(3) Analysis Of User Behavior And Data Formats

Question 1

What is User Behavior Analysis

Answer 1

User Behavior Analysis involves an understanding of good behavior and bad behavior

Question 2

What is abnormal account activity?

Answer 2

Abnormal account activity depends on the user account. A good user is probably not going to try to get admin rights, log in way after hours, from another country, etc.

Baselines and behavioral analysis are normally used to ID users who may in fact be doing something incorrect

Question 3

Describe PowerShell

Answer 3

PowerShell is a native scripting environment for Windows. Originally it was made for Windows system admins and is now open sourced for Windows, Linux, and Mac

Question 4

How is shell scripting useful in terms of resources

Answer 4

Shell scripting is a good way to leverage resources that can be expected to be available on most systems.

Question 5

Describe the restricted, allsigned, and remotesigned execution policies in PowerShell

Answer 5

Restricted is the default PowerShell execution policy, and it blocks all PowerShell scripts

AllSigned requires all PowerShell scripts that you run are signed by a trusted publisher

RemoteSigned allows the execution of PowerShell scripts that you use on a local machine but it requires scripts downloaded from the Internet be signed by a trusted publisher

Question 6

Describe the Unrestricted and Bypass execution policies

Answer 6

Unrestricted allows the execution of any PowerShell script but prompts a confirmation of the request allowing you to run a script downloaded from the Internet

Bypass lets a PowerShell script run and does not produce any warnings for scripts downloaded from the internet

Question 7

What is the syntax to set an execution policy to remote signed in PowerShell

Answer 7

Set-ExecutionPolicy RemoteSigned