MS-10-P1 Security Policies Flashcards

1
Q

Windows systems use this technology including older legacy protocols and services

A

Legacy Technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Used when DNS cannot provide name resolution using multicast

A

LLMNR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Used when LLMNR cannot provide name resolution. Uses broadcasts, whereby each computer can respond

A

NetBIOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A hacker will listen to LLMNR, NetBIOS traffic and wait for mistyped UNC to forge a response to the query and accept NTLM hash authentication and crack the hash

A

LLMNR/NetBIOS poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

MITM poisoning - impersonate a file server - relay access request from a client - relay authentication request from server - accept NTLM hash to crack

A

SMB (Server message block) Relay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Providing a digital signature for packets

A

SMB signing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Everything is encrypted

A

Zero Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Is the process of applying tight security policies that reduce the attack surface.

A

Network Operation Hardening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Windows systems use many technologies, including older legacy protocols and services that can be exploited by attackers to gain access to critical assets in the environment. Some of these technologies, when not in use, should be disabled to reduce the attack surface and narrow the options available to attackers.

A

Legacy Technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The Link-Local Multicast Name Resolution (LLMNR) protocol is a Windows environment alternative method for host resolution. It is based on the DNS packet format and allows hosts on the same local link (subnet) to perform name resolution for other hosts.

A

Disabling LLMNR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

By default, LLMNR is turned on and can be turned off through the group policy Turn off Multicast Name Resolution

A

Disabling LLMNR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

to what extent user and system actions and activities can be logged in a local machine.

A

Audit Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

is a client-server authentication protocol used by default in a Windows-based environment.

A

Kerberos Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly