GIAC Exam GCCC Topic 7 Question 60 Discussion

Actual exam question for GIAC's GCCC exam

Question #: 60
Topic #: 7

[All GCCC Questions]

Why is it important to enable event log storage on a system immediately after it is installed?

ATo allow system to be restored to a known good state if it is compromised

BTo create the ability to separate abnormal behavior from normal behavior during an incident

CTo compare it performance with other systems already on the network

DTo identify root kits included on the system out of the box

Show Suggested Answer

Suggested Answer: B

by Lemuel at Sep 15, 2024, 04:38 AM

Limited Time Offer

25%

Off

Get Premium GCCC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Alecia

10 months ago

I'd say B is the way to go. Separate the normal from the abnormal - that's the key to incident response.

upvoted 0 times

...

Xenia

10 months ago

Haha, C? That's like comparing apples to oranges. Event logs are for security, not performance.

upvoted 0 times

...

Angelo

10 months ago

D is the one. Identifying rootkits is the top priority when setting up a new system.

upvoted 0 times

Dahlia

9 months ago

D) To identify root kits included on the system out of the box

upvoted 0 times

...

Truman

9 months ago

D) To identify root kits included on the system out of the box

upvoted 0 times

...

Magda

9 months ago

B) To create the ability to separate abnormal behavior from normal behavior during an incident

upvoted 0 times

...

Ammie

9 months ago

A) To allow system to be restored to a known good state if it is compromised

upvoted 0 times

...

Nan

9 months ago

B) To create the ability to separate abnormal behavior from normal behavior during an incident

upvoted 0 times

...

Lewis

9 months ago

A) To allow system to be restored to a known good state if it is compromised

upvoted 0 times

...

Jeannetta

10 months ago

I'd go with A. Restoring the system to a known good state is the best way to handle a compromise.

upvoted 0 times

Arlie

10 months ago

A and B both seem like important reasons to enable event log storage immediately.

upvoted 0 times

...

Arlie

10 months ago

I think B is also important, separating abnormal behavior can help in identifying incidents.

upvoted 0 times

...

Arlie

10 months ago

I agree, restoring to a known good state is crucial in case of a compromise.

upvoted 0 times

...

Niesha

11 months ago

I think enabling event log storage is crucial for security purposes, so I would go with option A as well.

upvoted 0 times

...

Wilda

11 months ago

Definitely B. Logging events is crucial to detect and investigate any suspicious activity on the system.

upvoted 0 times

Tonette

10 months ago

Definitely B. Logging events is crucial to detect and investigate any suspicious activity on the system.

upvoted 0 times

...

Cathern

10 months ago

B) To create the ability to separate abnormal behavior from normal behavior during an incident

upvoted 0 times

...

Matt

10 months ago

A) To allow system to be restored to a known good state if it is compromised

upvoted 0 times

...

Alayna

11 months ago

B) To create the ability to separate abnormal behavior from normal behavior during an incident

upvoted 0 times

...

Flo

11 months ago

A) To allow system to be restored to a known good state if it is compromised

upvoted 0 times

...