New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCCC Exam - Topic 4 Question 38 Discussion

Actual exam question for GIAC's GCCC exam
Question #: 38
Topic #: 4
[All GCCC Questions]

What is a recommended defense for the CIS Control for Application Software Security?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Kimbery at Dec 12, 2023, 10:16 PM

Limited Time Offer

25%

Off

Get Premium GCCC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Roselle
3 months ago
D could lead to confusion, not a fan of that one.
upvoted 0 times
...
Camellia
3 months ago
Surprised that A is even an option, seems risky!
upvoted 0 times
...
Dustin
3 months ago
C sounds good, but is it really necessary?
upvoted 0 times
...
Veta
4 months ago
Totally agree with B, security first!
upvoted 0 times
...
Milly
4 months ago
I think option B is the best choice!
upvoted 0 times
...
Brinda
4 months ago
Displaying system error messages sounds familiar, but I can't remember if it’s a recommended defense or just a best practice in general.
upvoted 0 times
...
Christiane
4 months ago
I practiced a question about vulnerability scanners, and I think running one against backend databases is important, but I’m not sure if it directly relates to the CIS Control.
upvoted 0 times
...
Chandra
4 months ago
I feel like limiting access to the production environment is a common practice, but I can't recall if it's specifically recommended for application security.
upvoted 0 times
...
Theodora
5 months ago
I think I remember that keeping debugging code in production can be risky, but I'm not sure if that's the best defense.
upvoted 0 times
...
Yun
5 months ago
I'm a bit confused by the options. Keeping debugging code in production and displaying system error messages don't seem like good security practices. I'll have to think this through more.
upvoted 0 times
...
Shaunna
5 months ago
Okay, I've got this. The recommended defense is to limit access to the web application production environment to just the developers. That's the best way to secure the application software.
upvoted 0 times
...
Janine
5 months ago
Hmm, I'm not too familiar with the CIS Controls, so I'll have to think this through carefully. Let me review the options and see if I can eliminate any that don't seem like good security practices.
upvoted 0 times
...
Vincenza
5 months ago
This question seems straightforward, but I want to make sure I understand the CIS Control for Application Software Security before answering.
upvoted 0 times
...
Oliva
5 months ago
I think the key here is to focus on the CIS Control for Application Software Security. Limiting access to the production environment and running vulnerability scans are both good practices to consider.
upvoted 0 times
...
Ilene
5 months ago
I remember learning about this in class, but I'm drawing a blank right now. I'll have to eliminate the options that don't seem quite right and then make an educated guess.
upvoted 0 times
...
Pura
5 months ago
Ah, this is a tricky one. I know Azure has its own query language, but I can't recall the exact name. I'll have to make an educated guess here.
upvoted 0 times
...
Jessenia
9 months ago
C is the clear winner here. Scanning the databases for vulnerabilities is a must-have for application security. Unless, of course, you want your data served up on a silver platter to hackers.
upvoted 0 times
...
Selma
9 months ago
A is so bad, it's almost comical. Leaving debugging code in production? That's like leaving the front door wide open and expecting no one to break in.
upvoted 0 times
Annelle
8 months ago
D) Display system error messages for only non-kernel related events
upvoted 0 times
...
Amber
8 months ago
C) Run a dedicated vulnerability scanner against backend databases
upvoted 0 times
...
Jaime
8 months ago
B) Limit access to the web application production environment to just the developers
upvoted 0 times
...
...
Timothy
9 months ago
I'm going with D. Showing error messages for non-kernel events will give attackers a lot of juicy information to work with. Wait, is that a trick question?
upvoted 0 times
...
Geoffrey
10 months ago
B sounds tempting, but limiting access to just developers isn't enough. We need to secure the application itself, which is why C is the way to go.
upvoted 0 times
Ramonita
8 months ago
Running a dedicated vulnerability scanner against backend databases is the way to go.
upvoted 0 times
...
Laura
8 months ago
I agree, we need to secure the application itself.
upvoted 0 times
...
Magdalene
9 months ago
B sounds tempting, but limiting access to just developers isn't enough.
upvoted 0 times
...
...
Rikki
10 months ago
I think running a dedicated vulnerability scanner against backend databases could also help in securing the application software.
upvoted 0 times
...
Hubert
11 months ago
Definitely not A. Keeping debugging code in production is a big no-no for security. The correct answer has to be C - running a vulnerability scanner on the backend databases.
upvoted 0 times
Luz
9 months ago
Yes, C - running a dedicated vulnerability scanner against backend databases is the correct answer.
upvoted 0 times
...
Luz
9 months ago
I agree, A is definitely not the recommended defense for application software security.
upvoted 0 times
...
Jarod
10 months ago
Yes, C - running a dedicated vulnerability scanner against backend databases is the correct answer.
upvoted 0 times
...
Jarod
10 months ago
I agree, A is definitely not the recommended defense for application software security.
upvoted 0 times
...
...
Omer
11 months ago
I agree with Omega. It's important to restrict access to prevent unauthorized changes.
upvoted 0 times
...
Omega
11 months ago
I think the recommended defense is to limit access to the web application production environment to just the developers.
upvoted 0 times
...

Save Cancel