Ndiff to determine if a service or network asset has changed?

NO.63 Which of the following best describes the CIS Controls?

NO.64 Which of the following is a responsibility of a change management board?

NO.65 An organization has implemented a policy to detect and remove malicious software from its network. Which of the following actions is focused on correcting rather than preventing attack?

NO.66 What is an organization’s goal in deploying a policy to encrypt all mobile devices?

NO.67 What documentation should be gathered and reviewed for evaluating an Incident Response program?

NO.68 Why is it important to enable event log storage on a system immediately after it is installed?

NO.69 To effectively implement the Data Protection CIS Control, which task needs to be implemented first?

NO.70 Which approach is recommended by the CIS Controls for performing penetration tests?

NO.71 Which of the following is necessary to automate a control for Inventory and Control of Hardware Assets?

NO.72 An organization has installed a firewall for Boundary Defense. It allows only outbound traffic from internal workstations for web and SSH, allows connections from the internet to the DMZ, and allows guest wireless access to the internet only. How can an auditor validate these rules?

NO.73 Review the below results of an audit on a server. Based on these results, which document would you recommend be reviewed for training or updates?

NO.74 How can the results of automated network configuration scans be used to improve the security of the network?

NO.75 What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?

NO.76 How does an organization’s hardware inventory support the control for secure configurations?