CS205 QUIZ 3 FINAL TERM BY MOIN AKHTAR

1. Which team tests the patches in the test environment in the vulnerability management
process?

 Information security team

 Risk & compliance team
 Business team
 IT operations team

2. Wireless access control comes under which category of CIS Top 20 Controls?
 Organizational
 Basic
 Advanced
 Foundational

3. Which of the following scan is deeper and gives more detailed scanning results?
 Initial options profile scan
 Un-credentialed vulnerability discovery
 Asset discovery scan
 Credentialed vulnerability scanning

4. Which CIS control is described in this module?

 Wireless access control
 Boundary defenses
 Malware defenses
 Data recovery capabilities

5. Which of the following system configuration management tools is used for Linux
systems?
 Active directory
 Fim
 Puppet
 Cis cat pro
6. Which of the following CIS critical controls is discussed in this module?
 Data protection
 Secure configuration for network devices
 Malware defense
 Boundary defense

7. What feature set does QUALYS scanner offer?

 Cost-effective
 Cloud-based service
 Quarterly subscription
 Not scalable

8. Why does CIS recommend configuring a monitoring system in an organization's

network?
 To detect compromise of systems at organization's network boundaries
 To record the network packets passing through the boundary
 To block malicious traffic at organization's network boundaries
 To block data loss through organization's network boundaries

9. In an enterprise, which software should be allowed to install and execute?

 Softwares displayed on notice board.
 Softwares included in white-list.
 Only paid software.
 Any freely available software.

10. What should standard secure configuration images represent?

 Hardened versions of OS only.
 Hardened versions of application installed on system only.
 Default configuration version of OS only.

 Hardened versions of underlying OS and application installed on system.

11. What feature set does QUALYS scanner offer?
 Cloud-based service
 Not scalable
 Cost-effective
 Quarterly subscription

12. How many TCP and UDP ports are scanned in a default scan?
 No ports are scanned by default
 1900 UDP ports and 180 TCP ports
 1900 TOCP ports and 180 UDP ports
 65,535 TCP ports

13. What information do we get from open TCP and UDP ports?
 Whether the host is alive or not
 Network details of the host
 Which services are running on the host
 Which OS is running on the host

14. In which mode should vulnerability scanning be performed?

 Un-authenticated mode
 Deep scan mode
 Authenticated mode
 Dedicated mode

15. Which types of plugins are supported by NESSUS scanner?

 OWASP
 CIS and DISA
 Sans and NIST
 SEI

16. Which policy is recommended by the data protection control of CIS for mobile devices
usage in an organization?
 Hard drive of mobile devices should be encrypted
 Employees should use only personal mobile devices
 Mobile devices should not be allowed
 Mobile devices are allowed for higher management only

17. As per limitation and control of network control of CIS, active ports, protocols, and
services should be associated with.
 Software assets in asset inventory
 Hardware assets in asset inventory
 All the assets in asset inventory
 Active directory domain

18. Which cloud storage should be allowed to use in an organization as per CIS?
 Hybrid cloud storage
 Authorized cloud storage
 Private cloud storage
 Public cloud storage

19. What should standard secure configuration images represent?

 Hardened versions of OS only.
 Hardened versions of application installed on system only.
 Default configuration version of OS only.
 Hardened versions of underlying OS and application installed on system.