Free Access GIAC.GCCC.v2022-03-26.q34 Practice Test (Page 5)

Question 16

What is the business goal of the Inventory and Control of Software Assets Control?

A.Accurate software versions and counts are documented for licensing updates

B.Only authorized software should be installed on the agency 's c omput er s ys t ems

C.Accurate software versions are captured to enable patching

D.All software conforms to licensing requirements for the business

Question 17

An organization is implementing an application software security control their custom-written code that provides web-based database access to sales partners. Which action will help mitigate the risk of the application being compromised?

A.Identifying high-risk assets that are on the same network as the web application server

B.Logging the connection requests to the web application server from outside hosts

C.Providing the source code for their web application to existing sales partners

D.Creating signatures for their IDS to detect attacks specific to their web application

Question 18

Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed. Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?

A.Store the files read-only and keep hashes of the logs separately.

B.Encrypt the log files with an asymmetric key and remove the cleartext version.

C.Keep the files in the log archives synchronized with another location.

D.Install a tier one timeserver on the network to keep log devices synchronized.

Question 19

Which of the following best describes the CIS Controls?

A.Technical controls designed to augment the NIST 800 series

B.Technical, administrative, and policy controls based on research provided by the SANS Institute

C.Technical, administrative, and policy controls based on current regulations and security best practices

D.Technical controls designed to provide protection from the most damaging attacks based on current threat data

Question 20

Which projects enumerates or maps security issues to CVE?

A.NIST

B.CIS Controls

C.SCAP

D.ISO 2700

Other Version: 929GIAC.GCCC.v2022-09-29.q34

Latest Upload: 147Huawei.H12-811_V1.0.v2025-10-02.q205; 112PMI.PfMP.v2025-10-02.q265; 113EMC.D-NWR-DY-01.v2025-10-02.q145; 132Salesforce.Public-Sector-Solutions.v2025-10-01.q106; 111Microsoft.SC-300.v2025-10-01.q358; 106Snowflake.DSA-C03.v2025-10-01.q105; 109Fortinet.NSE7_SDW-7.2.v2025-10-01.q108; 109Scrum.PAL-I.v2025-09-30.q47; 119SAP.C-C4H22-2411.v2025-09-30.q28; 149LinuxFoundation.CKAD.v2025-09-29.q102

Question 16

Question 17

Question 18

Question 19

Question 20

Download PDF File