26. Misaki was trying to find the source of a virus that had recently interfered with the computers used by the Financia
Posted: Mon May 02, 2022 11:47 am
26. Misaki was trying to find the source of a virus that had
recently interfered with the computers used by the Financial team.
She had identified the executable file responsible for the
infection and was hoping the filename would appear in the log of
all URL requests made within the last 30 days. Which control would
advocate for such a log?
5. Secure Configuration for Hardware and Software on
Mobile Devices, Laptops, Workstations and Servers
2. Inventory and Control of Software Assets
7. Email and Web Browser Protections
11. Secure Configuration for Network Devices such as
Firewalls, Routers, and Switches
27. It is well known among IT professionals that services like
telnet and ftp use unencrypted protocols. Unfortunately, not all
employees at Trondu Pharmaceutical's other areas of expertise are
aware of this vulnerability, including research scientists who just
want to collaborate with each other and don't have time to bother
with IT requests. IT rarely knows when these professionals turn on
services like this. Which CIS control might be used to offer some
protection to these services?
1.0 Inventory and Control of Hardware
Assets
8.0 Malware Defenses
15.0 Wireless Access Control
9.0 Limitation and Control of Network Ports, Protocols,
and Services
28. Catriona was looking through a list of approved vendors and
discovered the cloud storage service her department was using was
not on the list. She inquired with the IT department about this and
learned the vendor they were using had suffered a number of
breaches and was not considered reliable by the Information
Security Office. Which control has Catriona encountered?
14. Controlled Access Based on the Need to
Know
2. Inventory and Control of Software Assets
19. Incident Response and Management
13. Data Protection
29. Anna's flight was delayed, again. She had already finished
her book, taken a walk around the airport terminal, and thrown back
an overpriced cocktail at the airport bar. She was bored. At least
she could surf the web on the airport WiFi using her company's
laptop. When she discovered the airport WiFi was not on the
corporate white-list of approved SSIDs, which CIS subcontrol forced
her to find something else to do?
15.5 Limit Wireless Access on Client
Devices
15.6 Disable Peer-to-Peer Wireless Network Capabilities
on Wireless Clients
18.10 Deploy Web Application Firewalls
7.7 Use of DNS Filtering Services
30. Enzo had been given a list of MAC addresses for which there
was no entry on the organization's list of computers. Enzo was to
use various network related systems to attempt to locate and
identify the source of those addresses, and when it turned out to
be a computer, add it to the list. What control is Enzo's effort
supporting?
12. Boundary Defense
1. Inventory and Control of Hardware Assets
9. Limitation and Control of Network Ports, Protocols,
and Services
3. Continuous Vulnerability Management
recently interfered with the computers used by the Financial team.
She had identified the executable file responsible for the
infection and was hoping the filename would appear in the log of
all URL requests made within the last 30 days. Which control would
advocate for such a log?
5. Secure Configuration for Hardware and Software on
Mobile Devices, Laptops, Workstations and Servers
2. Inventory and Control of Software Assets
7. Email and Web Browser Protections
11. Secure Configuration for Network Devices such as
Firewalls, Routers, and Switches
27. It is well known among IT professionals that services like
telnet and ftp use unencrypted protocols. Unfortunately, not all
employees at Trondu Pharmaceutical's other areas of expertise are
aware of this vulnerability, including research scientists who just
want to collaborate with each other and don't have time to bother
with IT requests. IT rarely knows when these professionals turn on
services like this. Which CIS control might be used to offer some
protection to these services?
1.0 Inventory and Control of Hardware
Assets
8.0 Malware Defenses
15.0 Wireless Access Control
9.0 Limitation and Control of Network Ports, Protocols,
and Services
28. Catriona was looking through a list of approved vendors and
discovered the cloud storage service her department was using was
not on the list. She inquired with the IT department about this and
learned the vendor they were using had suffered a number of
breaches and was not considered reliable by the Information
Security Office. Which control has Catriona encountered?
14. Controlled Access Based on the Need to
Know
2. Inventory and Control of Software Assets
19. Incident Response and Management
13. Data Protection
29. Anna's flight was delayed, again. She had already finished
her book, taken a walk around the airport terminal, and thrown back
an overpriced cocktail at the airport bar. She was bored. At least
she could surf the web on the airport WiFi using her company's
laptop. When she discovered the airport WiFi was not on the
corporate white-list of approved SSIDs, which CIS subcontrol forced
her to find something else to do?
15.5 Limit Wireless Access on Client
Devices
15.6 Disable Peer-to-Peer Wireless Network Capabilities
on Wireless Clients
18.10 Deploy Web Application Firewalls
7.7 Use of DNS Filtering Services
30. Enzo had been given a list of MAC addresses for which there
was no entry on the organization's list of computers. Enzo was to
use various network related systems to attempt to locate and
identify the source of those addresses, and when it turned out to
be a computer, add it to the list. What control is Enzo's effort
supporting?
12. Boundary Defense
1. Inventory and Control of Hardware Assets
9. Limitation and Control of Network Ports, Protocols,
and Services
3. Continuous Vulnerability Management