Developing Your Mac Compliance Strategy(not needed for exam) Flashcards
What describes a fundamental aspect that informs Apple’s modern approach to security?
A. A great user-first experience
B. An intentional separation between hardware, software, and services
C. A commitment to give IT administrators the tools and responsibility for the security of their entire ecosystem
A. A great user-first experience
The biggest advantage of deploying and supporting Apple devices in organizations is that they’re all designed around the same core design, as one core experience.
Which foundational component of Apple’s approach to device management provides advanced security monitoring and response tools for macOS?
A. Apple Business Manager
B. Endpoint API
C. MDM framework
B. Endpoint API
Apple provides an Endpoint Security API for third-party developers to build advanced security monitoring and response tools for macOS.
What is an improved security feature that provides a stronger and more attractive alternative to common two‑factor authentication types?
A. Passkeys
B. Touch ID
C. Smart cards
A. Passkeys
Passkeys replace passwords with cryptographic key pairs, which makes servers less valuable targets for hackers, so people can never be tricked into using their passkey to sign in to a fraudulent app or website.
Which technology did Apple pioneer to better understand patterns of behavior while protecting an individual user’s privacy?
A. Endpoint API
B. Secure Enclave
C. Differential privacy
C. Differential privacy
Apple’s differential privacy technology helps obscure your identity when data must go to Apple servers.
Which strategy element is most commonly associated with policies focused on protecting the organization?
A. Privacy
B. Security
C. Compliance
C. Compliance
The compliance element addresses polices related to protecting the organization from legal action or financial penalties.
What are the defined rule files for securing the operating system in the mSCP?
A. Scripts
B. Baselines
C. Rules
B. Baselines
Baselines are made up of YAML data files you’ll use to define the type of compliance that you want to build.
Which organization provides a catalog of security and privacy controls for information systems and organizations to minimize internal and external security risks?
A. NIST
B. mSCP
C. YAML
A. NIST
NIST provides a catalog of security and privacy controls for information systems and organizations to minimize internal and external security risks.
What contains the generated outputs from your baseline in the mSCP?
A. Includes
B. Scripts
C. Build
C. Build
The build directory contains the generated outputs such as documents, mobileconfig, and so on.
Which directory contains the tailored versions of the rules and sections files?
A. Scripts
B. Build
C. Custom
C. Custom
Baselines are the recipes you’ll use to define the type of compliance that you want to make.
What are the endpoint requirements for the mSCP?
A. macOS
B. Ruby
C. Python
D. Xcode command-line developer tools
A. macOS
The only endpoint requirement for the mSCP is macOS.
Where do you download the mSCP repository?
A. Box
B. Apple compliance website
C. NIST GitHub
C. NIST GitHub
The mSCP repository is hosted on the NIST GitHub website.
Which parts of a rules file help identify the commands used to determine compliance?
A. ID and Discussion
B. References and Tag
C. Check, Result, and Fix
C. Check, Result, and Fix
The check, result, and fix fields in a rule file work in concert to determine compliance when deployed on an endpoint.
Which number is closest to the actual number of rules in the rules folder?
A. 301 (6 supplemental)
B. 158 (12 supplemental)
C. 1090 (30 supplemental)
A. 301 (6 supplemental)
The current version of the mSCP repository contains more than 300 rules and 6 supplemental rules.
Which git command do you use to switch between branches in your local copy of the mSCP repository?
A. git checkout
B. git pull
C. git status
A. git checkout
You use the checkout command to switch between branches.
Which component of the mSCP represents the individual control settings that are mapped to compliance requirements?
A. Baseline
B. Benchmark
C. Control mapping
D. Rules
D. Rules
Rules contain the individual control settings that are mapped to compliance requirements.
Which of the following describes how rules and baselines are associated with each other in the mSCP?
A. By preference.plist files stored in System Settings
B. By key value pairs stored in a configuration profile
C. By metadata tags contained in the individual rule and baseline files
C. By metadata tags contained in the individual rule and baseline files
Rules and baselines are associated with each other by metadata tags contained in the individual rule and baseline files.
What is the function of the -s argument when executing the generate_guidance.py script?
A. To sign configuration profiles with a certificate
B. To generate a shell script for running scans on endpoint devices
C. To generate the guidance documentation in Excel spreadsheet format
D. To generate configuration profiles and plist files to be used with your MDM solution
B. To generate a shell script for running scans on endpoint devices
The -s argument generates a script that you can use to run a compliance scan on endpoint devices and remediate noncompliant settings.
Which application opens the log file generated from a compliance tool scan?
A. Terminal
B. Log Viewer
C. Activity Monitor
D. Console
D. Console
After you run a Terminal command to open the log file, it opens the log file in Console.
Where is the compliance audit report stored?
A. /Library/Logs
B. /Library/Preferences
C. /Library/mSCP/reports
D. /Library/compliance/
B. /Library/Preferences
The compliance audit report is stored in a preference plist file in /Library/Preferences.
Which mSCP feature can you use to measure the current state of your managed devices to mitigate security gaps?
A. Build a baseline
B. Generate guidance
C. Choose a benchmark
D. Run a compliance script
D. Run a compliance script
Running a compliance script measures the current state of your managed endpoint to determine what controls and settings to apply and change on the device to meet the compliance requirements specified in the baseline’s rules.
