FSSO Flashcards

1
Q

What is the recommended mode for FSSO?

A

DC Agent mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two main components of DC Agent mode

A

DC Agent on Domain Controller
Collector Agent on a windows server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What port does the FSSO collector Agent listen to?

A

8002

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What port does the collector agent forward to FTG and what does it forward

A

8000
Username
Hostname
Ip add
User groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Polling mode for FSSO can be agent or agentless based true or false

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the components of agent based polling mode?

A

No agent on the DC
Just a collector on a Windows server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does the agent based polling mode (FSSO) use to poll DC

A

By default it uses SMB port 445 top.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the three modes of polling based fsso

A

WMI
WinSecLog
NETapi

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

WMI

A

windows API DC returns all login events every 3 seconds
Reduced network load

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

WinSecLog

A

Polls all security events every 10.seconds
Slower but sees all events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

NetAPI

A

polls the NetSessionEnum function on windows every 9 seconds

Table in RAM
Faster but can miss some events if bumped out of RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What ports does the polling based collector use

A

Listens on 445
Sends on 8000 to FTG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Agentless polling mode means?

A

That FTG does all of the polling of DCs, requires more resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Is workstation verification available in agentless polling mode

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What two WinSecLog ID does agentless mode use?

A

4768 and 4769

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Do you need DNS server to hold all workstation names?

A

Yes!

17
Q

Does your FSSO agent need to match your FTG version?

A

No, but it has to match the DC Agent

18
Q

Do you have to restart the windows domain controller once you install the agent?

A

Yes

19
Q

What is SSO_Guest_Users used for

A

Allows limited network access for users not in an AD domain, can only be used with passive authentication

20
Q

Which naming convention does the FSSO collector agent use to access Windows AF in standard mode?

A

NetBios: Domain\groups

21
Q

What log level should you ebale for FSSO

A

Notification or information

22
Q

What ports are used for workstation verification

A

139 and 445