New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCCC Exam - Topic 8 Question 66 Discussion

Actual exam question for GIAC's GCCC exam
Question #: 66
Topic #: 8
[All GCCC Questions]

A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.

Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator's account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Gilberto at Jan 24, 2025, 01:02 PM

Limited Time Offer

25%

Off

Get Premium GCCC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Sina
3 months ago
Seriously, how did they not catch that admin account being compromised?
upvoted 0 times
...
Annette
3 months ago
I think it's more about D, they should've monitored those accounts better.
upvoted 0 times
...
Penney
3 months ago
Definitely B - too much access for admins without proper checks.
upvoted 0 times
...
Aimee
4 months ago
Wait, they weren't using salted hashes? That's a huge oversight!
upvoted 0 times
...
Johnna
4 months ago
Sounds like a classic case of poor admin control.
upvoted 0 times
...
Alpha
4 months ago
I feel like incident response could be relevant, but it doesn't seem to fit perfectly. I guess C is a possibility too.
upvoted 0 times
...
Chaya
4 months ago
This situation seems to involve account monitoring, but I can't recall if that's the main issue. Maybe D is the right choice?
upvoted 0 times
...
Eura
4 months ago
I remember studying about audit logs, but I'm not sure if that directly applies here. Could it be A?
upvoted 0 times
...
Xochitl
5 months ago
I think this might relate to the misuse of admin privileges, so I'm leaning towards option B.
upvoted 0 times
...
Felton
5 months ago
This seems like a tricky one, but I think the answer is pretty clear. The fact that the attacker was able to maintain access to the network through a compromised admin account means that the Controlled Use of Administrative Privilege CIS Control failed. That's got to be the right answer.
upvoted 0 times
...
Carole
5 months ago
I'm a bit confused on this one. The question mentions a lot of different security issues, like the password hashing and the initial breach. I'm not sure which CIS Control is the most relevant to the continued access problem. I'll have to review my notes on the CIS Controls to make sure I choose the right answer.
upvoted 0 times
...
Valda
5 months ago
Okay, I think I've got it. The key here is the continued access to the network after the initial breach was discovered and addressed. That points to a failure in controlling administrative privileges, so I'm going with option B.
upvoted 0 times
...
Zoila
5 months ago
Hmm, I'm not sure about this one. The question mentions a compromised admin account, but it could also be an issue with incident response or account monitoring. I'll have to think this through carefully.
upvoted 0 times
...
Skye
5 months ago
This one seems pretty straightforward. The continued access to the network after the initial breach points to a failure in controlling administrative privileges.
upvoted 0 times
...
Jamie
10 months ago
As someone who once accidentally deleted the entire company database, I can appreciate the importance of proper incident response. I'll say C) just to be safe.
upvoted 0 times
Margot
8 months ago
Maintenance, monitoring, and analysis of audit logs could have helped detect the unauthorized access sooner. A) is my pick.
upvoted 0 times
...
Vicki
8 months ago
I think controlled use of administrative privilege is also important to prevent unauthorized access. So, I would go with B).
upvoted 0 times
...
Blair
9 months ago
I agree, incident response and management is crucial in situations like this. C) is the right choice.
upvoted 0 times
...
...
Kandis
10 months ago
Haha, looks like they need to invest in some better password security! Salting those hashes would have been a good start. I'll go with B) to cover my bases.
upvoted 0 times
...
Karima
10 months ago
I'd go with D) Account Monitoring and Control. The fact that the attacker was able to use the admin account undetected suggests a lack of proper account monitoring and control measures.
upvoted 0 times
Angelo
8 months ago
Definitely, without proper account monitoring and control, attackers can easily exploit vulnerabilities in the system.
upvoted 0 times
...
Apolonia
9 months ago
It's important to have proper monitoring and control over accounts to prevent unauthorized access.
upvoted 0 times
...
Reita
9 months ago
I agree, D) Account Monitoring and Control seems to be the one that failed in this situation.
upvoted 0 times
...
...
Artie
10 months ago
The answer is clearly B) Controlled Use of Administrative Privilege. The attacker gained continued access through a compromised admin account, so the organization failed to properly manage and restrict administrative privileges.
upvoted 0 times
Merissa
9 months ago
D: Definitely a lesson in the importance of managing administrative access.
upvoted 0 times
...
Lemuel
9 months ago
C: So, the organization should have restricted admin privileges more effectively.
upvoted 0 times
...
Judy
9 months ago
B: Yeah, the compromised admin account gave the attacker continued access.
upvoted 0 times
...
Lashandra
10 months ago
A: I think the answer is B) Controlled Use of Administrative Privilege.
upvoted 0 times
...
...
Ty
11 months ago
I believe the answer is A) Maintenance, Monitoring, and Analysis of Audit Logs. If the logs were properly monitored, the suspicious activity could have been detected earlier.
upvoted 0 times
...
Ruthann
11 months ago
I agree with Filiberto. The compromised system administrator's account being used shows a lack of control over administrative privileges.
upvoted 0 times
...
Filiberto
11 months ago
I think the answer is B) Controlled Use of Administrative Privilege.
upvoted 0 times
...

Save Cancel