Which of the following statements is appropriate in an incident response report?

A. There had been a storm on September 27th that may have caused a power surge

B. The registry entry was modified on September 29th at 22:37

C. The attacker may have been able to access the systems due to missing KB2965111

D. The backup process may have failed at 2345 due to lack of available bandwidth

A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.

Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator's account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?

A. Maintenance, Monitoring, and Analysis of Audit Logs

B. Controlled Use of Administrative Privilege

C. Incident Response and Management

D. Account Monitoring and Control

John a network administrator at Northeast High School. Faculty have been complaining that although they can detect and authenticate to the faculty wireless network, they are unable to connect. While troubleshooting, John discovers that the wireless network server is out of DHCP addresses due to a large number of unauthorized student devices connecting to the network. Which course of action would be an effective temporary stopgap to secure the network until a permanent solution can be found?

A. Limit access to allowed MAC addresses

B. Increase the size of the DHCP pool

C. Change the password immediately

D. Shorten the DHCP lease time

Which of the options below will do the most to reduce an organization's attack surface on the internet?

A. Deploy an access control list on the perimeter router and limit inbound ICMP messages to echo requests only

B. Deploy antivirus software on internet-facing hosts, and ensure that the signatures are updated regularly

C. Ensure that rotation of duties is used with employees in order to compartmentalize the most important tasks

D. Ensure only necessary services are running on Internet-facing hosts, and that they are hardened according to best practices

How often should the security awareness program be communicated to employees?

A. Continuously

B. Annually

C. Monthly

D. At orientation and review times

An organization has installed a firewall for Boundary Defense. It allows only outbound traffic from internal workstations for web and SSH, allows connections from the internet to the DMZ, and allows guest wireless access to the internet only. How can an auditor validate these rules?

A. Check for packets going from the Internet to the Web server

B. Try to send email from a wireless guest account

C. Check for packages going from the web server to the user workstations

D. Try to access the internal network from the wireless router

What is the list displaying?

A. Allowed program in a software inventory application

B. Unauthorized programs detected in a software inventory

C. Missing patches from a patching server

D. Installed software on an end-user device

According to attack lifecycle models, what is the attacker's first step in compromising an organization?

A. Privilege Escalation

B. Exploitation

C. Initial Compromise

D. Reconnaissance

Which of the following CIS Controls is used to manage the security lifecycle by validating that the documented controls are in place?

A. Controlled Use of Administrative Privilege

B. Account Monitoring and Control

C. Data Protection

D. Penetration Tests and Red Team Exercises

An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user. What action can they take to rectify this?

A. Force the root account to only be accessible from the system console.

B. Turn on SELinux and user process accounting for the MySQL server.

C. Force user accounts to use `sudo' f or privileged use.

D. Blacklist client applications from being run in privileged mode.