CIS CIS Security & Compliance

Question 1

In a CIS implementation, Role-Based Access Control (RBAC) is used to:

Accepted Answer

Grant system access based on a user's job function rather than individual identity

Answer

RBAC assigns permissions to roles (e.g., Admin, Editor, Viewer) and then assigns users to those roles, simplifying access management at scale.

Question 2

What is the principle of least privilege in CIS security design?

Accepted Answer

Users and systems are granted only the minimum access rights needed to perform their job

Answer

The principle of least privilege limits user and system access to the minimum required, reducing the attack surface and potential damage from compromised accounts.

Question 3

Which US regulation governs the privacy and security of protected health information (PHI) that a CIS specialist must consider for healthcare implementations?

Accepted Answer

HIPAA

Answer

HIPAA (Health Insurance Portability and Accountability Act) sets US federal standards for the privacy and security of protected health information in healthcare contexts.

Question 4

During a CIS implementation, a penetration test is conducted to:

Accepted Answer

Simulate attacks to identify exploitable security vulnerabilities before go-live

Answer

Penetration testing involves authorized simulated attacks against the system to discover and fix security vulnerabilities before malicious actors can exploit them.

Question 5

What is multi-factor authentication (MFA) and why is it important in a CIS implementation?

Accepted Answer

An authentication process requiring two or more verification factors, increasing security beyond passwords alone

Answer

MFA requires users to provide multiple forms of verification (e.g., password + SMS code), significantly reducing the risk of unauthorized access from stolen credentials.

(CIS) Certified Implementation Specialist Practice Test

(CIS) Certified Implementation Specialist Practice Test

CIS CIS Security & Compliance