Black Friday Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

What is a recommended defense for the CIS Control for Application Software Security?

A.

Keep debugging code in production web applications for quick troubleshooting

B.

Limit access to the web application production environment to just the developers

C.

Run a dedicated vulnerability scanner against backend databases

D.

Display system error messages for only non-kernel related events

To effectively implement the Data Protection CIS Control, which task needs to be implemented first?

A.

The organization’s proprietary data needs to be encrypted

B.

Employees need to be notified that proprietary data should be protected

C.

The organization’s proprietary data needs to be identified

D.

Appropriate file content matching needs to be configured

IDS alerts at Service Industries are received by email. A typical day process over 300 emails with fewer than 50 requiring action. A recent attack was successful and went unnoticed due to the number of generated alerts. What should be done to prevent this from recurring?

A.

Tune the IDS rules to decrease false positives.

B.

Increase the number of staff responsible for processing IDS alerts.

C.

Change the alert method from email to text message.

D.

Configure the IDS alerts to only alert on high priority systems.

Which of the following is a requirement in order to implement the principle of least privilege?

A.

Mandatory Access Control (MAC)

B.

Data normalization

C.

Data classification

D.

Discretionary Access Control (DAC)

An organization is implementing a control for the Account Monitoring and Control CIS Control, and have set the Account Lockout Policy as shown below. What is the risk presented by these settings?

A.

Brute-force password attacks could be more effective.

B.

Legitimate users could be unable to access resources.

C.

Password length and complexity will be automatically reduced.

D.

Once accounts are locked, they cannot be unlocked.

Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log. Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?

A.

access-list outbound permit tcp host 10.1.1.7 any eq smtp

B.

access-list outbound deny tcp any host 74.125.228.2 eq www

C.

access-list inbound permit tcp 8.8.0.0 0.0.0.255 10.10.12.252 eq 8080

D.

access-list inbound permit tcp host 8.8.207.97 host 10.10.12.100 eq ssh

An organization has implemented a policy to detect and remove malicious software from its network. Which of the following actions is focused on correcting rather than preventing attack?

A.

Configuring a firewall to only allow communication to whitelisted hosts and ports

B.

Using Network access control to disable communication by hosts with viruses

C.

Disabling autorun features on all workstations on the network

D.

Training users to recognize potential phishing attempts