Which of the following actions produced the output seen below?

A. An access rule was removed from firewallrules.txt
B. An access rule was added to firewallrules2.txt
C. An access rule was added to firewallrules.txt
D. An access rule was removed from firewallrules2.txt
John is implementing a commercial backup solution for his organization. Which of the following steps should be on the configuration checklist?
A. Enable encryption if it 's not enabled by default
B. Disable software-level encryption to increase speed of transfer
C. Develop a unique encryption scheme
Which type of scan is best able to determine if user workstations are missing any important patches?
A. A network vulnerability scan using aggressive scanning
B. A source code scan
C. A port scan using banner grabbing
D. A web application/database scan
E. A vulnerability scan using valid credentials
A need has been identified to organize and control access to different classifications of information stored on a fileserver. Which of the following approaches will meet this need?
A. Organize files according to the user that created them and allow the user to determine permissions
B. Divide the documents into confidential, internal, and public folders, and ser permissions on each folder
C. Set user roles by job or position, and create permission by role for each file
D. Divide the documents by department and set permissions on each departmental folder
Why is it important to enable event log storage on a system immediately after it is installed?
A. To allow system to be restored to a known good state if it is compromised
B. To create the ability to separate abnormal behavior from normal behavior during an incident
C. To compare it performance with other systems already on the network
D. To identify root kits included on the system out of the box
To effectively implement the Data Protection CIS Control, which task needs to be implemented first?
A. The organization's proprietary data needs to be encrypted
B. Employees need to be notified that proprietary data should be protected
C. The organization's proprietary data needs to be identified
D. Appropriate file content matching needs to be configured
Janice is auditing the perimeter of the network at Sugar Water InC. According to documentation, external SMTP traffic is only allowed to and from 10.10.10.25. Which of the following actions would demonstrate the rules are configured incorrectly?
A. Receive spam from a known bad domain
B. Receive mail at Sugar Water Inc. account using Outlook as a mail client
C. Successfully deliver mail from another host inside the network directly to an external contact
D. Successfully deliver mail from web client using another host inside the network to an external contact.
What is a zero-day attack?
A. An attack that has a known attack signature but no available patch
B. An attack that utilizes a vulnerability unknown to the software developer
C. An attack that deploys at the end of a countdown sequence
D. An attack that is launched the day the patch is released
The settings in the screenshot would be configured as part of which CIS Control?

A. Application Software Security
B. Inventory and Control of Hardware Assets
C. Account Monitoring and Control
D. Controlled Use of Administrative Privileges
Kenya is a system administrator for SANS. Per the recommendations of the CIS Controls she has a dedicated host (kenya- adminbox / 10.10.10.10) for any administrative tasks. She logs into the dedicated host with her domain admin credentials. Which of the following connections should not exist from kenyaadminbox?

A. 10.10.245.3389
B. Mail.jane.org.25
C. Firewall_charon.jane.org.22
D. 10.10.10.33.443