Question 1

In CIS Critical Security Controls version 8.1, the 18 Controls are organized into three implementation groups. Which group is specifically designed for 'essential hygiene' and represents the minimum standard of information security for all organizations?

Accepted Answer

Implementation Group 1 (IG1)

Answer

Implementation Group 2 (IG2)

Answer

Implementation Group 3 (IG3)

Answer

Implementation Group 0 (IG0)

Question 2

Under CIS Control 11: Data Recovery, what is the primary requirement for ensuring that backups are protected from ransomware and other integrity attacks in a CIS v8.1 environment?

Accepted Answer

Ensuring at least one backup destination is isolated from the network or is immutable.

Answer

Backing up data at least once every 365 days to a local server.

Answer

Storing backups on the same production subnet for faster recovery speeds.

Answer

Encrypting backups with a key that is stored in plaintext on the backup server.

Question 3

Under CIS Control 1: Inventory and Control of Enterprise Assets, what is the primary distinction between a 'Passive Asset Discovery' tool and an 'Active Asset Scanning' tool as defined in CIS Safeguards?

Accepted Answer

Passive tools identify assets by monitoring network traffic, while active tools send probes to identify devices.

Answer

Passive tools require an agent to be installed, while active tools only require a network connection.

Answer

Passive tools are used exclusively for wireless networks, whereas active tools are only for wired infrastructure.

Answer

Active tools are only used for decommissioning old assets, while passive tools are used for onboarding new ones.

Question 4

An organization recently discovered that an unmanaged legacy server was connected to the production network without authorization, which then became the entry point for a ransomware attack. According to CIS Control 1 (Inventory and Control of Enterprise Assets), which process should the organization have implemented to prevent this specific scenario?

Accepted Answer

Utilize active and passive discovery tools to maintain an accurate and up-to-date inventory of all assets connected to the infrastructure.

Answer

Ensure all software is updated to the latest version within 30 days of a patch release to mitigate known exploits.

Answer

Conduct quarterly vulnerability scans to identify weaknesses in the operating systems of known servers.

Answer

Implement strong multi-factor authentication for all administrative access to ensure only authorized users can log in.

Question 5

A financial services firm is reviewing its data protection strategies following an audit. They discovered that several database administrators have permanent, standing administrative access to sensitive customer records, even when not performing maintenance tasks. Which CIS Control and corresponding action should be prioritized to mitigate this risk of unauthorized data access?

Accepted Answer

CIS Control 5 (Account Management): Implement the 'Principle of Least Privilege' and transition to a 'Just-in-Time' (JIT) access model for administrative accounts.

Answer

CIS Control 8 (Audit Log Management): Increase the retention period of logs to ensure forensic investigators can track past behavior.

Answer

CIS Control 2 (Inventory of Software Assets): Ensure all database management software is tracked in a centralized inventory.

Answer

CIS Control 9 (Email and Web Browser Protection): Implement DNS filtering to prevent database administrators from visiting malicious websites.

Question 6

An IT security team is investigating a breach where the attacker gained access to a workstation and moved laterally across the network for weeks without detection. The post-incident review reveals that while logs were being generated by the servers, they were only stored locally on each machine and were periodically overwritten due to storage limits. Which CIS Control and primary action should the team implement to ensure better detection and forensics for future incidents?

Accepted Answer

CIS Control 8 (Audit Log Management): Establish a central log repository and ensure that logs from all enterprise assets are forwarded to a dedicated server for analysis.

Answer

CIS Control 6 (Access Control Management): Review and revoke all inactive user accounts that have not logged in for over 30 days.

Answer

CIS Control 3 (Data Protection): Use automated tools to identify and encrypt sensitive data residing on the local workstations.

Answer

CIS Control 9 (Email and Web Browser Protection): Enforce a policy that prevents users from installing unauthorized browser extensions.

Question 7

An employee at a healthcare provider accidentally downloaded a malicious file from a personal webmail account, which executed a script that changed the system's DNS settings. This allowed the attacker to redirect all subsequent traffic to a phishing site. According to CIS Control 9 (Email and Web Browser Protection), which safeguard would most effectively prevent this specific redirection at the network level?

Accepted Answer

Implement DNS filtering services to block access to known malicious domains and unauthorized IP addresses.

Answer

Implement a policy that requires data at rest to be encrypted using

AES-256

standards.

Answer

Conduct monthly phishing simulations to train employees on how to identify suspicious email attachments.

Answer

Require all employees to use an encrypted VPN when accessing the corporate network from home.

Question 8

An internal audit reveals that several software applications used by the accounting department are end-of-life (EOL) and no longer receive security patches, posing a significant risk to the organization. According to CIS Control 2 (Inventory and Control of Software Assets), what is the most appropriate first step to manage this risk?

Accepted Answer

Maintain a software inventory that includes the support status and end-of-life dates for all authorized software to identify unsupported applications.

Answer

Deploy a network intrusion prevention system (IPS) to detect active exploits targeting those specific software versions.

Answer

Immediately migrate the accounting data to a new cloud-based encrypted database to satisfy CIS Control 3.

Answer

Ensure all administrative accounts for the accounting software use multi-factor authentication as per CIS Control 5.

Question 9

An insurance company handles vast amounts of Sensitive Personal Information (SPI). During a security assessment, it was discovered that while the production database is secure, developers are frequently using unmasking copies of real customer data in their testing environments. Which CIS Control 3 (Data Protection) safeguard should be prioritized to rectify this?

Accepted Answer

Implement data masking or anonymization techniques to ensure that sensitive data is not used in non-production environments.

Answer

Conduct a weekly inventory of all virtual machines to ensure no unauthorized software is installed.

Answer

Ensure all development servers are configured to send audit logs to a central Security Information and Event Management system.

Answer

Implement a guest network to isolate development machines from the corporate production network.

Question 10

An organization is updating its remote access policy. They want to ensure that if a technician's credentials are stolen, the attacker still cannot access the corporate network remotely. According to CIS Control 6 (Access Control Management), which safeguard is most critical for this objective?

Accepted Answer

Require multi-factor authentication for all remote access to the enterprise network.

Answer

Maintain an inventory of all software assets to identify unauthorized VPN clients.

Answer

Ensure all remote workstations have the latest vulnerability patches installed within 24 hours.

Answer

Disable the use of CMD and PowerShell for all users who do not have a documented business need.

Question 11

An organization experiences a security incident where a former employee’s credentials were used to access a cloud-based file share two weeks after they left the company. The investigation found that while their internal network account was disabled, their cloud-specific account remained active. Which CIS Control 6 (Access Control Management) safeguard specifically addresses this failure?

Accepted Answer

Establish and maintain an inventory of accounts and ensure the timely de-provisioning of access for terminated employees.

Answer

Conduct a weekly scan for unauthorized software installations on all end-user workstations.

Answer

Ensuring all cloud storage is encrypted using organizationally managed keys at a minimum of

AES-256

.

Answer

Implement a centralized log server to capture successful and failed login attempts across the environment.

Question 12

An organization is concerned that employees are using their corporate laptops to visit high-risk websites during lunch breaks, leading to drive-by download attacks. To address this, the IT team decides to implement a solution that forces all web traffic through a secure web gateway that inspects content and blocks malicious sites. Which CIS Control and specific action are they implementing?

Accepted Answer

CIS Control 9 (Email and Web Browser Protection): Network-based URL filtering.

Answer

CIS Control 5 (Account Management): Implementing MFA for administrative accounts.

Answer

CIS Control 8 (Audit Log Management): Configuring centralized log collection.

Answer

CIS Control 1 (Inventory and Control of Enterprise Assets): Active asset discovery.

Question 13

An IT department is struggling with 'configuration drift', where servers that were initially secure have gradually become vulnerable due to manual changes and the addition of unauthorized services. According to CIS Control 4 (Configuration Management), which also interacts with CIS Control 2, what is the best automated approach to ensure that only authorized software is running and systems remain in a known-good state?

Accepted Answer

Implement software allowlisting to ensure that only authorized software can execute and use configuration monitoring tools to detect deviations from a standard secure baseline.

Answer

Deploy a dedicated log server to capture all successful logins to the domain controller and alert on administrative activity.

Answer

Conduct monthly manual audits of the 'Programs and Features' list on every server to identify and remove unauthorized applications.

Answer

Increase the frequency of full disk backups to ensure that a server can be restored to its original state within 24 hours of a failure.

Question 14

An organization is updating its data protection strategy to align with CIS Control 3. They have identified that several legacy systems contain sensitive PII, but these systems do not support modern encryption protocols for data at rest. According to the CIS guidelines for Data Protection, which of the following actions should the security team prioritize to mitigate the risk of unauthorized access or disclosure of this sensitive data?

Accepted Answer

Implement an inventory of all enterprise data, identify the sensitive PII, and apply access control lists based on the principle of least privilege.

Answer

Implement a network-level firewall to restrict all traffic to the legacy systems to internal IP addresses only.

Answer

Decommission the legacy systems immediately regardless of business impact to ensure compliance.

Answer

Apply full disk encryption using a third-party software wrapper even if it risks system instability.

Question 15

An enterprise is undergoing a security audit regarding CIS Control 3 (Data Protection). The auditor discovers that while the organization uses automated tools to identify sensitive data, they do not have a defined process for disposing of data that has reached the end of its legal retention period. Which specific Safeguard within CIS Control 3 should the organization implement to address this finding?

Accepted Answer

Establish and maintain a data retention schedule and secure disposal process.

Answer

Implement a Data Loss Prevention (DLP) solution to block outgoing transfers of old data.

Answer

Encrypt all data at rest using AES-256 to render expired data unreadable.

Answer

Configure automated cloud backups to ensure data integrity during the lifecycle.

Question 16

A financial services firm is implementing CIS Control 3 and wants to prevent unauthorized movement of sensitive customer data across its network perimeters and to external portable storage devices. Which technical control is specifically recommended within CIS Control 3 to monitor and block the transmission of sensitive data based on content and predefined patterns?

Accepted Answer

Implement a network and endpoint Data Loss Prevention (DLP) solution.

Answer

Deploy a Web Application Firewall (WAF) to inspect inbound HTTP traffic.

Answer

Implement a Privilege Access Management (PAM) system for administrative accounts.

Answer

Enable File Integrity Monitoring (FIM) on all database servers.

Question 17

An organization is looking to mature its data protection capabilities by ensuring that sensitive data transmitted over insecure networks is not intercepted. According to CIS Control 3, which approach should be taken to ensure the cryptographic integrity and confidentiality of data in transit?

Accepted Answer

Use encrypted communication protocols like TLS to protect data in transit.

Answer

Compress all data into password-protected ZIP files before emailing them to clients.

Answer

Calculate SHA-256 hashes of all files before sending them over the network.

Answer

Implement a Virtual Private Network (VPN) for all internal office communication.

Question 18

An enterprise is attempting to meet the requirements of CIS Control 3 by enhancing their 'Data Identification and Classification' efforts. The IT team has deployed an automated tool to scan file shares for sensitive information, but the tool is generating a high number of false positives. According to the guidance in SANS SEC566 and CIS Control 3, what is the most critical first step the organization should have taken before deploying the automated discovery tool?

Accepted Answer

Establish and maintain a data management process and classification scheme.

Answer

Immediately move all flagged files to an offline air-gapped storage environment.

Answer

Deploy a Data Loss Prevention (DLP) solution to block all files that the tool flags.

Answer

Increase the sensitivity of the discovery tool's heuristic engine to capture more data.

Question 19

An organization is configuring its cloud storage buckets to comply with CIS Control 3. The security team must ensure that any sensitive data accidentally uploaded to a public-facing container is not accessible to unauthorized parties. According to the Safeguards in CIS Control 3, which technical control is most effective at protecting the confidentiality of the data even if the storage container's access permissions are misconfigured to be 'Public'?

Accepted Answer

Implement data-at-rest encryption using enterprise-managed keys.

Answer

Enable logging and monitoring for all bucket access attempts.

Answer

Deploy a Cloud Access Security Broker (CASB) to monitor API calls.

Answer

Apply a naming convention that makes sensitive buckets difficult to guess.

Question 20

A healthcare organization is reviewing its compliance with CIS Control 3 (Data Protection) and identifies that developers are using production databases containing Patient Health Information (PHI) to test new application features. To align with CIS Safeguards regarding the protection of sensitive data in non-production environments, which of the following is the most appropriate action?

Accepted Answer

Implement data masking or use an automated tool to generate synthetic data for use in non-production environments.

Answer

Isolate the development environment from the internet using a physical air-gap.

Answer

Encrypt the production database with a unique key before moving it to the development environment.

Answer

Require all developers to sign a non-disclosure agreement (NDA) before accessing the production data in dev.

Question 21

A multinational corporation is implementing CIS Control 3 and needs to ensure that access to sensitive financial records is restricted exclusively to the authorized finance team. According to the CIS Safeguards, which process should be integrated with Data Protection to ensure that only individuals with a 'need-to-know' can access specific data classifications?

Accepted Answer

Implement role-based access control (RBAC) and the principle of least privilege as part of a data management process.

Answer

Implement a 'bring your own device' (BYOD) policy to allow finance staff to work from any location.

Answer

Require all employees to undergo annual security awareness training regarding data classification.

Answer

Deploy a network intrusion detection system (NIDS) to monitor all traffic to the finance servers.

Question 22

A mid-sized company is adopting the CIS Controls and is currently focusing on Control 3.3, 'Configure Data Access Control Lists.' After successfully classifying their data, they discover that their primary file server has 'Everyone: Read' permissions on a folder containing sensitive project specifications. Which action best fulfills the intent of this specific Safeguard within Control 3?

Accepted Answer

Remove the 'Everyone' permission and implement access control lists (ACLs) that restrict access based on the specific business 'need-to-know'.

Answer

Apply a digital watermark to all documents within the folder to identify the source of potential leaks.

Answer

Enable auditing on the folder to track who accesses the files without changing the permissions.

Answer

Move the files to an encrypted USB drive and store it in a locked safe.

Question 23

A legal firm is implementing CIS Control 3 (Data Protection) and is focusing on Safeguard 3.6, which involves 'Encrypting Data on Removable Media'. A recent audit found that employees frequently use USB flash drives to transport case files to remote courtrooms. Which of the following is the most compliant method to meet this CIS requirement?

Accepted Answer

Implement a technical policy that enforces the use of hardware-encrypted USB drives or software-based full-disk encryption for all removable media.

Answer

Implement a script that automatically deletes any data on a USB drive that has not been accessed for more than 30 days.

Answer

Require employees to password-protect individual Word documents before copying them to a standard USB drive.

Answer

Create a written policy prohibiting the use of personal USB drives and rely on employee adherence to the policy.

Question 24

An enterprise is reviewing its access control logs and discovers that several former employees still have active accounts with access to sensitive customer data. According to CIS Control 4 (Safe Safeguard 4.2), which specific process should the security team implement to resolve this issue and prevent its recurrence?

Accepted Answer

Establish and follow a process to revoke access immediately upon termination or change in role.

Answer

Implement Multi-Factor Authentication (MFA) for all external-facing applications.

Answer

Conduct a centralized inventory of all enterprise assets and software.

Answer

Encrypt all sensitive databases using AES-256 bit encryption.

Question 25

A financial firm recently experienced a credential stuffing attack where an attacker gained access to a standard user account and attempted to perform administrative tasks. The audit revealed that the user had remained logged in on a shared workstation for 48 hours without re-authentication. Which CIS Control 4 safeguard would best mitigate this risk by limiting the window of opportunity for an attacker?

Accepted Answer

Define and enforce session timeouts for all access to enterprise assets.

Answer

Require a minimum of 16 characters for all hardware BIOS passwords.

Answer

Maintain an inventory of all physical devices on the network.

Answer

Disable all wireless access points in the administrative office.

Question 26

A mid-sized company discovered that several junior IT administrators are using their daily-use accounts to perform high-level configuration changes on the core network switches. This practice violates the principle of least privilege as defined in CIS Control 4. Which action should the organization take to align with Safeguard 4.3?

Accepted Answer

Ensure that users perform administrative tasks with dedicated, separate accounts from their primary email and productivity accounts.

Answer

Grant administrative rights to all employees to ensure business continuity during an emergency.

Answer

Install a firewall at the perimeter to block all inbound traffic originating from outside the country.

Answer

Assign complex passwords to standard users and allow them to share those passwords within their department.

Question 27

A healthcare provider is attempting to strengthen its Access Management (CIS Control 4) after a breach involving a remote worker. The investigation showed the attacker used a stolen password to access the Virtual Private Network (VPN). To comply with CIS Safeguard 4.5, which control remains the most critical for all remote access and administrative accounts?

Accepted Answer

Require Multi-Factor Authentication (MFA) for all remote network access.

Answer

Conduct a weekly physical audit of server room access logs.

Answer

Implement a policy that requires passwords to be changed every 30 days.

Answer

Install host-based intrusion detection systems on all workstations.

Question 28

An organization is migrating its local directory services to a cloud-based environment. To maintain compliance with CIS Control 4 (Access Management), the security architect insists that all authentication requests must be handled through a single, central provider rather than allowing individual cloud applications to manage their own local user databases. Which CIS Safeguard is being implemented?

Accepted Answer

Establish and maintain a centralized access management system.

Answer

Perform annual penetration testing on the identity provider.

Answer

Restrict access to scripting tools and command-line interpreters.

Answer

Implement automated alerting for account lockouts and failures.

Question 29

An IT manager notices that the help desk team is manually creating user accounts across five different platforms every time a new employee is hired, leading to inconsistent naming conventions and forgotten permissions. According to CIS Control 4.1, which strategy should the manager implement to streamline this and ensure a single 'source of truth' for identities?

Accepted Answer

Establish and maintain a centralized access management system.

Answer

Mandate that all employees use a different password for every platform.

Answer

Deploy an automated patch management system for third-party software.

Answer

Install a network-based intrusion prevention system (IPS) at the gateway.

Question 30

A security auditor discovers that a company allows its developers to use the same account for writing code, checking email, and performing production database schema changes. To align with CIS Control 4 (Safe Safeguard 4.3), what specific measure must the company take regarding these administrative privileges?

Accepted Answer

Maintain an inventory of administrative accounts and ensure they are dedicated only to privileged activities, separate from primary computing accounts.

Answer

Limit the developers to only using the corporate wireless network for all coding activities.

Answer

Provide developers with guest-level access to the production environment to speed up troubleshooting.

Answer

Ensure all developer accounts have their passwords hashed using the MD5 algorithm.

Question 31

An enterprise is looking to reduce the 'attack surface' by identifying and removing accounts that have not been used for over 90 days. According to CIS Control 4 (Safe Safeguard 4.7), which practice should the organization implement to manage the lifecycle of these credentials correctly?

Accepted Answer

Establish and maintain an inventory of accounts and disable any inactive accounts regularly.

Answer

Migrate the inactive accounts to a legacy server with no internet access.

Answer

Assign the inactive accounts to a different department's budget for tracking.

Answer

Increase the password complexity requirements for the inactive accounts.

Question 32

An organization is updating its security policy to address 'dormant accounts' that belong to contractors who have completed their projects but were never formally offboarded. According to CIS Control 4.7, what is the recommended frequency for reviewing and disabling these accounts?

Accepted Answer

At least quarterly, or more frequently.

Answer

Every two years during the hardware refresh cycle.

Answer

Once per decade as part of a long-term infrastructure review.

Answer

Only after a confirmed security breach has occurred.

Question 33

An organization is configuring its Cloud Infrastructure and discovers that a specific service account is being used by multiple developers to automate server deployments. According to CIS Control 4 (Access Management), which action should the organization take to ensure accountability and follow Safeguard 4.4?

Accepted Answer

Maintain an inventory of service accounts and ensure each is dedicated to a specific application or process.

Answer

Disable all service accounts and require manual deployments by a senior administrator only.

Answer

Convert the service account into a standard user account with a long, complex password.

Answer

Allow developers to continue sharing the account but require them to log their usage in a spreadsheet.

Question 34

According to CIS Control 4: Secure Configuration of Enterprise Assets and Software, why is it critical to disable or remove dormant accounts that have not been used for a period of 45 days or more?

Accepted Answer

To reduce the available attack surface and prevent unauthorized access through forgotten credentials.

Answer

To increase the processing speed of the domain controller by reducing the database size.

Answer

To comply with federal tax regulations regarding employee payroll and benefits.

Answer

To ensure that the software license count is automatically updated in the cloud provider portal.

Question 35

In accordance with CIS Control 4 (Account Management), what is the recommended practice for managing administrative privileges within an enterprise?

Accepted Answer

Maintain an inventory of privileged accounts and ensure administrators use a dedicated, secondary account for elevated activities.

Answer

Grant all employees 'Power User' status to minimize IT support tickets related to software installation.

Answer

Hardcode administrative credentials into automated scripts to ensure continuous service availability.

Answer

Use a single, shared 'SuperAdmin' account for the entire IT team to simplify password management.

Question 36

Regarding CIS Control 4, which security measure is specifically recommended for all access to enterprise assets, whether managed on-premises or by a third-party provider, to enhance authentication security?

Accepted Answer

Require Multi-Factor Authentication (MFA) for all user accounts.

Answer

Implement a policy that requires users to change passwords every 30 days.

Answer

Allow users to choose their own security questions for account recovery.

Answer

Disable all firewall rules for accounts originating from known internal IP ranges.

Question 37

Which specific action does CIS Control 4 recommend taking immediately upon the termination or transformation of an employee's role within the enterprise?

Accepted Answer

Deactivate or remove the associated user accounts to prevent unauthorized access.

Answer

Change the user's display name to 'Inactive' while keeping the password the same.

Answer

Transfer the account's existing permissions to the employee's direct supervisor.

Answer

Archive the account's data but keep the login active for one year for audit purposes.

Question 38

Under CIS Control 4 (Account Management), what is the primary purpose of 'Establish and Maintain an Inventory of Accounts'?

Accepted Answer

To ensure the enterprise only has active, authorized accounts and to detect unauthorized or orphaned accounts.

Answer

To track the physical location of users while they are logged into the network.

Answer

To calculate the total cost of ownership for each user's hardware and software.

Answer

To provide a public directory for external marketing partners to contact employees.

Question 39

Which specific sub-control within CIS Control 4 (Account Management) addresses the unique risks associated with service accounts such as those used by automated processes and applications?

Accepted Answer

Establish and maintain an inventory of service accounts, regularly reviewing their necessity and ensuring they have the minimum permissions required.

Answer

Treat service accounts exactly like standard user accounts by requiring manual password changes every 90 days.

Answer

Automatically grant service accounts domain administrator rights to prevent application timeouts.

Answer

Allow multiple applications to share the same service account to simplify auditing and password rotation.

Question 40

Which of the following describes the 'Unique Identifiers' requirement as defined in CIS Control 4 for Account Management?

Accepted Answer

Ensuring that every account is associated with a specific person or service, and that no account is shared among multiple individuals.

Answer

Assigning the same username to different people as long as they work in different departments.

Answer

Ensuring that passwords contain at least one unique mathematical symbol

AES-256

for complexity.

Answer

Using a single shared 'Guest' account for all short-term contractors to simplify credentials.

Question 41

Which specific technical measure is advocated by CIS Control 4 for managing administrative accounts and ensuring they are not used for non-administrative tasks such as web browsing or email?

Accepted Answer

Maintain a dedicated, separate account for all administrative roles and restrict those accounts from accessing general productivity tools.

Answer

Allow administrative logins only if the user's password contains more than

AES-256

bits of entropy.

Answer

Install a second web browser on the administrator's workstation specifically for administrative tasks.

Answer

Limit the daily login duration of privileged accounts to no more than 4 hours.

Question 42

Which of the following describes the 'Centralized Account Management' principle recommended in CIS Control 4?

Accepted Answer

Using a directory service or an automated system to manage the lifecycle of all user, administrator, and service accounts.

Answer

Allowing each department to maintain their own independent local account databases for increased speed.

Answer

Requiring each employee to physically sign a ledger every time they log in to a workstation.

Answer

Ensuring that all user passwords are encrypted using a

AES-256

-bit transposition cipher stored in a text file.

Question 43

Which specific implementation in CIS Control 4 (Account Management) helps mitigate the risk of 'pass-the-hash' attacks and other credential theft techniques specifically for local administrative accounts on workstations?

Accepted Answer

Use a tool or process to ensure that local administrator passwords are unique and managed for each individual asset.

Answer

Set the same local administrator password across all workstations to streamline emergency IT support.

Answer

Configure workstations to allow any user in the 'Domain Users' group to modify system registry files.

Answer

Disable the local administrator account and use a shared domain account for all local repairs.

Related quizzes

Related quizzes