Question 1

When auditing the implementation of CIS Control 4: 'Secure Configuration of Enterprise Assets and Software', which evidence would most effectively demonstrate that a 'Continuous Vulnerability Management' process is aligned with CIS benchmarks?

Accepted Answer

Documented configuration scan results produced by a tool that specifically identifies deviations from the CIS Level 1 or Level 2 profiles.

Answer

A screenshot of the antivirus console showing that all definitions were updated within the last twenty-four hours.

Answer

The physical inventory log showing all hardware assets are tagged and stored in a secure server room.

Answer

A signed service level agreement (SLA) with a third-party vendor ensuring all software is updated within 48 hours of release.

Question 2

An auditor is reviewing the implementation of CIS Control 1: 'Inventory and Control of Enterprise Assets'. Which method provides the highest level of assurance that only authorized devices are connected to the network infrastructure?

Accepted Answer

Implementation of 802.1x Network Access Control (NAC) tied to a dynamic asset inventory that automatically alerts or blocks unauthorized MAC addresses.

Answer

A manual spreadsheet updated monthly by department heads listing all physical workstations and laptops.

Answer

The use of a static DHCP reservation list based on a one-time export of device hostnames.

Answer

An annual physical inspection of all office desks to verify the presence of asset tags on hardware.

Question 3

When assessing the implementation of CIS Control 6: 'Management of Audit Logs', what is the primary consideration for an auditor to ensure the integrity of the logging system itself?

Accepted Answer

Ensuring that logs are transmitted to a centralized, dedicated log management server where they are stored with restricted write-once/read-many (WORM) access.

Answer

Confirming that all employees have been trained on how to manually clear their own local application logs to save disk space.

Answer

Verifying that each individual workstation has at least 500GB of local storage specifically for system event logs.

Answer

Checking that the system administrator can modify log entries to correct errors in the event of a system crash.

Question 4

In the context of the CIS Implementation Groups (IGs), which strategy reflects the recommended approach for an organization auditing their transition from IG1 to IG2 for Control 5: 'Account Management'?

Accepted Answer

Verifying that the organization has moved beyond simple unique passwords to implementing centralized authentication and Multi-Factor Authentication (MFA) for all remote and privileged access.

Answer

Confirming that the organization has eliminated the use of all shared folders and network-attached storage.

Answer

Auditing and ensuring that all employees have been granted 'Domain Admin' privileges to avoid workflow interruptions.

Answer

Validating that the organization has switched from using local software firewalls to hardware-only perimeter defenses.

Question 5

When auditing the implementation of CIS Control 11: 'Data Recovery', what is the most critical factor an auditor must verify to ensure the organization meets the Safeguard regarding the restoration of data?

Accepted Answer

The organization has performed a successful test restoration from backup media within the defined periodic timeframe to ensure data integrity and accessibility.

Answer

The total storage capacity of the backup repository exceeds the size of the primary data store by at least 200%.

Answer

The backup server is protected by a password that is changed every 90 days according to the corporate policy.

Answer

The organization uses a cloud-based backup provider that guarantees 99.999% uptime for their data centers.

Question 6

An auditor is evaluating CIS Control 3: 'Data Protection'. Which implementation strategy provides the highest level of assurance that sensitive information on a stolen laptop remains inaccessible to unauthorized users?

Accepted Answer

The use of AES-256 full-disk encryption (FDE) with pre-boot authentication and remote wipe capabilities managed by a centralized Mobile Device Management (MDM) system.

Answer

Configuring a BIOS/UEFI password that prevents the boot order from being changed without administrative credentials.

Answer

Implementing a 'no-cache' policy within the local web browser to ensure web-based credentials are not stored on the hard drive.

Answer

Ensuring that the 'Hidden' attribute is applied to all folders containing PII (Personally Identifiable Information) on the local disk.

Question 7

An auditor is evaluating CIS Control 7: 'Continuous Vulnerability Management'. Which of the following findings would indicate a significant failure in the implementation of the Safeguard relating to automated vulnerability scans?

Accepted Answer

The vulnerability scanner is configured to use only unauthenticated network sweeps, resulting in a lack of visibility into local software versions and registry-level security settings.

Answer

The organization performs vulnerability scans every 14 days rather than every 24 hours.

Answer

The vulnerability management policy has been signed by the CISO but has not yet been distributed to the cleaning staff.

Answer

The scanning tool identifies more than 50 'low' severity vulnerabilities that have not been remediated within the current quarter.

Question 8

When auditing CIS Control 12: 'Network Infrastructure Management', which finding represents a failure to implement the safeguard regarding the use of secure administration protocols?

Accepted Answer

Network administrators are managing core switches using Telnet and HTTP instead of SSH and HTTPS.

Answer

The network diagram is stored as a PDF file rather than being printed and kept in a physical safe.

Answer

The organization uses a Class C private IP address range instead of a Class A range for its internal management VLAN.

Answer

The hardware lifecycle policy requires replacing network switches every five years instead of every three years.

Question 9

An auditor is evaluating the implementation of CIS Control 14: 'Security Awareness and Skills Training'. Which evidence most effectively confirms that the organization is addressing the safeguard for 'Recognizing Social Engineering Attacks'?

Accepted Answer

Performance metrics from a simulated phishing campaign showing the click-through rates and subsequent remedial training completion for employees who failed the test.

Answer

The purchase receipt for a high-performance web application firewall (WAF) designed to block malicious incoming traffic.

Answer

A copy of the employee handbook which contains a single paragraph stating that the company does not tolerate fraudulent activities.

Answer

A list of IT staff certifications demonstrating that the network administrators have passed their professional security exams.

Question 10

When auditing the implementation of CIS Control 8: 'Audit Log Management', an auditor finds that system clocks across various servers are drifting by several minutes. Which specific CIS Safeguard is being violated, and what is the risk to the audit process?

Accepted Answer

The requirement for 'Ensure Time Synchronization'; it prevents the accurate sequencing of events during a cross-machine forensic investigation.

Answer

The requirement for 'Local Log Retention'; it causes the local hard drives to overwrite old logs too quickly due to timestamp errors.

Answer

The requirement for 'Audit Log Review'; it makes it impossible for the automated AI to flag suspicious user login behavior.

Answer

The requirement for 'Centralized Log Management'; it disables the ability of the SIEM to receive encrypted traffic from the agents.

Question 11

According to CIS Control 2: Inventory and Control of Software Assets, which of the following is the most effective way to ensure only authorized software is executed on an organization's systems?

Accepted Answer

Implementing software allowlisting (also known as application whitelisting) to ensure that only pre-approved programs can run.

Answer

Conducting an annual manual audit of installed software across the entire enterprise.

Answer

Granting all users local administrative privileges so they can update their own software as needed.

Answer

Increasing the frequency of signature-based antivirus scans on all network endpoints.

Question 12

Which specific action is recommended by CIS Control 2 to address the risks posed by 'unsupported' software still residing within the infrastructure?

Accepted Answer

Ensuring that all software currently under support from the vendor is used, and removing or isolating any software that has reached its end-of-life.

Answer

Purchasing extended hardware warranties to cover the physical machines running the legacy software.

Answer

Blocking the software's network ports at the perimeter firewall while keeping the software installed.

Answer

Renaming the software executables to prevent them from being identified by automated scanners.

Question 13

An organization is implementing CIS Control 2 and wants to automate the process of detecting unauthorized software. Which of the following technologies is most effective for achieving this goal?

Accepted Answer

Using a combination of active asset scanning and passive network monitoring tools to identify installed software.

Answer

Requiring all software installers to be stored on an encrypted USB drive kept in a secure safe.

Answer

Implementing a mandatory self-reporting policy where employees manually list their software usage monthly.

Answer

Deploying a physical hardware lock on all workstation chassis to prevent hardware modifications.

Question 14

Regarding CIS Control 2: Inventory and Control of Software Assets, what is the primary security objective of maintaining an up-to-date 'Software Inventory'?

Accepted Answer

To identify and manage the attack surface by knowing exactly what is installed and which applications are potentially vulnerable.

Answer

To reduce the amount of physical disk space used on the organization's central file server.

Answer

To provide the HR department with data on employee productivity based on application usage time.

Answer

To ensure the organization is maximizing its software licensing discounts through bulk purchasing.

Question 15

Which of the following processes is a key component of CIS Control 2: Inventory and Control of Software Assets specifically aimed at reducing the organization's 'attack surface'?

Accepted Answer

Identifying and decommissioning unauthorized or unnecessary software that is not required for business tasks.

Answer

Configuring the physical bios settings to disable USB boot options.

Answer

Increasing the encryption strength of the local database backups.

Answer

Changing the administrator password every 30 days on all network switches.

Question 16

In the context of CIS Control 2: Inventory and Control of Software Assets, what is the specific purpose of utilizing a 'Software Inventory' tool that integrates with the Vulnerability Management process?

Accepted Answer

To automatically correlate known vulnerabilities (such as CVEs) with the specific versions of software found within the organization's environment.

Answer

To provide the help desk with a list of authorized users for each specific software application.

Answer

To measure the network latency caused by the installation of large software suites.

Answer

To ensure that the organization's software licenses are optimized for tax depreciation purposes.

Question 17

Which safeguard within CIS Control 2 (Inventory and Control of Software Assets) specifically focuses on utilizing a dedicated system to manage the lifecycle of software to prevent unauthorized installations?

Accepted Answer

Implementing a centralized software management system to automate the distribution and tracking of authorized software.

Answer

Rotating the cryptographic keys used for full disk encryption on a quarterly basis.

Answer

Using a physical asset tag on all hardware to track software modifications made by the manufacturer.

Answer

Implementing a mandatory peer-review process for all manual code entries into the production environment.

Question 18

Which of the following describes the 'Shadow IT' risk that CIS Control 2 (Inventory and Control of Software Assets) explicitly aims to mitigate through regular software discovery?

Accepted Answer

The use of unauthorized software or cloud services by employees without the knowledge or approval of the IT and Security departments.

Answer

The physical theft of backup tapes containing software installation images from off-site storage.

Answer

The automatic updates of operating system kernels that occur during scheduled maintenance windows.

Answer

The presence of hidden 'Easter eggs' or undocumented features left in the source code by original developers.

Question 19

Under CIS Control 2: Inventory and Control of Software Assets, what is the specific security benefit of using a 'Passive Asset Discovery' tool compared to an 'Active' scanner?

Accepted Answer

It identifies software and systems communicating on the network without requiring credentials or potentially disrupting sensitive services.

Answer

It provides a complete list of all installed software down to the specific file version and registry key.

Answer

It automatically uninstalls any unauthorized software it detects during its network sweep.

Answer

It utilizes biometric data to verify the identity of the user running the software.

Question 20

When implementing CIS Control 2: Inventory and Control of Software Assets, why is it critical to ensure that software inventory records include the specific 'version' and 'patch level' of each application?

Accepted Answer

To allow the security team to accurately determine if specific systems are susceptible to published Common Vulnerabilities and Exposures (CVEs).

Answer

To provide the marketing department with statistics regarding the most popular user interface themes.

Answer

To ensure the organization is compliant with the physical weight limits of its data center server racks.

Answer

To allow the accounting department to calculate the exact electricity cost of running each application.

Question 21

According to CIS Critical Security Control #7 (Continuous Vulnerability Management), why is it critical to perform regular automated vulnerability scans rather than relying on an annual penetration test?

Accepted Answer

To identify and remediate newly discovered security flaws in a timely manner as the threat landscape changes daily.

Answer

To replace the need for patch management processes by identifying gaps instead.

Answer

To ensure that all hardware assets are physically locked in secure locations at all times.

Answer

To satisfy the requirement of having a high number of technical reports for compliance auditors.

Question 22

When implementing CIS Control 7, what is the primary reason for performing authenticated (credentialed) vulnerability scans as opposed to unauthenticated over-the-network scans?

Accepted Answer

To provide a more comprehensive view of the local system's vulnerabilities and missing patches that are not visible from the network.

Answer

To bypass the need for a firewall when scanning internal segments.

Answer

To ensure the vulnerability scanner is not detected by an Intrusion Detection System (IDS).

Answer

To eliminate the need for an inventory of hardware and software assets.

Question 23

Which metric is commonly utilized within CIS Control 7 to prioritize the remediation of vulnerabilities based on their severity and the risk they pose to the organization?

Accepted Answer

Common Vulnerability Scoring System (CVSS)

Answer

Business Impact Analysis (BIA)

Answer

Cyclomatic Complexity Index

Answer

Mean Time to Repair (MTTR)

Question 24

Under CIS Critical Security Control 7, which practice is essential for maintaining an effective vulnerability management program when dealing with a massive volume of scan results?

Accepted Answer

Establishing a risk-based remediation strategy that prioritizes vulnerabilities with known exploits.

Answer

Disable vulnerability scanning on production servers to prevent performance degradation.

Answer

Wait for the next fiscal year's hardware refresh to replace vulnerable systems.

Answer

Manually verify every individual vulnerability before initiating any patching process.

Question 25

In the context of CIS Critical Security Control #7, what is the purpose of performing a 'Differential Scan' between two scheduled vulnerability assessment periods?

Accepted Answer

To identify changes in the attack surface, such as the appearance of new services or unauthorized changes to system configurations.

Answer

To encrypt the communication between the vulnerability scanner and the management console.

Answer

To permanently delete older vulnerability logs to save storage space on the scanner.

Answer

To calculate the total electricity consumed by the data center's cooling systems.

Question 26

According to CIS Control 7.4, what is the primary objective of establishing a dedicated vulnerability remediation process?

Accepted Answer

To ensure that identified vulnerabilities are tracked and corrected within a defined timeframe based on their risk level.

Answer

To replace the requirement for monthly vulnerability scans with a manual ticketing system.

Answer

To provide a list of employees responsible for the security breaches to the human resources department.

Answer

To automatically uninstall any software that has a vulnerability score higher than

5.0

.

Question 27

In accordance with CIS Critical Security Control 7 (Continuous Vulnerability Management), what is a key reason for conducting vulnerability scans on a recurring scheduled basis rather than an ad-hoc basis?

Accepted Answer

To identify vulnerabilities introduced by software updates, configuration changes, or newly discovered exploits since the last assessment.

Answer

To satisfy the requirement of keeping hardware drivers updated for performance optimization.

Answer

To verify that the network's bandwidth is sufficient to handle heavy traffic during peak hours.

Answer

To ensure that the organization can avoid paying for premium threat intelligence feeds.

Question 28

As part of CIS Critical Security Control #7, what is the significance of using a 'Vulnerability Scanner' that is updated with the most recent 'Vulnerability Signatures' or 'Checks'?

Accepted Answer

To ensure the tool can detect the most recently discovered security flaws and publicly disclosed exploits (CVEs).

Answer

To increase the processing speed of the server's CPU during the scanning window.

Answer

To automatically repair corrupted operating system files that are unrelated to security.

Answer

To ensure that the scanner can bypass the organization's multi-factor authentication requirements.

Question 29

Which component of CIS Critical Security Control 7 involves the regular review of logs and automated alerts to confirm that vulnerability scanning tools are operating as expected and covering the entire scoped environment?

Accepted Answer

Monitoring and maintenance of the vulnerability management system.

Answer

Developing custom exploit code for identified legacy systems.

Answer

Manual penetration testing of the database layer.

Answer

Replacing all virtual machines with physical hardware to reduce complexity.

Question 30

Under CIS Critical Security Control 7, what is the 'Vulnerability Schema' (such as SCAP - Security Content Automation Protocol) used for within an organization's security program?

Accepted Answer

To provide a standardized format for communicating vulnerability information and ensuring interoperability between different security tools.

Answer

To automatically generate legal contracts for third-party software vendors.

Answer

To calculate the depreciating financial value of hardware assets over a five-year period.

Answer

To encrypt all data at rest on mobile devices using proprietary algorithms.

Question 31

According to the CIS Controls (specifically Control 14 regarding Security Awareness and Control 3 regarding Data Protection), which physical security control is most effective at preventing unauthorized individuals from following authorized personnel into a restricted facility, a technique known as 'tailgating'?

Accepted Answer

Implementation of a mantrap or turnstile system

Answer

Utilizing biometric thumbprint scanners at the main entrance

Answer

Deploying proximity-based smart cards

Answer

Installing high-definition CCTV cameras

Question 32

In the context of CIS Control 3 (Data Protection) and physical security standards, which control is specifically designed to protect data availability by ensuring that environmental factors like fire do not result in the permanent loss of physical hardware or media?

Accepted Answer

Gaseous fire suppression systems

Answer

Standard wet-pipe water sprinklers

Answer

Motion-activated lighting

Answer

Steel reinforced perimeter fencing

Question 33

Under the CIS Controls framework, which physical security measure is essential for protecting sensitive data stored on removable media or hardware when it is not in active use within a secure office environment?

Accepted Answer

Ensuring the use of AES-256 encrypted drives stored in a locked media safe

Answer

Labeling the media with high-visibility 'Confidential' stickers

Answer

Using a standard cable lock to secure the drive to a desk

Answer

Placing hardware in a room with motion-detecting cameras

Question 34

Regarding CIS Control 3 (Data Protection), which physical security practice is used to minimize the risk of data leakage from hard copies and unattended workstations in a shared office environment?

Accepted Answer

Implementing a 'clean desk' policy and timed screen locks

Answer

Replacing all desktop computers with thin clients

Answer

Installing privacy filters on all monitors

Answer

Using badge-only access for the building elevators

Question 35

In alignment with CIS Control 3 (Data Protection) regarding the physical disposal of assets, what is considered the most secure physical control for ensuring that data on a decommissioned magnetic hard drive cannot be recovered by an unauthorized party?

Accepted Answer

Physical destruction of the drive using a shredder or industrial disintegrator

Answer

Performing a high-level software format of the disk partitions

Answer

Placing the drive in a locked recycling bin for standard e-waste collection

Answer

Assigning a unique asset tag to the drive for inventory tracking

Question 36

In the context of CIS Control 3 (Data Protection) and physical security, why is it recommended to implement physical locks or port blocks on network-accessible hardware located in public or non-secure areas?

Accepted Answer

To prevent the unauthorized physical insertion of malicious devices like USB HID injectors or hardware keyloggers

Answer

To ensure the hardware is compliant with local fire code regulations for electrical equipment

Answer

To provide a deterrent against the theft of the internal power supply units

Answer

To increase the cooling efficiency of the hardware by limiting airflow resistance

Question 37

In alignment with CIS Control 3 (Data Protection), which physical security control is specifically aimed at protecting against the unauthorized extraction of data from discarded paper documents containing sensitive information?

Accepted Answer

Implementation of cross-cut shredding with a secure chain of custody

Answer

Deploying high-resolution surveillance above all trash receptacles

Answer

Restricting physical access to the building during non-business hours

Answer

Using a standard strip-cut shredder in the main hallway

Question 38

In accordance with CIS Control 3 (Data Protection), which physical security control is specifically designed to prevent the unauthorized viewing of sensitive information on a laptop screen by individuals sitting in adjacent seats or standing nearby?

Accepted Answer

Privacy filters

Answer

Biometric screen unlocking

Answer

Anti-glare coatings

Answer

Kensington cable locks

Question 39

In the context of CIS Control 10 (Storage Maintenance, Recovery, and Disposal), which physical security control is specifically used to verify that hardware assets have not been opened or modified by unauthorized personnel while in storage or during transport?

Accepted Answer

Implementation of tamper-evident seals and labels

Answer

Usage of RFID asset tracking tags

Answer

Assignment of static IP addresses to all hardware

Answer

Installing motion sensors in the shipping department

Question 40

In accordance with CIS Control 12 (Network Infrastructure Management), which physical security control is specifically focused on preventing an unauthorized actor from gaining direct access to network cabling and distribution frames to perform wiretapping or man-in-the-middle attacks?

Accepted Answer

Utilizing locked telecommunications closets and hardened protective conduits

Answer

Deploying an Intrusion Detection System (IDS) at the network perimeter

Answer

Configuring Port Security on Layer 2 switches to limit MAC addresses

Answer

Implementing WPA3-Enterprise on all wireless access points

Related quizzes

Related quizzes