bpa & scm Flashcards
what are the main functions of bpa
- checks if the configurations fit microsoft’s best practices
- automatically detects roles installed on the server and suggests configurations based on it
briefly explain how often should bpa be used
bpa should be used every 3-6 months. however, this ranges depending on the company.
it should also be used whenever windows updates as the updates may carry updates for microsoft’s best practices or a new role has been installed for the server.
identify the limitations of bpa
- only suggests what changes should be made not how to make them
- since only comparing to microsoft’s best practices might not be appropriate for specific uses
- only works on microsoft based servers
- only works on servers not clients
- dependent on consistent updates by microsoft
what are the main functions of scm
- gpo can be imported into scm to create a baseline
- make automatic changes to the server based on the role selected
- can be used to compare baselines
identify the limitations of scm
- only works on microsoft ecosystem
- dependant on consistent updates by microsoft to update its rules
- can be resource intensive when used on a large scale
list 2 prerequisites that scm needs configured compared to bpa
scm needs to have its dependencies installed (sql db express, .net framwork etc.) but bpa does not.
scm needs baseline to be customised to the organisation’s needs while bpa can automatically detect the server’s installed roles.
list 2 differences between scm and bpa
scm is applicable for both clients and servers while bpa is only applicable to clients.
scm is used to manage security baselines while bpa is used to check if settings follow microsoft’s best practices.
identify 2 scenarios where it is more appropriate to use scm instead of bpa
when trying to configure a baseline for both server and clients.
when trying to compare baselines by importing and exporting
when trying to create customised security baselines instead of analysing best practices
