Which of the organization’s CIS Controls failed?

A security incident investigation identified the following modified version of a legitimate system file on a compromised client:

C:WindowsSystem32winxml.dll Addition Jan. 16, 2014 4:53:11 PM

The infection vector was determined to be a vulnerable browser plug-in installed by the user.

Which of the organization’s CIS Controls failed?
A . Application Software Security
B . Inventory and Control of Software Assets
C . Maintenance, Monitoring, and Analysis of Audit Logs
D . Inventory and Control of Hardware Assets

View Answer

Answer: B