.05 RG Vocab system security - microsoft Flashcards

1
Q

Windows

A

Microsoft’s proprietary operating systems, used by approximately 93% of the
world’s computers, with a closed kernel and utilizing a folder-based file system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Kernel Mode

A

the mode the computer processor is running in when interacting with core
system components such as hardware drivers and the bootloader.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

User Mode

A

the mode the computer processor is running in when interacting with
applications, services, sessions, and processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Enterprise

A

a term that encompasses all systems Microsoft provides to help businesses
function and serve customers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

User

A

single account entity in Microsoft, can be applied to a person, device, or application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Groups

A

used in Windows to apply collective permission sets to users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Active Directory

A

Microsoft’s flagship enterprise user control software. It runs on Windows
Server. Oversees all users, groups, and devices in a Windows environment and allows System
Administrators to control permissions and access granularly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Objects

A

all users, applications, and devices are considered objects in Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Principals

A

a term used to describe user or group objects in Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Resources

A

a term used to describe printers, servers, and computers in Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Mobile Device Management (MDM)

A

integrated enterprise control over mobile devices
whether company-owned or in a BYOD (Bring Your Own Device) business environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Mobile Application Management (MAM)

A

allows control over application use and
behavior in a business environment to enhance security and limit data leakage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Common Vulnerability and Exposure (CVE)

A

A publicly available database of known
computer security issues, each noted with a unique identifying number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

PrintNightmare (CVE-2021-34527)

A

Initially reported as a minor local privilege escalation
vulnerability, this CVE was upgraded to a critical Remote Code Execution vulnerability a few
weeks later. Several patches were published before the mitigation was found acceptable,
though many systems are still presumed vulnerable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

EternalBlue (CVE-2017-0144)

A

A server Message Block vulnerability discovered by the NSA
and stolen by an APT known as the Shadow Brokers. The NSA reportedly knew about this
vulnerability for months before notifying Microsoft after discovering the breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Supply Chain Attack

A

An attack that generally leverages other supporting software, devices,
or components from less secure providers to exploit larger, more secure companies. An
example would be installing a rootkit in a driver that is part of a chat app used by a Fortune
500 company rather than directly attacking it

17
Q

Powershell Empire

A

A suite of tools that helps penetration testers exploit local networks
using the built-in capabilities of Powershell on the victim system.

18
Q

Zero Trust

A

A security framework and mindset that presumes all data and communication
within the organization’s security perimeter is malicious or compromised.

19
Q

Identity & Access Management (IAM)

A

A framework of policies, procedures, and tools that
facilitate control over who accesses what. Physical tokens, Microsoft Authenticator, Active
Directory, Azure AD, and many other tools all fall under the offerings by Microsoft to help
facilitate Zero Trust.

20
Q

Security Incident Event Management (SIEM)

A

A broad term that refers to software
deployed throughout an enterprise network to aggregate event logging and produce alerts
based on configuration performed by the Security Operations Center (SOC).

21
Q

Extended Detection & Response (XDR)

A

Installing regular security updates and patches is
extremely important to ensuring data security

22
Q

Data Loss Prevention (DLP)

A

Practices and programs deployed to prevent unauthorized
sharing of sensitive information in the business through various methods

23
Q

Hardening

A

An all-encompassing term used to describe tools, controls, and processes used
to increase infrastructure security.

24
Q

User Configuration

A

Ensuring proper password rules and user setup is critical to server
security (and, for the most part, required in modern server software). The System
Administrator (“Sysadmin”) will use Active Directory in a Windows Enterprise environment.

25
Q

Role and Feature Configuration:

A

This is one of the first server configurations to set up
once installed. The important thing to do in this step is to enable those roles and features
that are needed and disable those that are not.

26
Q

Update Management

A

Installing regular security updates and patches is critical to ensuring
data security.

27
Q

Network Time Protocol (NTP)

A

Servers that don’t maintain strict time accuracy are in
danger of breaking configurations that rely on real-time alignment with other systems, such
as Kerberos. NTP is the protocol used to ensure this accuracy

28
Q

Firewall Configuration

A

Ensuring only the necessary ports are open (such as 80 and 443
for a web server) helps reduce possible angles of attack for hackers

29
Q

Event Logging

A

Your SIEM platform needs data to be effective. Configuring your event logs
to focus on the essential data (avoid the firehose as much as possible) will help the SOC
focus on those events that truly need investigation and mitigation

30
Q

Secure Score

A

Rating of an initial (Windows) system configuration’s overall security provided
by Microsoft Defender Advanced Threat Protection (ATP) service.