S1 M3

Question 1

5 CIS design principles

Answer 1

Align
Measurable
Offense informs defense
Focused
Feasible

Question 1

What are CIS

Answer 1

Recommendations of a set of actions, processes, and best practices which can be implemented to strengthen their cybersecurity defenses

Question 2

CIS Control 1 - Inventory and Control of Enterprise Assets

Answer 2

Maintaining an asset inventory list showing totality of assets so you know what you needs to be monitored and protected

Question 3

CIS Control 2 - Inventory and Control of Software Assets

Answer 3

Organizations are to track and actively monitor what software they have so only authorized software may be installed and unauthorized software is deleted

Question 4

CIS Control 3 - data protection

Answer 4

helps organizations securely manage the entire life cycle of their data

Question 5

CIS Control 4 - Secure configuration of Enterprise Assets and Software

Answer 5

Helps organizations establish and maintain a secure baseline

Question 6

CIS Control 5 - Account Management

Answer 6

Helps organizations manage credentials and authorization for user accounts

Question 7

CIS Control 6 - Access Control Management

Answer 7

Individuals should only have access to privileges required for their role.

Control involves deleting out accounts based on least privilege, granting and revoking access

Question 8

CIS Control 7 - Continuous Vulnerability Management

Answer 8

Continuously tracking your vulnerabilities so you can identify and eliminate weak points or windows of opportunity

Question 9

CIS Control 8 - Audit log management

Answer 9

Keeping a log of events so you can be alerted to and recover from cyber attacks

Question 10

CIS Control 9 - Email and web browser protection

Answer 10

Control provides recommendations on how to detect and protect against cybercrime attempted through email or the internet

Enforce URL filtering
block certain file types
Restrict ability to install add-ons