Lesson 19: Using Support and Scripting Tools Flashcards
You are updating a procedure that lists security considerations for remote access technologies. One of the precautions is to check that remote access ports have not been opened on the firewall without authorization. Which default port for VNC needs to be monitored?
‘Virtual Network Computing’ (VNC) uses TCP port 5200 by default.
True or false? You can configure a web server running on Linux to accept remote terminal connections from clients without using passwords.
True. This can be configured using public key authentication with the ‘Secure Shell’ (SSH) protocol. The server can be installed with the public keys of authorized users.
You are joining a new startup business that will perform outsourced IT management for client firms. You have been asked to identify an appropriate software solution for off-site support and
to ensure that ‘service level agreement’ (SLA) metrics for downtime incidents are adhered to. What general class of remote access technology will be most suitable?
‘Remote monitoring and management’ (RMM) tools are principally designed for use by ‘managed service providers’ (MSPs). As well as remote access and monitoring, this class of tools supports management of
multiple client accounts and billing / reporting.
Users working from home need to be able to access a PC on the corporate network via RDP. What technology will enable this without having to open the RDP port to Internet access?
Configure a ‘virtual private network’ (VPN) so that remote users can connect to the corporate LAN and then launch the ‘remote desktop protocol’ (RDP) client to connect to the office PC.
What backup issue does the synthetic job type address?
A synthetic full backup reduces data transfer requirements and, therefore, backup job time by synthesizing a
full backup from previous incremental backups rather than directly from the source data.
You are documenting workstation backup and recovery methods and want to include the 3-2-1 backup rule. What is this rule?
It states that you should have three copies of your data across two media types, with one copy held offline and off site. The production data counts as one copy.
For which backup / restore issue is a ‘cloud-based’ backup service an effective solution?
The issue of provisioning an off-site copy of a backup. Cloud storage can also provide extra capacity.
What frequent tests should you perform to ensure the integrity of backup settings and media?
You can perform a test restore and validate the files. You can run an integrity check on the media by using, for example, ‘chkdsk’ on a hard drive used for backup. Backup software can often be configured to perform an integrity check on each file during a backup operation. You can also perform an audit of files included in a
backup against a list of source files to ensure that everything has been included.
You are updating data handling guidance to help employees recognize different types of regulated data. What examples could you add to help identify healthcare data?
Personal healthcare data is medical records, insurance forms, hospital / laboratory test results, and so on.
Healthcare information is also present in de-identified or anonymized data sets.
An employee has a private license for a graphics editing application that was bundled with the purchase of a digital camera. The employee needs to use this temporarily for a project and installs it on her computer at work. Is this a valid use of the license?
No. The license is likely to permit installation to only one computer at a time. It might or might not prohibit commercial use, but regardless of the license terms, any installation of software must be managed by the IT department.
Why are the actions of a first responder critical in the context of a forensic investigation?
Digital evidence is difficult to capture in a form that demonstrates that it has not been tampered with. Documentation of the scene and proper procedures are crucial.
What does chain-of-custody documentation prove?
Who has had access to evidence collected from a crime scene and where and how it has been stored.
Your organization is donating workstations to a local college. The workstations have a mix of HDD and SSD fixed disks. There is a proposal to use a Windows boot disk to delete the partition information for each disk. What factors must be considered before proceeding with this method?
Using standard formatting tools will leave data remnants that could be recovered in some circumstances. This might not be considered high risk, but it would be safer to use a vendor low-level format tool with
support for ‘Secure Erase’ or ‘Crypto Erase’.
You are auditing a file system for the presence of any unauthorized Windows shell script files. Which three extensions should you scan for?
.PS1 for ‘PowerShell scripts’, .VBS for ‘VBScript’, and .BAT for ‘cmd batch files’.
You want to execute a block of statements based on the contents of an inventory list. What type of code construct is best suited to this task?
You can use any type of loop to iterate through the items in a list or collection, but a ‘For’ loop is probably the simplest.