CIS CIS Security & Compliance

Question 1

In a CIS implementation, Role-Based Access Control (RBAC) is used to:

Accepted Answer

Grant system access based on a user's job function rather than individual identity

Answer

Control which hardware resources are allocated to each server

Answer

Encrypt data at rest

Answer

Automate user provisioning via HR feeds

Question 2

What is the principle of least privilege in CIS security design?

Accepted Answer

Users and systems are granted only the minimum access rights needed to perform their job

Answer

All users get administrator access for convenience

Answer

Privileged accounts are shared among team members

Answer

Admin access is rotated on a weekly basis

Question 3

Which US regulation governs the privacy and security of protected health information (PHI) that a CIS specialist must consider for healthcare implementations?

Accepted Answer

HIPAA

Answer

SOX

Answer

PCI DSS

Answer

FERPA

Question 4

During a CIS implementation, a penetration test is conducted to:

Accepted Answer

Simulate attacks to identify exploitable security vulnerabilities before go-live

Answer

Measure system performance under load

Answer

Validate data migration accuracy

Answer

Test user acceptance of the new interface

Question 5

What is multi-factor authentication (MFA) and why is it important in a CIS implementation?

Accepted Answer

An authentication process requiring two or more verification factors, increasing security beyond passwords alone

Answer

A method of backing up data to multiple locations

Answer

A technique for duplicating user accounts across systems

Answer

A process for validating integration payloads

Question 6

PCI DSS compliance is required for CIS implementations that involve:

Accepted Answer

Storage, processing, or transmission of payment card data

Answer

Student academic records

Answer

Healthcare patient records

Answer

Government contractor data