.05 RG Vocab system security - microsoft

Question 1

Windows

Answer 1

Microsoft’s proprietary operating systems, used by approximately 93% of the
world’s computers, with a closed kernel and utilizing a folder-based file system.

Question 2

Kernel Mode

Answer 2

the mode the computer processor is running in when interacting with core
system components such as hardware drivers and the bootloader.

Question 3

User Mode

Answer 3

the mode the computer processor is running in when interacting with
applications, services, sessions, and processes.

Question 4

Enterprise

Answer 4

a term that encompasses all systems Microsoft provides to help businesses
function and serve customers

Question 5

User

Answer 5

single account entity in Microsoft, can be applied to a person, device, or application

Question 6

Groups

Answer 6

used in Windows to apply collective permission sets to users

Question 7

Active Directory

Answer 7

Microsoft’s flagship enterprise user control software. It runs on Windows
Server. Oversees all users, groups, and devices in a Windows environment and allows System
Administrators to control permissions and access granularly

Question 8

Objects

Answer 8

all users, applications, and devices are considered objects in Active Directory

Question 9

Principals

Answer 9

a term used to describe user or group objects in Active Directory

Question 10

Resources

Answer 10

a term used to describe printers, servers, and computers in Active Directory

Question 11

Mobile Device Management (MDM)

Answer 11

integrated enterprise control over mobile devices
whether company-owned or in a BYOD (Bring Your Own Device) business environment

Question 12

Mobile Application Management (MAM)

Answer 12

allows control over application use and
behavior in a business environment to enhance security and limit data leakage

Question 13

Common Vulnerability and Exposure (CVE)

Answer 13

A publicly available database of known
computer security issues, each noted with a unique identifying number

Question 14

PrintNightmare (CVE-2021-34527)

Answer 14

Initially reported as a minor local privilege escalation
vulnerability, this CVE was upgraded to a critical Remote Code Execution vulnerability a few
weeks later. Several patches were published before the mitigation was found acceptable,
though many systems are still presumed vulnerable.

Question 15

EternalBlue (CVE-2017-0144)

Answer 15

A server Message Block vulnerability discovered by the NSA
and stolen by an APT known as the Shadow Brokers. The NSA reportedly knew about this
vulnerability for months before notifying Microsoft after discovering the breach.

Question 16

Supply Chain Attack

Answer 16

An attack that generally leverages other supporting software, devices,
or components from less secure providers to exploit larger, more secure companies. An
example would be installing a rootkit in a driver that is part of a chat app used by a Fortune
500 company rather than directly attacking it

Question 17

Powershell Empire

Answer 17

A suite of tools that helps penetration testers exploit local networks
using the built-in capabilities of Powershell on the victim system.

Question 18

Zero Trust

Answer 18

A security framework and mindset that presumes all data and communication
within the organization’s security perimeter is malicious or compromised.

Question 19

Identity & Access Management (IAM)

Answer 19

A framework of policies, procedures, and tools that
facilitate control over who accesses what. Physical tokens, Microsoft Authenticator, Active
Directory, Azure AD, and many other tools all fall under the offerings by Microsoft to help
facilitate Zero Trust.

Question 20

Security Incident Event Management (SIEM)

Answer 20

A broad term that refers to software
deployed throughout an enterprise network to aggregate event logging and produce alerts
based on configuration performed by the Security Operations Center (SOC).

Question 21

Extended Detection & Response (XDR)

Answer 21

Installing regular security updates and patches is
extremely important to ensuring data security

Question 22

Data Loss Prevention (DLP)

Answer 22

Practices and programs deployed to prevent unauthorized
sharing of sensitive information in the business through various methods

Question 23

Hardening

Answer 23

An all-encompassing term used to describe tools, controls, and processes used
to increase infrastructure security.

Question 24

User Configuration

Answer 24

Ensuring proper password rules and user setup is critical to server
security (and, for the most part, required in modern server software). The System
Administrator (“Sysadmin”) will use Active Directory in a Windows Enterprise environment.

Question 25

Role and Feature Configuration:

Answer 25

This is one of the first server configurations to set up
once installed. The important thing to do in this step is to enable those roles and features
that are needed and disable those that are not.

Question 26

Update Management

Answer 26

Installing regular security updates and patches is critical to ensuring
data security.

Question 27

Network Time Protocol (NTP)

Answer 27

Servers that don’t maintain strict time accuracy are in
danger of breaking configurations that rely on real-time alignment with other systems, such
as Kerberos. NTP is the protocol used to ensure this accuracy

Question 28

Firewall Configuration

Answer 28

Ensuring only the necessary ports are open (such as 80 and 443
for a web server) helps reduce possible angles of attack for hackers

Question 29

Event Logging

Answer 29

Your SIEM platform needs data to be effective. Configuring your event logs
to focus on the essential data (avoid the firehose as much as possible) will help the SOC
focus on those events that truly need investigation and mitigation

Question 30

Secure Score

Answer 30

Rating of an initial (Windows) system configuration’s overall security provided
by Microsoft Defender Advanced Threat Protection (ATP) service.