GIAC GCCC Exam - Topic 4 Question 28 Discussion

Actual exam question for GIAC's GCCC exam

Question #: 28
Topic #: 4

[All GCCC Questions]

Which of the following should be measured and analyzed regularly when implementing the Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CIS Control?

AHow long does it take to identify new unauthorized listening ports on the network systems

BHow long does it take to remove unauthorized software from the organization's systems

CWhat percentage of the organization's applications are using sandboxing products

DWhat percentage of assets will have their settings enforced and redeployed

EWhat percentage of systems in the organization are using Network Level Authentication (NLA)

Show Suggested Answer

Suggested Answer: D

by Xuan at May 08, 2022, 06:37 AM

Limited Time Offer

25%

Off

Get Premium GCCC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Carlota

4 months ago

Wait, how can we even measure E accurately? Sounds tricky.

upvoted 0 times

...

Casandra

4 months ago

A is key too, unauthorized ports can be a big risk!

upvoted 0 times

...

Dolores

4 months ago

C seems a bit niche, not sure how relevant that is.

upvoted 0 times

...

Twana

4 months ago

I think D is just as important, enforcing settings keeps things secure.

upvoted 0 times

...

Soledad

5 months ago

Definitely B, removing unauthorized software is crucial!

upvoted 0 times

...

Basilia

5 months ago

I vaguely remember something about sandboxing applications, but I don't think it's as critical as ensuring settings are enforced across the board.

upvoted 0 times

...

Truman

5 months ago

I feel like we should be looking at how many systems use NLA, but I can't recall if that was emphasized in our study materials.

upvoted 0 times

...

Selma

5 months ago

I remember a practice question about enforcing settings on devices, which seems relevant. Maybe option D is the right choice?

upvoted 0 times

...

Tamar

5 months ago

I think we discussed how important it is to measure unauthorized software removal, but I'm not sure if that's the main focus here.

upvoted 0 times

...

Carrol

5 months ago

This question seems straightforward, but I want to make sure I have the right approach. I'll start by identifying the elementary processes, then classify the transactional functions, and work my way through the rest of the steps.

upvoted 0 times

...

Major

5 months ago

Okay, I think I've got this. Based on the details provided, the answer has to be WS-PolicyAttachment. That standard allows you to attach a shared security policy to multiple web service contracts.

upvoted 0 times

...

Cristal

5 months ago

Hmm, I'm a bit unsure about this one. There are a few different things the entry script could be responsible for, like setting up the environment and registering the model. I'll need to think through the details of the deployment process to make sure I select the right option.

upvoted 0 times

...

Nathan

5 months ago

I'm pretty sure the DATA step can do more than just read raw data files, so I'm going to rule out option A.

upvoted 0 times

...

France

5 months ago

Ah, I see what they're getting at now. Black-box testing is the way to go here, as we're evaluating the system's functionality from the user's perspective without needing to know the internal implementation details. Nice, I feel confident about this one.

upvoted 0 times

...