Hardening Techniques Flashcards
What can be done to harden an iSCSI SAN? Choose more than one option.
A. Configure a dedicated iSCSI VLAN
B. Enable iSCSI target authentication
C. Enable iSCSI initiator authentication
D. Patch network printers
A. Configure a dedicated iSCSI VLAN
This isolates iSCSI traffic from other network traffic, enhancing security and reducing the risk of unauthorized access or congestion.
B. Enable iSCSI target authentication
This ensures that only authorized devices can connect to the iSCSI target, preventing unauthorized access to sensitive storage resources.
Which type of security solution is Azure Bastion?
A. DDoS mitigation
B. Packet filtering firewall
C. Proxy server
D. Jump box
D. Jump box
Azure Bastion is a fully managed platform that provides secure and seamless RDP and SSH connectivity to virtual machines (VMs) in Azure without the need for a public IP address. It acts as a “jump box,” allowing administrators to securely connect to Azure VMs over the internet without exposing them directly to the internet. This minimizes the attack surface and increases security.
Which Windows Server feature is used to centralize update deployment?
A. PKI
B. AD
C. WSUS
D. GPO
C. WSUS
Windows Server Update Services (WSUS) is a feature in Windows Server that is used to centralize the deployment of updates to Windows-based computers in a network. It allows administrators to manage and distribute updates for Microsoft products within an organization, helping ensure that systems stay up-to-date with security patches and other updates.
Which Windows solution can be used to manage Microsoft updates?
A. BitLocker
B. IIS
C. WSUS
D. EFS
C. WSUS
Windows Server Update Services (WSUS) is the solution used to manage Microsoft updates. It allows administrators to centrally manage and distribute updates for Microsoft products across a network, ensuring systems stay up-to-date with security patches, bug fixes, and feature updates.
Which command updates group policy on a single device?
A. gpupdate
B. netsh
C. ipconfig
D. cipher
A. gpupdate
The gpupdate command is used to force a Group Policy update on a Windows device. It updates the policies for both the user and computer, ensuring that the latest configurations are applied without needing to restart the system.
You would like a centralized scalable option for applying updates to numerous Azure VMs. What should you create?
A. WSUS workspace
B. Log analytics workspace
C. Threat model
D. Automation account
D. Automation account
An Automation account in Azure provides a centralized and scalable solution for managing and applying updates to numerous Azure VMs. Through Azure Automation, you can automate tasks such as applying patches, orchestrating processes, and managing configurations across your virtual machines in a scalable manner.
While WSUS workspace could be useful for managing Windows updates on an on-premise network, Azure Automation is the recommended tool for centralized management and deployment of updates across Azure VMs.
What is the default listening port for a WSUS server?
A. 8530
B. 443
C. 25
D. 3389
A. 8530
The default listening port for a WSUS (Windows Server Update Services) server is 8530 for HTTP communication. If WSUS is configured to use HTTPS, the default port is 8531.
443 is used for HTTPS traffic in general.
25 is the default port for SMTP (email).
3389 is the default port for Remote Desktop Protocol (RDP).
What is the overall purpose of IT system hardening?
A. Scale the system vertically
B. Reduce the attack surface
C. Scale the system horizontally
D. Increase the attack surface
B. Reduce the attack surface
The overall purpose of IT system hardening is to reduce the attack surface by minimizing vulnerabilities. This involves configuring systems securely, disabling unnecessary services, applying patches, and ensuring that only essential services and features are enabled. The goal is to make the system less susceptible to exploitation by attackers.
