Which of the organization’s CIS Controls failed?
A security incident investigation identified the following modified version of a legitimate system file on a compromised client: C:WindowsSystem32winxml.dll Addition Jan. 16, 2014 4:53:11 PM The infection vector was determined to be a vulnerable browser plug-in installed by the user. Which of the organization’s CIS Controls failed?A . Application Software...
Which action should they take when they discover that an application running on a web server is no longer needed?
An organization is implementing a control for the Limitation and Control of Network Ports, Protocols, and Services CIS Control. Which action should they take when they discover that an application running on a web server is no longer needed?A . Uninstall the application providing the serviceB . Turn the service...
What action can they take to rectify this?
An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user. What action can they take...
Which wireless access point has the manufacturer default settings still in place?
Based on the data shown below. Which wireless access point has the manufacturer default settings still in place?A . StarbucksB . LinksysC . HhonorsD . InterwebzView AnswerAnswer: B
What is the first step suggested before implementing any single CIS Control?
What is the first step suggested before implementing any single CIS Control?A . Develop an effectiveness testB . Perform a gap analysisC . Perform a vulnerability scanD . Develop a roll-out scheduleView AnswerAnswer: B
Which of the following is a benefit of stress-testing a network?
Which of the following is a benefit of stress-testing a network?A . To determine device behavior in a DoS condition.B . To determine bandwidth needs for the network.C . To determine the connectivity of the networkD . To determine the security configurations of the networkView AnswerAnswer: A
An attacker is able to successfully access a web application as root using ‘ or 1 = 1 . as the password. The successful access indicates a failure of what process?
An attacker is able to successfully access a web application as root using ‘ or 1 = 1 . as the password. The successful access indicates a failure of what process?A . Input ValidationB . Output SanitizationC . URL EncodingD . Account ManagementView AnswerAnswer: A
These configuration settings would be a defensive measure for which CIS Control?
Below is a screenshot from a deployed next-generation firewall. These configuration settings would be a defensive measure for which CIS Control? A . Controlled Access Based on the Need to KnowB . Limitation and Control of Network Ports, Protocols and ServicesC . Email and Web Browser ProtectionsD . Secure Configuration...
Which of the following items would be used reactively for incident response?
Which of the following items would be used reactively for incident response?A . A schedule for creating and storing backupB . A phone tree used to contact necessary personnelC . A script used to verify patches are installed on systemsD . An IPS rule that prevents web access from international...
Which of the following assigns a number indicating the severity of a discovered software vulnerability?
Which of the following assigns a number indicating the severity of a discovered software vulnerability?A . CPEB . CVEC . CCED . CVSSView AnswerAnswer: D