Join the discussion
Question 1/33
A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.
Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator's account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?
Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator's account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?
Correct Answer: C
Add Comments
- Other Question (33q)
- Q1. A breach was discovered after several customers reported fraudulent charges on their accou...
- Q2. After installing a software package on several workstations, an administrator discovered t...
- Q3. What could a security team use the command line tool Nmap for when implementing the Invent...
- Q4. Which approach is recommended by the CIS Controls for performing penetration tests?...
- Q5. Which of the following archiving methods would maximize log integrity?...
- Q6. An auditor is validating the policies and procedures for an organization with respect to a...
- Q7. An organization has failed a test for compliance with a policy of continual detection and ...
- Q8. What tool creates visual network topology output and results that can be analyzed by Ndiff...
- Q9. An organization has created a policy that allows software from an approved list of applica...
- Q10. What is the first step suggested before implementing any single CIS Control?...
- Q11. Implementing which of the following will decrease spoofed e-mail messages?...
- Q12. Which of the following actions will assist an organization specifically with implementing ...
- Q13. Which type of scan is best able to determine if user workstations are missing any importan...
- Q14. An organization has implemented a control for penetration testing and red team exercises c...
- Q15. An organization has implemented a policy to detect and remove malicious software from its ...
- Q16. What is the business goal of the Inventory and Control of Software Assets Control?...
- Q17. Which of the following should be measured and analyzed regularly when implementing the Sec...
- Q18. Allied services have recently purchased NAC devices to detect and prevent non-company owne...
- Q19. Why is it important to enable event log storage on a system immediately after it is instal...
- Q20. Below is a screenshot from a deployed next-generation firewall. These configuration settin...
- Q21. Dragonfly Industries requires firewall rules to go through a change management system befo...
- Q22. An organization is implementing a control for the Limitation and Control of Network Ports,...
- Q23. Executive management approved the storage of sensitive data on smartphones and tablets as ...
- Q24. Which of the following is a requirement in order to implement the principle of least privi...
- Q25. An organization wants to test its procedure for data recovery. Which of the following will...
- Q26. An administrator looking at a web application's log file found login attempts by the same ...
- Q27. Of the options shown below, what is the first step in protecting network devices?...
- Q28. How can the results of automated network configuration scans be used to improve the securi...
- Q29. An Internet retailer's database was recently exploited by a foreign criminal organization ...
- Q30. Which projects enumerates or maps security issues to CVE?...
- Q31. Which of the options below will do the most to reduce an organization's attack surface on ...
- Q32. Acme Corporation is doing a core evaluation of its centralized logging capabilities. Which...
- Q33. Which of the following is necessary to automate a control for Inventory and Control of Har...
