GIAC Exam GCCC Topic 7 Question 60 Discussion

Actual exam question for GIAC's GCCC exam

Question #: 60
Topic #: 7

[All GCCC Questions]

Why is it important to enable event log storage on a system immediately after it is installed?

ATo allow system to be restored to a known good state if it is compromised

BTo create the ability to separate abnormal behavior from normal behavior during an incident

CTo compare it performance with other systems already on the network

DTo identify root kits included on the system out of the box

Show Suggested Answer

Suggested Answer: B

by Lemuel at Sep 15, 2024, 04:38 AM

Limited Time Offer

25%

Off

Get Premium GCCC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Alecia

2 months ago

I'd say B is the way to go. Separate the normal from the abnormal - that's the key to incident response.

upvoted 0 times

...

Xenia

2 months ago

Haha, C? That's like comparing apples to oranges. Event logs are for security, not performance.

upvoted 0 times

...

Angelo

2 months ago

D is the one. Identifying rootkits is the top priority when setting up a new system.

upvoted 0 times

Dahlia

22 days ago

D) To identify root kits included on the system out of the box

upvoted 0 times

...

Truman

29 days ago

D) To identify root kits included on the system out of the box

upvoted 0 times

...

Magda

1 months ago

B) To create the ability to separate abnormal behavior from normal behavior during an incident

upvoted 0 times

...

Ammie

1 months ago

A) To allow system to be restored to a known good state if it is compromised

upvoted 0 times

...

Nan

1 months ago

B) To create the ability to separate abnormal behavior from normal behavior during an incident

upvoted 0 times

...

Lewis

1 months ago

A) To allow system to be restored to a known good state if it is compromised

upvoted 0 times

...

Jeannetta

2 months ago

I'd go with A. Restoring the system to a known good state is the best way to handle a compromise.

upvoted 0 times

Arlie

2 months ago

A and B both seem like important reasons to enable event log storage immediately.

upvoted 0 times

...

Arlie

2 months ago

I think B is also important, separating abnormal behavior can help in identifying incidents.

upvoted 0 times

...

Arlie

2 months ago

I agree, restoring to a known good state is crucial in case of a compromise.

upvoted 0 times

...

Niesha

3 months ago

I think enabling event log storage is crucial for security purposes, so I would go with option A as well.

upvoted 0 times

...

Wilda

3 months ago

Definitely B. Logging events is crucial to detect and investigate any suspicious activity on the system.

upvoted 0 times

Tonette

2 months ago

Definitely B. Logging events is crucial to detect and investigate any suspicious activity on the system.

upvoted 0 times

...

Cathern

2 months ago

B) To create the ability to separate abnormal behavior from normal behavior during an incident

upvoted 0 times

...

Matt

2 months ago

A) To allow system to be restored to a known good state if it is compromised

upvoted 0 times

...

Alayna

3 months ago

B) To create the ability to separate abnormal behavior from normal behavior during an incident

upvoted 0 times

...

Flo

3 months ago

A) To allow system to be restored to a known good state if it is compromised

upvoted 0 times

...