GCCC GIAC Critical Controls Certification (GCCC) Questions and Answers

Mimikatz

OpenVAS

Metasploit

There had been a storm on September 27th that may have caused a power surge

The registry entry was modified on September 29th at 22:37

The attacker may have been able to access the systems due to missing KB2965111

The backup process may have failed at 2345 due to lack of available bandwidth

10.10.245.3389

Mail.jane.org.25

Firewall_charon.jane.org.22

10.10.10.33.443

Controlled Access Based on the Need to Know

Controlled Use of Administrative Privilege

Limitation and Control of Network Ports, Protocols and Services

Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

Inventory and Control of Hardware Assets

Reviewing log files for unapproved changes

Approving system baseline configurations.

Providing recommendations for the changes

Reviewing configuration of the documents

Ngrep

CIS-CAT

Netscreen

Zenmap

Making sure that all hosts are patched during regularly scheduled maintenance

Providing end-user security training to both internal staff and vendors

Establishing network activity baselines among public-facing servers

Having a plan to scan vulnerabilities of an application prior to deployment

An IT administrator attempting to use outdated credentials to enter the site

An attempted Denial of Service attack by locking out administrative accounts

An automated tool that attempts to use a dictionary attack to infiltrate a website

An attempt to use SQL Injection to gain information from a web-connected database

Providing the source code for their web application to existing sales partners

Identifying high-risk assets that are on the same network as the web application server

Creating signatures for their IDS to detect attacks specific to their web application

Logging the connection requests to the web application server from outside hosts

SCAP

CIS Controls

NIST

ISO 2700