Uploaded by Katy Morgan

GIAC GMON Certification Exam Syllabus and Exam Questions

advertisement
GIAC GMON Certification
Exam Syllabus and Exam
Questions
GIAC GMON Exam Guide
www.EduSum.com
Get complete detail on GMON exam guide to crack GIAC Continuous
Monitoring. You can collect all information on GMON tutorial, practice test,
books, study material, exam questions, and syllabus. Firm your knowledge on
GIAC Continuous Monitoring and get ready to crack GMON certification.
Explore all information on GMON exam with number of questions, passing
percentage and time duration to complete test.
WWW.EDUSUM.COM
PDF
Introduction to GMON GIAC Continuous
Monitoring Exam
The GIAC GMON Exam is challenging and thorough preparation is essential for
success. This exam study guide is designed to help you prepare for the GIAC
Continuous Monitoring certification exam. It contains a detailed list of the topics
covered on the Professional exam, as well as a detailed list of preparation resources.
This study guide for the GIAC Continuous Monitoring will help guide you through the
study process for your certification.
GMON GIAC Continuous Monitoring Exam Summary
●
●
●
●
●
●
●
●
●
●
Exam Name: GIAC Continuous Monitoring
Exam Code: GMON
Exam Price: $979 (USD)
Duration: 180 mins
Number of Questions: 82
Passing Score: 74%
Books / Training: SEC511: Continuous Monitoring and Security Operations
Schedule Exam: GIAC
Sample Questions: GIAC GMON Sample Questions
Recommended Practice: GIAC GMON Certification Practice Exam
GIAC Continuous Monitoring
1
WWW.EDUSUM.COM
PDF
Exam Syllabus: GMON GIAC Continuous Monitoring
Topic
Account & Privilege
Monitoring &
Authentication
Details
- The candidate will demonstrate the ability to control the
privilege levels of accounts & applications
- The candidate will learn to distinguish between traditional
and modern attack techniques
- The candidate will demonstrate an understanding of the tool
Configuration Monitoring
and techniques used for configuration change monitoring
- The candidate will demonstrate an understanding of
Cyber Defense Principles
traditional and modern cyber defense principles
- The candidate will demonstrate an understanding of the tool
Device Monitoring
and techniques used for endpoint monitoring
- The candidate will demonstrate an understanding of the
Discovery and
tools and techniques used for network and endpoint
Vulnerability Scanning
discovery and vulnerability scanning
- The candidate will be able to utilize network traffic analysis
Exploit Methodology and
methods and principles of exploit detection to be able to
Analysis
rapidly discover intrusions on the network
- The candidate will demonstrate an understanding of how
HIDS/HIPS/Endpoint
host intrusion detection/prevention systems & endpoint
Firewalls
firewalls work, what their capabilities are and the roles they
play in continuous monitoring
- The candidate will be able to apply principles of exploit
Network Data Encryption detection to be able to rapidly detect encrypted intrusions on
the network
- The candidate will demonstrate an understanding of how
Network Security
and why to use an assortment of network monitoring tools to
Monitoring Tools
improve the ability to detect intrusions on the network
- The candidate will demonstrate an understanding of how
network intrusion detection/prevention systems & next
NIDS/NIPS/NGFW
generation firewalls work, what their capabilities are and the
roles they play in continuous monitoring
- The candidate will understand how to use baseline
Patching & Secure
configuration auditing and patching to make endpoints more
Baseline Configurations
resilient.
- The candidate will demonstrate the ability to identify points
Perimeter Protection
of access into the perimeter and network devices that can be
Devices
used to protect the perimeter
- The candidate will demonstrate an understanding of how
proxies & security information and event managers work,
Proxies & SIEM
what their capabilities are and the roles they play in
continuous monitoring
Attack Techniques
GIAC Continuous Monitoring
2
WWW.EDUSUM.COM
PDF
Topic
Details
- The candidate will demonstrate an understanding of
Security Architecture
traditional and modern security architecture frameworks and
Overview
the role Security Operations centers provide
- The candidate will demonstrate an understanding of the
Software Inventories and
benefits of maintaining software inventories and how to
Application Control
control application allow and deny lists.
- The candidate will demonstrate an understanding of
adversary tactics and techniques and how to use attack
Threat Informed Defense
frameworks to identify and defend against these threats in
local and cloud-based environments.
GIAC GMON Certification Sample Questions and Answers
To make you familiar with GIAC Continuous Monitoring (GMON) certification exam
structure, we have prepared this sample question set. We suggest you to try our
Sample Questions for GMON Certification to test your understanding of GIAC
GMONprocess with real GIAC certification exam environment.
GMON GIAC Continuous Monitoring Sample Questions:01. In device monitoring, what is the purpose of implementing a Security
Information and Event Management (SIEM) system?
a) To provide real-time analysis of security alerts generated by applications and network
hardware.
b) To create a physical security barrier around devices.
c) To ensure that all devices use the same operating system.
d) To increase the processing power of endpoint devices.
02. An administrator needs to ensure compliance with a policy that mandates
two-factor authentication. Which of the following scenarios would be compliant?
a) A system access using a password and security questions.
b) A system access using a password and a biometric input.
c) A system access using a hardware token and a mobile push notification.
d) A system access using a password only.
03. Endpoint discovery typically includes identification of what types of devices?
a) Only mobile devices
b) Workstations, mobile devices, and servers
c) Only network printers
GIAC Continuous Monitoring
3
WWW.EDUSUM.COM
PDF
d) Only servers
04. Why is maintaining an accurate software inventory crucial for organizational
security?
a) It reduces the cost of software licenses.
b) It allows for faster software updates.
c) It ensures software compliance with industry standards.
d) It helps identify unauthorized software that may pose security risks.
05. What method is most effective for automatically managing and cycling
credentials for privileged accounts?
(Choose Three)
a) Manual rotation by system administrators.
b) Automated privileged identity management solutions.
c) Using a single, strong static password for all accounts.
d) Implementation of a privileged access management (PAM) tool.
06. For an organization using a federated identity management system, what is a
key security advantage?
a) Centralized management of all user credentials and permissions.
b) Decentralized storage of sensitive user data.
c) Reduced need for multiple user accounts and passwords.
d) Increased transparency in user activity tracking.
07. Which method can improve the detection of encrypted intrusions without
decrypting the traffic?
a) Relying solely on IP address filtering
b) Analyzing the timing and size of encrypted packets
c) Implementing strict firewall rules to block all encrypted traffic
d) Monitoring only unencrypted traffic
08. When implementing an access review process, which of the following
activities are crucial?
(Choose Two)
a) Periodically confirming that user access is still aligned with current roles and
responsibilities.
b) Ensuring that user privileges are expansive to promote ease of use.
c) Reviewing and adjusting privileges based on user activity and behavior patterns.
d) Allowing users to modify their own privilege levels to suit their workflow needs.
GIAC Continuous Monitoring
4
WWW.EDUSUM.COM
PDF
09. What are effective methods to detect configuration drift in an IT environment?
(Choose Three)
a) Manual weekly checks by IT staff.
b) Automated configuration scanning tools.
c) Regular user reports on system performance.
d) Use of a configuration management tool.
10. How do NGFWs differ from traditional firewalls in terms of threat intelligence?
a) NGFWs cannot integrate with external threat intelligence sources.
b) NGFWs use static routing protocols only.
c) NGFWs integrate global threat intelligence to improve threat detection and blocking.
d) NGFWs focus exclusively on managing internal network policies.
Answers:Answer 01:- a
Answer 02:- b
Answer 03:- b
Answer 04:- d
Answer 05:- a, b, d
Answer 06:- c
Answer 07:- b
Answer 08:- a, c
Answer 09:- a, b, d
Answer 10:- c
GIAC Continuous Monitoring
5
Download