Domain 4: Operational Procedures

Question 1

3 considerations when allowing remote access to a host or network

Answer 1

• Least privilege
• Encryption
• Digital certificate on the server (to mitigate evil twin)
• Server software supporting the connection is safe

Question 2

What to enter in Remote Desktop Connection to connect to a server

Answer 2

• The server’s IP or FQDN
• Domain\Username or host\Username

Question 3

True or False: RDP is natively encrypted

Answer 3

True

Question 5

True or false: RDP client software supports Windows only

Answer 5

False
It is also available in Linux, macOS, iOS, & Android

Question 6

Screen Sharing

Answer 6

MacOS remote access app based on VNC protocol, which means any VNC client can connect

Question 7

NLA

Answer 7

Network Level Authentication

Authenticates an RDP client user before configuring a desktop, preventing the ability to create a DoS attack using pending connections

Question 8

Means of mitigating risk associated with vulnerable user credentials when connecting to a malware-infected server via RDP

Answer 8

RDP Restricted Admin (RDPRA) Mode
&
Remote Credential Guard

Question 9

RDP port number

Answer 9

TCP 3389

Question 10

How to run RDP on a Linux host

Answer 10

Use the open-source implementation XRDP

Question 11

MSRA

Answer 11

Microsoft Remote Assistance

Precursor to Quick Assist that used a dynamically assigned ephemeral port

Question 12

What is an SSH server’s host key pair used for?

Answer 12

To set up an encrypted channel so that the client can submit authentication credentials securely

Question 13

2 commonly implemented methods of SSH client authentication

Answer 13

• Password (& username)
• Public key

Question 14

A key SSH security task

Answer 14

Monitoring for & removing compromised client public keys

Question 15

RMM

Answer 15

Remote monitoring and management

Tools principally designed for use by MSPs for ensuring every host communicating on it’s client’s network is authorized & is running in a secure configuration.

[It is able to distinguish client accounts & provide support for recording & reporting billable support activity]

Question 16

EDR

Answer 16

Endpoint detection and response

Software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats

Question 17

8 common features of desktop management & remote monitoring tools

Answer 17

• Reporting
• Ticket integration
• EDR
• Push deployment of changes
• Network boot
• Firmware updates & OS installs
• Network access control
• Live chat & remote connection to hosts

Question 18

VNC port number

Answer 18

TCP 5900

Question 19

Synthetic full backup

Answer 19

Combines all incremental backups with the original full backup to create a new full one

Question 20

3-2-1 backup rule

Answer 20

3 copies of data (including production copy)
Across 2 media types
With 1 copy held offline & off site

Question 21

When should you re-test backup recovery procedures?

Answer 21

Whenever there is a change to the backup schedule or requirements

Question 22

Regulated data

Answer 22

Information that must be collected, processed, & stored in compliance with federal &/or state legislation

Question 23

True or false: an IP address is considered PII

Answer 23

Both/neither 😈
It is if it’s static, but may not be if it’s dynamic

Question 24

Regulations on the protections to be provided for stored credit card data

Answer 24

PCI DSS
Payment Card Industry Data Security Standard

Question 25

Latent evidence

Answer 25

Evidence that cannot be seen with the naked eye

Question 26

7 step procedure for ensuring data integrity & preservation from a security incident

Answer 26

1. Identify the scope
2. Video document the procedure
3. Gather evidence (cache, etc.)
4. Disable encryption & screen lock & power off devices
5. Copy disks
6. Hash the disks & copies
7. Bag, fill out form, & transport

Question 27

SE

Answer 27

Secure Erase

On HDDs: writes all zeros
On SSDs: marks all blocks as empty & erases over time

Question 28

ISE/Crypto Erase

Answer 28

Instant Secure Erase/Crypto Erase

Encrypts the drive & deletes the key

Question 29

What chain-of-custody documentation proves

Answer 29

Who has access to evidence collected from a crime scene and where and how it has been stored

Question 30

What a script syntax error will prevent

Answer 30

The script from running

Question 31

What a script logical error will cause

Answer 31

Different operation from what was intended

Question 32

Extension for the PowerShell script format

Answer 32

.PS1

Question 33

JavaScript extension

Answer 33

.JS

Question 34

JavaScript

Answer 34

Scripting language for interactive web-based content & web apps

Question 35

Python file extension

Answer 35

.PY (associated with python.exe)
.PYW (associated with pythonw.exe)

Question 36

Python cmdlet to reboot & ignore warnings about doing so

Answer 36

Restart-Computer -Force

Question 37

3 [broad] dangers of using scripts

Answer 37

• Malware
• Inadvertent system-setting changes
• Browser or system crashes due to mishandling of resources

Question 38

Visual Basic programming language extension

Answer 38

.VBS

Question 39

Linux shell script extension

Answer 39

.SH

Question 40

Policy

Answer 40

Overall statement of intent

Question 41

SOP

Answer 41

Standard operating procedure

A step-by-step list of actions that must be completed for any given task to conform with policy

Question 42

Guidelines

Answer 42

Used when no procedure exists or when a procedure should be deviated from

Question 43

Request ticket type

Answer 43

For provisioning things the IT department has an SOP for

Question 44

Incident ticket type

Answer 44

Involve errors or unexpected situations faced by end-users

Question 45

Problem ticket type

Answer 45

Problems are causes of incidents. This type of ticket is likely to be generated internally.

Question 46

Incident report

Answer 46

Aka after-action report. Lessons learned. Identify causes, recommend remediation, or preventive measures.

Question 47

5 assets procurement lifecycle stages

Answer 47

Change
Procurement
Deployment
Maintenance
Disposal

Question 48

4 ways to deal with angry customers

Answer 48

1. Low voice, soothing language, & focusing on positive actions
2. Don’t take complaints personally
3. Let the customer explain the problem while you actively listen
4. Hang up. Warn them 1st & if necessary end the call or escalate to a manager

Question 49

Most common source of safety regulations in the United States

Answer 49

OSHA Occupational Safety and Health Administration

Question 50

Best type of fire extinguisher to use on electrical equipment

Color of the label

Answer 50

Carbon dioxide

Typically black but sometimes red or white

Question 51

Ideal humidity level

Answer 51

Around 50%

Question 52

How to avoid condensation in equipment

Answer 52

Avoid warming it too quickly

Question 53

Dissipative packaging

Answer 53

Light pink or blue packaging that reduces the buildup of static in the general vicinity of the contents by being slightly more conductive than normal

Question 54

Difference between a power surge and spike

Answer 54

Spike is more intense

Question 55

Surge protector clamping voltage

Answer 55

The level at which the protection will activate (400/300V) or lower is better)

Question 56

Surge protector joules rating

Answer 56

Amount of energy it can absorb (600 or more is better). Each surge event will degrade its capability

Question 57

Surge protector amperage

Answer 57

Maximum current that can be carried (number of devices you can attach)

Question 58

How to calculate the minimum VA needed for a UPS

Answer 58

Add the wattage of all attached devices and multiply by 1.67 to account for a conversion factor