Question 1

Which of the following describes the 'IG1' (Implementation Group 1) in the context of CIS Critical Security Controls v8?

Accepted Answer

Essential Cyber Hygiene

Answer

Advanced Persistent Threat Defense

Answer

Supply Chain Risk Management

Answer

Regulated Business Compliance

Question 2

In CIS Controls v8, the transition from 'Inventory and Control of Hardware Assets' to 'Inventory and Control of Enterprise Assets' reflects what strategic shift?

Accepted Answer

Focusing on the inclusion of cloud-based resources, portable devices, and IoT

Answer

Removing the requirement to track virtual machines to simplify audits

Answer

Replacing physical hardware inventory with software-only tracking

Answer

Mandating that all assets be owned by the enterprise rather than employees

Question 3

Which CIS Control focuses on the processes and tools used to track, report, and correct security vulnerabilities by interpreting data from industry sources and scanning tools?

Accepted Answer

Continuous Vulnerability Management

Answer

Network Infrastructure Management

Answer

Email and Web Browser Protection

Answer

Data Recovery

Question 4

Under CIS Control 4, 'Secure Configuration of Enterprise Assets and Software', what is the primary purpose of establishing and maintaining a secure configuration process?

Accepted Answer

To reduce the attack surface by ensuring assets are not running with default or insecure settings

Answer

To eliminate the need for any firewalls or external perimeter defenses

Answer

To automate the deployment of third-party marketing software across the network

Answer

To ensure that all employees have administrative privileges on their local machines

Question 5

Which CIS Control emphasizes the management of the full lifecycle of certificates and keys to ensure that only authorized people and devices have access to system data and resources?

Accepted Answer

Data Protection

Answer

Account Management

Answer

Incident Response Management

Answer

Network Monitoring and Defense

Question 6

Which CIS Control is specifically focused on the use of processes and tools to prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets?

Accepted Answer

Malware Defenses

Answer

Network Infrastructure Management

Answer

Incident Response Management

Answer

Access Control Management

Question 7

Which CIS Control focuses on establishing, implementing, and actively managing (tracking, reporting on, correcting) the network devices, in order to prevent attackers from exploiting vulnerable network services and access points?

Accepted Answer

Network Infrastructure Management

Answer

Network Monitoring and Defense

Answer

Access Control Management

Answer

Service Provider Management

Question 8

Which CIS Control emphasizes the necessity of developing a plan, defining roles, and conducting exercises to ensure that an organization can quickly discover an attack and then effectively contain the damage?

Accepted Answer

Incident Response Management

Answer

Continuous Vulnerability Management

Answer

Security Awareness and Skills Training

Answer

Auditing and Logging

Question 9

Which CIS Control focuses on the use of processes and tools to collect, alert, and retain record traces of events to help detect, understand, or recover from an attack?

Accepted Answer

Audit Log Management

Answer

Network Monitoring and Defense

Answer

Account Management

Answer

Data Recovery

Question 10

Which CIS Control focuses on identifying, classifying, and disposing of sensitive data, as well as managing its encryption both at rest and in transit?

Accepted Answer

Data Protection

Answer

Data Recovery

Answer

Access Control Management

Answer

Account Management

Question 11

According to CIS Control 9 (Email and Web Browser Powers), which of the following is considered a primary 'quick win' for reducing the risk of drive-by downloads and malicious browser extensions?

Accepted Answer

Ensuring that only supported web browsers and email clients are used, preferably the latest versions.

Answer

Implementing a 100% cloud-only storage policy for all user metadata.

Answer

Increasing the frequency of password rotations to every 15 days.

Answer

Disabling all internal network firewalls for authenticated browser sessions.

Question 12

To mitigate risks from malicious attachments and phishing links, CIS Control 9 recommends which strategy regarding URL filtering and blocking?

Accepted Answer

Enforcing the use of Domain Name System (DNS) filtering services to block access to known malicious domains.

Answer

Granting all users administrative rights to update their own browser security plugins.

Answer

Allowing users to bypass browser certificate warnings to ensure workflow continuity.

Answer

Manually inspecting every incoming email link at the local workstation level.

Question 13

Which of the following configuration settings is specifically recommended under CIS Control 9 (Email and Web Browser Protections) to prevent the automated execution of malicious code within a web browser?

Accepted Answer

Disabling or restricting the use of browser plugins, extensions, and data-execution features like ‘Auto-Run’ or ‘Auto-Play’.

Answer

Configuring the mail server to allow unauthenticated SMTP relaying for remote users.

Answer

Enabling high-definition video streaming across all external web gateways.

Answer

Ensuring all browser cookies are stored indefinitely to improve user experience.

Question 14

Regarding CIS Control 9, which authentication and security protocol is recommended for implementation on email servers to verify the sender's identity and prevent email spoofing?

Accepted Answer

Implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance), including SPF and DKIM.

Answer

Enabling the 'Read Receipt' feature as a mandatory global policy for all external senders.

Answer

Configuring the Telnet protocol for secure remote mail access.

Answer

Utilizing the WEP encryption standard for all incoming mail traffic.

Question 15

In the context of CIS Control 9, why is it recommended to implement a 'sandboxed' or 'isolated' browser environment for high-risk users?

Accepted Answer

To ensure that any web-based exploitation remains contained within a virtualized instance and does not impact the underlying host operating system.

Answer

To eliminate the need for encrypting data-at-rest on the primary system hard drive.

Answer

To allow the user to bypass corporate firewall restrictions while browsing social media.

Answer

To increase the processing speed of JavaScript execution by

20%

over native speeds.

Question 16

Under CIS Control 9 (Email and Web Browser Protections), what is the primary security objective of implementing 'Email Server Sandboxing' or 'Attachment Detonation' technology?

Accepted Answer

To analyze and execute suspicious attachments in a safe, isolated environment before they reach the user's inbox.

Answer

To compress all incoming email attachments into a single archive to save server storage space.

Answer

To automatically forward all encrypted attachments to the local law enforcement agency for decryption.

Answer

To ensure that all email attachments are converted into static PDF files regardless of their original file type.

Question 17

Under CIS Control 9, what is the primary security benefit of implementing 'Network-Based URL Filtering' for all enterprise assets?

Accepted Answer

To prevent users from navigating to known malicious websites, effectively blocking many 'drive-by' malware downloads and phishing landing pages.

Answer

To automatically decrypt and store all user banking passwords for administrative auditing purposes.

Answer

To increase the available bandwidth for streaming video content by prioritizing internal traffic.

Answer

To eliminate the need for installing antivirus software on local endpoints.

Question 18

Which of the following describes the CIS Control 9 recommendation regarding the use of 'Protective DNS' (PDNS) for email and web protection?

Accepted Answer

Utilizing a DNS filtering service to resolve queries and block connections to known malicious domains or those associated with malware infrastructure.

Answer

Configuring local host files on every workstation to manually map every trusted website name to an IP.

Answer

Replacing all internal IP addresses with public-facing DNS records to improve visibility.

Answer

Disabling DNS resolution entirely to ensure that users can only visit pre-approved IP addresses.

Question 19

Regarding CIS Control 9 (Email and Web Browser Protections), why is it recommended to restrict or 'block' unauthorized browser extensions across the enterprise?

Accepted Answer

To prevent extensions from capturing sensitive information, such as login credentials, or executing malicious code within the browser context.

Answer

To force users to utilize the native operating system file explorer instead of web-based tools.

Answer

To ensure that the browser's memory usage remains below a fixed threshold of

20%

MB.

Answer

To prevent the browser from automatically updating itself to the latest stable security version.

Question 20

Which of the following describes a key CIS Control 9 safeguard for hardening the enterprise email infrastructure against link-based attacks?

Accepted Answer

Implementing 'URL rewriting' at the email gateway to scan and verify the reputation of links at the time a user clicks them.

Answer

Configuring email clients to automatically open all links in a text-only notepad for review.

Answer

Requiring users to manually type each URL from an email into a browser rather than clicking.

Answer

Disabling the use of Hypertext Transfer Protocol (HTTP) globally for all internal web servers.

Question 21

According to CIS Control 10 (Malware Defenses), what is the primary reason for enabling 'anti-exploitation' features such as Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR) at the operating system level?

Accepted Answer

To make it more difficult for attackers to exploit memory-based vulnerabilities even if they circumvent initial defenses.

Answer

To replace the need for traditional signature-based antivirus software entirely.

Answer

To provide a real-time list of unauthorized software to the system administrator for manual deletion.

Answer

To automatically encrypt all data stored on the local hard drive to prevent unauthorized access.

Question 22

Under CIS Control 10 (Malware Defenses), which approach is recommended to prevent malware from executing via removable media such as USB drives?

Accepted Answer

Configure systems to disable 'Autorun' and 'Autoplay' features for all removable media.

Answer

Limit the physical number of USB ports available on a motherboard to one.

Answer

Increase the system's virtual memory size to buffer malicious payloads stored on external drives.

Answer

Require all USB drives to be formatted with a Linux-based filesystem before use.

Question 23

Which of the following describes a key requirement of CIS Control 10 (Malware Defenses) regarding the management of security software logs?

Accepted Answer

Ensure that all malware detection events are centrally logged and reviewed periodically.

Answer

Configure logs to be automatically deleted every 24 hours to preserve disk space.

Answer

Ensure that logs are stored exclusively on the local endpoint to prevent network congestion.

Answer

Only log successful malware removals to minimize the size of the security database.

Question 24

In the context of CIS Control 10 (Malware Defenses), why is it critical to ensure that anti-malware software is configured to perform 'behavioral-based' monitoring in addition to 'signature-based' detection?

Accepted Answer

To identify and block 'zero-day' or polymorphic malware that does not yet have a known digital fingerprint.

Answer

To ensure that all encrypted traffic on the network is decrypted and inspected for keywords.

Answer

To provide a backup of the system's registry in case of a hardware failure.

Answer

To reduce the overall CPU and memory overhead required to scan the system's filesystem.

Question 25

Regarding CIS Control 10 (Malware Defenses), what is the importance of implementing 'DNS filtering' as a defensive measure?

Accepted Answer

To prevent systems from connecting to known malicious domains and to block command-and-control (C2) communication.

Answer

To increase the speed of web browsing by caching common IP addresses locally.

Answer

To ensure that all internal network traffic is routed through a Virtual Private Network (VPN) by default.

Answer

To verify that the hardware manufacturer of the network interface is on an approved list.

Question 26

Under CIS Control 10 (Malware Defenses), specifically regarding Infrastructure Management, what is the primary benefit of utilizing 'sandboxing' for suspicious files?

Accepted Answer

It allows the execution of an unknown file in a controlled, isolated environment to observe its behavior without risking the production system.

Answer

It automatically re-signs the application's digital certificate to ensure it can run on any enterprise workstation.

Answer

It moves the file to a permanent offline storage archive to comply with data retention laws.

Answer

It compresses the file to decrease the amount of storage space needed in the malware repository.

Question 27

According to CIS Control 10 (Malware Defenses), how should organizations handle 'Auto-Run' and 'Auto-Play' features on operating systems?

Accepted Answer

These features should be disabled to prevent the automatic execution of potentially malicious code from removable media.

Answer

These features should be enabled only for encrypted drives to allow for faster data processing.

Answer

These features should be set to 'Ask' so that the user can manually choose which binary to execute.

Answer

These features should be restricted to administrative accounts while being enabled for standard users.

Question 28

Under CIS Control 10 (Malware Defenses), specifically Safeguard 10.7, what is the purpose of implementing 'Anti-Exploit' features such as DEP, ASLR, and SEHOP?

Accepted Answer

To prevent or disrupt common techniques used by attackers to execute code via memory-based vulnerabilities.

Answer

To scan the hard drive for dormant virus signatures during the boot sequence.

Answer

To provide a sandbox for users to test unverified software applications.

Answer

To automate the process of patching third-party software vulnerabilities.

Question 29

Which safeguard within CIS Control 10 (Malware Defenses) specifically focuses on limiting the ability of an attacker to move laterally by blocking communication to known malicious domains?

Accepted Answer

Implement DNS filtering to block access to known malicious domains and command-and-control servers.

Answer

Use full-disk encryption to prevent the extraction of credentials from a lost device.

Answer

Enable host-based firewalls to block all incoming traffic from the internal network.

Answer

Apply redundant power supplies to core switches to prevent a denial-of-service attack.

Question 30

Which safeguard in CIS Control 10 (Malware Defenses) focuses on the management of removable media to prevent automatic execution of malicious code?

Accepted Answer

Disable 'AutoRun' and 'AutoPlay' capabilities for all removable media.

Answer

Physically remove all USB-C ports from standard user workstations.

Answer

Encrypt all portable storage devices with a minimum of AES-256.

Answer

Require a password for every file opened from an external USB drive.

Question 31

According to CIS Control 12 (Network Infrastructure Management), which of the following actions is essential for maintaining the security of network devices such as routers and switches?

Accepted Answer

Ensuring all network devices are managed via secure protocols and multi-factor authentication

Answer

Disabling all firewall logging to improve device performance

Answer

Using default manufacturer passwords to ensure support access

Answer

Manually updating device firmware only once every three years

Answer

Allowing any connected device to access the management interface via HTTP

Question 32

Under CIS Control 12, what is the primary reason for maintaining an up-to-date network diagram that includes all physical and logical segmentation?

Accepted Answer

To identify all trust boundaries and ensure that security controls are properly applied between different network zones

Answer

To provide a visual guide for the physical cabling team during routine maintenance

Answer

To calculate the total electricity consumption of all connected hardware devices

Answer

To ensure that the network uses a single flat architecture for simpler data routing

Answer

To optimize the speed of the Spanning Tree Protocol across the local area network

Question 33

Which specific activity is prescribed by CIS Control 12 to prevent the use of unauthorized or vulnerable communication paths within the network infrastructure?

Accepted Answer

Maintain an inventory of all network ports, protocols, and services, and disable those that are not required for business operations

Answer

Enabling Universal Plug and Play (UPnP) on all perimeter routers

Answer

Assigning static IP addresses to every individual endpoint on the network

Answer

Implementing a single shared administrative password for all core switches

Answer

Broadcasting the Service Set Identifier (SSID) of all guest wireless networks

Question 34

In the context of CIS Control 12, what is the significance of implementing a 'least privilege' approach to network architecture, specifically regarding network segmentation?

Accepted Answer

To restrict communication between network components to only what is necessary for business functions, reducing the impact of a potential breach

Answer

To prioritize high-bandwidth applications over security protocols to ensure uptime

Answer

To consolidate all server and workstation traffic into a single VLAN for easier monitoring

Answer

To allow all internal traffic to bypass firewalls and increase data throughput

Answer

To ensure that every user on the network has full administrative rights to avoid service tickets

Question 35

Regarding CIS Control 12, what is the best practice for managing configuration files on network devices such as firewalls and routers?

Accepted Answer

Maintain a secure configuration repository and regularly compare current device configurations against a known-good baseline

Answer

Store configuration backups in a plain-text file on a public cloud drive for easy access

Answer

Allow all network administrators to make unlogged changes to configurations at any time

Answer

Only update device configurations when a hardware failure occurs

Answer

Delete all historical configuration backups to save storage space on the management server

Question 36

Which of the following practices is specifically required by CIS Control 12.10 (Management of Network Infrastructure) to prevent the bypass of security controls via physical or wireless means?

Accepted Answer

Ensuring all wireless access points are managed through a centralized system and authenticated via a secure protocol like WPA3 or 802.1X

Answer

Disabling the use of Virtual Private Networks (VPNs) for remote administrative access

Answer

Setting the wireless signal strength to the maximum level to extend coverage into public areas

Answer

Using pre-shared keys (PSK) that are shared among all employees for wireless access

Answer

Allowing ad-hoc wireless networks to be created by any user for collaboration

Question 37

Which specific measure under CIS Control 12 (Network Infrastructure Management) is designed to ensure that network devices are protected against vulnerabilities that could be exploited via the control plane?

Accepted Answer

Establishing and maintaining a dedicated, out-of-band management network for all network infrastructure hardware

Answer

Using the default 'public' community string for all SNMP-based monitoring

Answer

Configuring all network devices to automatically accept any incoming SSH connection

Answer

Placing all management interfaces on the same subnet as the guest wireless traffic

Answer

Assigning the same administrative password to both the local console and the remote RADIUS server

Question 38

Under CIS Control 12 (Network Infrastructure Management), how should an organization handle the security of their 'Network Architecture' to mitigate the risk of lateral movement by an attacker?

Accepted Answer

Segment the network into logical zones based on business sensitivity and functional requirements to enforce access control between them

Answer

Disable the use of VLANs to ensure all traffic is transparent to the monitoring systems

Answer

Merge all internal subnets into a single Large Area Network (LAN) to simplify traffic routing and analysis

Answer

Assign every connected device a public IP address to eliminate the need for Network Address Translation (NAT)

Answer

Implement a policy that allows all internal users to access any management port on any infrastructure device

Question 39

Under CIS Control 12, what is the recommended procedure for handling unused physical ports on network switches and routers located in common areas?

Accepted Answer

Ensure that all unused ports are administratively disabled and assigned to an isolated VLAN

Answer

Label unused ports with their corresponding IP range to assist visitors

Answer

Set all unused ports to 'auto-negotiate' to facilitate easy device onboarding

Answer

Configure unused ports to bridge directly to the management network for emergency access

Answer

Connect all unused ports to each other to test the Spanning Tree Protocol resiliency

Question 40

Which requirement under CIS Control 12 (Network Infrastructure Management) is specifically aimed at ensuring the integrity and availability of network devices during a critical software vulnerability or hardware failure?

Accepted Answer

Ensure all network devices are running the latest stable version of software and firmware, and maintain a documented backup and recovery process for device configurations.

Answer

Configure network devices to ignore all ICMP traffic to prevent latency issues during a firmware sync operation.

Answer

Disable the backup functionality to prevent the leakage of configuration metadata to unauthorized personnel.

Answer

Automatically apply beta-version firmware updates immediately upon release to all production backbone routers.

Answer

Limit firmware updates solely to devices that have experienced a hardware-related crash within the last month.

Question 41

An enterprise organization recently experienced a localized ransomware attack that encrypted several file servers. Following CIS Controls v8 (Control 11: Data Recovery), which action should the IT team prioritize to ensure they can restore operations while maintaining the integrity of the remaining network?

Accepted Answer

Perform a restoration from an isolated, offline backup after verifying that the backup itself does not contain the malware.

Answer

Overwrite the existing encrypted partitions with the most recent daily incremental backup without performing a sandbox test.

Answer

Immediately connect all secondary cloud backup synchronization tasks to ensure the most recent file versions are captured.

Answer

Decrypt the files using a third-party utility found on a public forum to avoid the time loss associated with data restoration.

Question 42

A financial services firm is updating its Business Continuity Plan to align with CIS Control 11. They currently perform automated daily backups to a local NAS. To protect against a site-wide disaster or a coordinated ransomware attack that targets network-attached storage, which architectural requirement must be implemented?

Accepted Answer

Establish at least one backup destination that is physically or logically separated from the primary production network, such as an immutable cloud bucket or offline media.

Answer

Assign administrative credentials for the backup software to all members of the IT Helpdesk to ensure 24/7 recovery availability.

Answer

Implement RAID 6 on the primary file servers to ensure that data remains accessible if two physical drives fail simultaneously.

Answer

Increase the frequency of local NAS snapshots from 24 hours to every

20%

minutes to minimize the Recovery Point Objective (RPO).

Question 43

An organization is conducting its quarterly disaster recovery exercise. According to CIS Control 11.4, which metric should the security team prioritize to demonstrate that the data recovery process meets the specific business needs for a critical database system?

Accepted Answer

Ensuring the Restoration of the system occurs within the defined Recovery Time Objective (RTO) and Recovery Point Objective (RPO) based on a documented business impact analysis.

Answer

Verifying that the backup encryption uses a key length of exactly

20%

bits regardless of the data classification level.

Answer

Calculating the total storage capacity of the backup server expressed as a fraction of total production data, or

20%

.

Answer

Ensuring that the backup logs are compressed and archived in a read-only format for a period of no less than

20%

days.

Question 44

An organization following CIS Control 11 (Data Recovery) wants to ensure their backup strategy is resilient against 'living-off-the-land' attacks where an intruder attempts to delete or modify backup files using compromised administrative credentials. Which technical control should they implement to meet this requirement?

Accepted Answer

Implement 'Immutable Backups' at the storage level, ensuring that data cannot be altered or deleted by any user for a specified retention period.

Answer

Increase the backup frequency so that new data is written every

20%

minutes to the primary system disk.

Answer

Disable the auditing of file deletions on the backup server to save processing cycles and storage space.

Answer

Store all backup encryption keys on the same server as the backup software for ease of access during an emergency.

Question 45

An organization is auditing its compliance with CIS Control 11.1, which focuses on the inventory of data. Why must the team perform a comprehensive data inventory before finalizing their data recovery strategy?

Accepted Answer

To identify which systems contain sensitive or business-critical information and ensure they are prioritized for backup and meet specific RPO/RTO requirements.

Answer

To determine the legal liability of the cloud service provider in the event of a localized power failure at the primary data center.

Answer

To calculate the exact number of physical hard drives required to implement a RAID 0 configuration across all remote office locations.

Answer

To ensure that all

20%

of raw data ever created by the company is backed up daily regardless of its business value or relevance.

Question 46

An infrastructure manager is reviewing the organization's adherence to CIS Control 11.3, which concerns the protection of recovery data. The manager discovers that backups are encrypted, but the encryption keys are stored in a plain-text file on the same subnet as the backup server. Which action is most necessary to align with CIS best practices?

Accepted Answer

Secure the encryption keys in a physically or logically separate location, such as a dedicated Key Management System (KMS) or a secure offline vault.

Answer

Ensure the plain-text key file is hyper-compressed to minimize the disk footprint and reduce the attack surface.

Answer

Delete the encryption keys immediately after every backup and recreate them manually during a restoration event.

Answer

Switch to a symmetric encryption algorithm with a key length of at least

20%

bits to compensate for the storage location.

Question 47

An IT Auditor is reviewing an organization's Data Recovery procedures under CIS Control 11. They find that the organization performs daily backups but has never simulated a 'bare-metal' recovery of their critical domain controllers. According to CIS Control 11.4, what is the primary risk associated with this omission?

Accepted Answer

The organization may be unable to meet its Recovery Time Objective (RTO) due to unforeseen technical dependencies or failure of the restoration scripts during a real disaster.

Answer

The organization will be unable to calculate the exact

20%

emissions footprint of their secondary data center's cooling system.

Answer

The primary production environment will suffer a

20%

degradation in CPU performance if a restoration test is not performed annually.

Answer

The backup encryption keys will automatically expire and become unrecoverable after

20%

days of inactivity.

Question 48

A healthcare provider is refining its Data Recovery strategy under CIS Control 11. They have successfully implemented a daily automated backup of the Electronic Health Record (EHR) database. To comply with CIS Control 11.2 (Establish and Maintain Isolated Backups), how should they specifically handle their off-site copy to mitigate the risk of a 'timed' ransomware attack that remains dormant for weeks before encrypting data?

Accepted Answer

Maintain a versioned, immutable history of backups that allows for a 'point-in-time' restoration from several weeks or months prior to the incident.

Answer

Utilize a synchronous mirror that instantly copies all changes from the primary disk to the off-site disk to ensure zero data loss at all times.

Answer

Store the off-site backup on a public FTP server with a password length of at least

20%

characters to ensure accessibility.

Answer

Perform a weekly 'Overwrite-Only' backup where the new data replaces the old data exactly to minimize storage costs to

20%

unit of volume.

Question 49

An IT manager is tasked with implementing CIS Control 11.5: 'Ensure Backup Integrity.' To verify that the backups are actually viable for a full system restoration without manually checking every file, which technical process should the organization automate?

Accepted Answer

Implement automated checksum or hash-based verification to ensure the integrity of backup data, combined with periodic restoration path testing.

Answer

Schedule a weekly task to manually open a random

20%

sample of files from the backup on the production server.

Answer

Monitor the backup server's bandwidth usage to confirm that at least

20%

GB of data was transferred daily.

Answer

Check the 'File Modification Date' on the backup server to ensure it matches the current system time

20%

.

Question 50

An organization is updating its disaster recovery documentation to align with CIS Control 11. To satisfy the requirement for 'protecting' recovery data (Control 11.3), the security lead suggests transitioning from a single administrative account for the backup system to a Multi-Factor Authentication (MFA) approach using a separate, non-domain account. What is the primary security objective of this change?

Accepted Answer

To prevent an attacker who has compromised the primary domain controller or service account from being able to delete or modify the backup archives.

Answer

To enable the Helpdesk to perform file-level restores for end users without having to use the Command Line Interface (CLI).

Answer

To satisfy the requirements for a Tier

20%

data center certification related to fire suppression and climate control.

Answer

To ensure that the backup data is compressed at a ratio of at least

20%

to reduce physical storage costs.

Question 51

According to CIS Control 13 (Network Monitoring and Defense), why is it critical to maintain at least 30 days of captured network traffic header data, including NetFlow or IPFIX records?

Accepted Answer

To facilitate historical analysis and incident investigation of past security events.

Answer

To replace the need for an endpoint-based antivirus or EDR solution.

Answer

To satisfy the hardware requirements for routing protocols like OSPF and BGP.

Answer

To ensure that all encrypted traffic can be decrypted using stored session keys.

Question 52

Which of the following activities is a core requirement of CIS Control 13.9, which focuses on the deployment of Host-Based Intrusion Detection Systems (HIDS) or Host-Based Intrusion Prevention Systems (HIPS)?

Accepted Answer

To monitor and alert on suspicious activities such as unauthorized registry changes or system file modifications.

Answer

To perform physical security audits of the server room environment and humidity controls.

Answer

To manage the lifecycle of hardware components like RAM and power supply units.

Answer

To automatically backup all user documents to a remote cloud storage provider every hour.

Question 53

Under CIS Control 13: Network Monitoring and Defense, what is the primary security objective of implementing a Centralized Log Management (CLM) system for network events?

Accepted Answer

To aggregate and correlate logs from diverse network devices to identify patterns of malicious behavior that might be missed in isolation.

Answer

To eliminate the need for administrative access to individual routers and switches.

Answer

To provide a backup of the device configurations for the purpose of fast disaster recovery.

Answer

To increase the bandwidth of the local area network by compressing packet headers.

Question 54

Which specific technique under CIS Control 13 (Network Monitoring and Defense) involves identifying and documenting the 'normal' traffic patterns of a network to better detect deviations that may indicate an attack?

Accepted Answer

Establishing a network traffic baseline

Answer

Implementing a zero-trust architecture

Answer

Drafting a data privacy policy

Answer

Performing a manual source code review

Question 55

Which specific safeguard within CIS Control 13 (Network Monitoring and Defense) recommends the use of an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) at various layers of the network?

Accepted Answer

Deploy a network intrusion detection or prevention solution to detect and/or block malicious traffic based on signatures and behavior.

Answer

Implement a guest network that is physically separated from the production environment.

Answer

Conduct quarterly vulnerability scans on all external-facing network devices.

Answer

Encrypt all data at rest using

20%

on every mobile storage device.

Question 56

Regarding CIS Control 13: Network Monitoring and Defense, what is the purpose of collecting and reviewing 'flow' data (such as NetFlow or IPFIX) even if the organization cannot perform full packet capture?

Accepted Answer

To identify anomalies in communication volume and destination without the storage overhead of full packet contents.

Answer

To provide a complete copy of every file downloaded for later malware analysis.

Answer

To ensure that all data is automatically encrypted with

20%

hashing algorithms.

Answer

To verify that physical hardware cables are properly shielded against electromagnetic interference.

Question 57

Under CIS Control 13 (Network Monitoring and Defense), what is the specific purpose of implementing Safeguard 13.4, which focuses on the use of network-based filtering (such as DNS filtering or URL filtering)?

Accepted Answer

To prevent communication with known malicious domains and IP addresses associated with command-and-control (C2) servers.

Answer

To establish a mandatory two-factor authentication process for all internal file sharing.

Answer

To automatically update the firmware of all network switches and routers on a weekly basis.

Answer

To measure the physical latency of fiber optic cables across different geographic regions.

Question 58

In the context of CIS Control 13: Network Monitoring and Defense, what is the primary security benefit of deploying an application-layer filtering proxy or Web Application Firewall (WAF)?

Accepted Answer

To inspect the contents of specific protocols, such as HTTP or HTTPS, to block attacks like SQL injection and Cross-Site Scripting (XSS).

Answer

To provide physical redundancy by load balancing power across multiple server racks.

Answer

To manage the distribution of IP addresses via Dynamic Host Configuration Protocol (DHCP) across VLANs.

Answer

To automatically generate and renew TLS certificates for internal domain names.

Question 59

Which specific safeguard in CIS Control 13 (Network Monitoring and Defense) focuses on the use of threat intelligence to enhance the efficacy of an organization's network monitoring efforts?

Accepted Answer

Utilize threat intelligence to update and maintain the list of indicators of compromise (IoCs) and attack patterns.

Answer

Deploy a distributed ledger to track every modification made to the firewall configuration files.

Answer

Implement a policy that requires all network monitoring data to be deleted every

20%

hours to ensure privacy.

Answer

Use biometric authentication to restrict physical access to the network operations center (NOC).

Question 60

In the context of CIS Control 13: Network Monitoring and Defense, what is the primary purpose of 'Port Mirroring' (often referred to as SPAN) or using a physical Network TAP?

Accepted Answer

To provide a copy of network traffic to a non-intrusive monitoring device without disrupting the flow of the original traffic.

Answer

To increase the total available bandwidth of a network link by splitting the data into two parallel streams.

Answer

To encrypt data as it leaves a network switch to ensure it remains confidential across the local area network.

Answer

To create a live backup of the data being transmitted so it can be restored if the destination server fails during transit.

Related quizzes

Related quizzes