Q14. According to attack lifecycle models, what is the attacker’s first step in compromising an organization?

Q15. What could a security team use the command line tool Nmap for when implementing the Inventory and Control of Hardware Assets Control?

Q16. Which of the following CIS Controls is used to manage the security lifecycle by validating that the documented controls are in place?

Q17. During a security audit which test should result in a source packet failing to reach its intended destination?

Q18. Which of the following actions would best mitigate against phishing attempts such as the example below?

Q19. An organization wants to test its procedure for data recovery. Which of the following will be most effective?

Q20. Which CIS Control includes storing system images on a hardened server, scanning production systems for out-of-date software, and using file integrity assessment tools like tripwire?

Q21. Which of the following actions produced the output seen below?

Q22. Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log. Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?

Q23. An analyst investigated unused organizational accounts. The investigation found that:
-10% of accounts still have their initial login password, indicating they were never used
-10% of accounts have not been used in over six months
Which change in policy would mitigate the security risk associated with both findings?

Q24. To effectively implement the Data Protection CIS Control, which task needs to be implemented first?

Q25. Which of the following is necessary for implementing and automating the Continuous Vulnerability Assessment and Remediation CIS Control?

Q26. What is the first step suggested before implementing any single CIS Control?

Q27. Scan 1 was taken on Monday. Scan 2 was taken of the same network on Wednesday. Which of the following findings is accurate based on the information contained in the scans?

Q28. As part of a scheduled network discovery scan, what function should the automated scanning tool perform?

Q29. Review the below results of an audit on a server. Based on these results, which document would you recommend be reviewed for training or updates?

Q30. Which of the following is used to prevent spoofing of e-mail addresses?

Q31. Based on the data shown below.

Which wireless access point has the manufacturer default settings still in place?

Q32. An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user. What action can they take to rectify this?

Q33. An organization has implemented a policy to continually detect and remove malware from its network. Which of the following is a detective control needed for this?

Q34. An attacker is able to successfully access a web application as root using ‘ or 1 = 1 . as the password. The successful access indicates a failure of what process?

Q35. An organization has created a policy that allows software from an approved list of applications to be installed on workstations. Programs not on the list should not be installed. How can the organization best monitor compliance with the policy?

Q36. As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic. Which event should they receive an alert on?