Use this quick start guide to collect all the information about GIAC GCCC Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Critical Controls Certification (GCCC) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Critical Controls Certification (GCCC) exam.
The GIAC GCCC certification is mainly targeted to those candidates who want to build their career in Cybersecurity Leadership domain. The GIAC Critical Controls Certification (GCCC) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GCCC.
GIAC GCCC Exam Summary:
Exam Name | GIAC Critical Controls Certification (GCCC) |
Exam Code | GCCC |
Exam Price | $979 (USD) |
Duration | 120 mins |
Number of Questions | 75 |
Passing Score | 71% |
Books / Training | SEC566: Implementing and Auditing CIS Controls |
Schedule Exam | GIAC |
Sample Questions | GIAC GCCC Sample Questions |
Practice Exam | GIAC GCCC Certification Practice Exam |
GIAC GCCC Exam Syllabus Topics:
Topic | Details |
---|---|
Access Control Management | - The candidate will be familiar with processes and tools used create, assign, manage, and revoke access credentials and privileges for user, administrator, and service accounts for enterprise assets and software. |
Account Management | - The candidate will be familiar with processes and tools used to assign and manage authorization to credentials for accounts to enterprise assets and software. |
Application Software Security | - The candidate will be familiar with the processes and tools to manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect, and remediate security weaknesses before they can impact the enterprise. |
Audit Log Management | - The candidate will be familiar with the processes and tools used to collect, alert, review, and retain audit logs to help detect, understand, and recover from an attack. |
Background on CIS Controls, Standards, and Governance | - The candidate will be familiar with the background, history, and purpose of the CIS Controls, notable Security Standards, and Security Program Governance. The GIAC Critical Controls Certification exam is aligned with the current release, CIS Controls V8. |
Continuous Vulnerability Management | - The candidate will be familiar with the processes and tools used to continuously assess, track vulnerabilities on all enterprise assets, and remediate them, and to monitor sources for new threat and vulnerability information. |
Data Protection | - The candidate will be familiar with the processes and technical controls to identify, classify, securely handle, retain, and dispose of data. |
Data Recovery | - The candidate will be familiar with processes and tools used to establish and maintain data recovery practices to restore in-scope enterprise assets to a pre-incident and trusted state. |
Email and Web Browser Protections | - The candidate will be familiar with the processes and tools used to defend email and web based internet traffic from threats intending to manipulate human behavior through direct engagement. |
Incident Response Management | - The candidate will be familiar with process and tools to establish a program to develop and maintain an incident response capability to prepare, detect, and quickly respond to an attack. |
Inventory and Control of Enterprise Assets | - The candidate will be familiar with the processes and tools used to actively account for and manage the inventory of enterprise assets and all associated data throughout their life cycles. |
Inventory and Control of Software Assets | - The candidate will be familiar with the processes and tools used to actively manage all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. |
Malware Defenses | - The candidate will be familiar with the processes and tools used to prevent or control the installation, spread, and execution of malicious applications on enterprise assets. |
Network Infrastructure Management | - The candidate will be familiar with processes and tools used to establish, implement, and actively manage network devices, in order to prevent attackers from exploiting vulnerable network services and access points. |
Network Monitoring and Defense | - The candidate will be familiar with the processes and tools that establish and maintain comprehensive network monitoring and defense against security threats across the enterprise’s network infrastructure and user base. |
Penetration Testing | - The candidate will be familiar with process and tools used to test the effectiveness and resiliency of enterprise assets through identifying and exploiting weaknesses in controls, and simulating the objectives and actions of an attacker. |
Secure Configuration of Enterprise Assets and Software | - The candidate will be familiar with the processes and tools to establish and maintain the secure configuration of enterprise assets and software. |
Security Awareness and Skills Training | - The candidate will be familiar with processes to establish and maintain a security awareness program to increase the workforce's security consciousness and skills in order to reduce cybersecurity risks to the enterprise. |
Service Provider Management | - The candidate will be familiar with processes to evaluate service providers who hold sensitive data, or are responsible for an enterprise’s critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately. |
To ensure success in GIAC GCCC certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC Critical Controls Certification (GCCC) exam.