Sans Top 20

Question 1

CSC1

Answer 1

CSC 1: Inventory of Authorized and Unauthorized Devices

Question 2

CSC2

Answer 2

CSC 2: Inventory of Authorized and Unauthorized Software

Question 3

CSC3

Answer 3

CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Question 4

CSC4

Answer 4

CSC 4: Continuous Vulnerability Assessment and Remediation

Question 5

CSC5

Answer 5

CSC 5: Controlled Use of Administrative Privileges

Question 6

CSC6

Answer 6

CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs

Question 7

CSC7

Answer 7

CSC 7: Email and Web Browser Protections

Question 8

CSC8

Answer 8

CSC 8: Malware Defenses

Question 9

CSC9

Answer 9

CSC 9: Limitation and Control of Network Ports, Protocols, and Services

Question 10

CSC10

Answer 10

CSC 10: Data Recovery Capability

Question 11

CSC11

Answer 11

CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

Question 12

CSC12

Answer 12

CSC 12: Boundary Defense

Question 13

CSC13

Answer 13

CSC 13: Data Protection

Question 14

CSC14

Answer 14

CSC 14: Controlled Access Based on the Need to Know

Question 15

CSC15

Answer 15

CSC 15: Wireless Access Control

Question 16

CSC16

Answer 16

CSC 16: Account Monitoring and Control

Question 17

CSC17

Answer 17

CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps

Question 18

CSC18

Answer 18

CSC 18: Application Software Security

Question 19

CSC19

Answer 19

CSC 19: Incident Response and Management

Question 20

CSC20

Answer 20

CSC 20: Penetration Tests and Red Team Exercises