Review Questions Flashcards
What is designed to allow only trusted operating system software from Apple to load at startup?
Secure boot, beginning with the Boot ROM
Which hardware feature protects the biometric data used for Face ID and Touch ID?
Secure Enclave
Which feature encrypts all data on a volume if turned on?
FileVault
Administrator credentials are required to modify which settings in the Privacy & Security pane?
Location Services, Full Disk Access, Gatekeeper, FileVault, and Lockdown Mode
With FileVault turned on, what is required to unlock the encrypted volume?
A FileVault-enabled user or recovery key
Where can recovery keys be viewed that have been escrowed with Jamf Pro?
Navigate to the computer’s inventory record and select Disk Encryption.
How does Gatekeeper help prevent malware?
Only apps and packages signed by identified developers can be opened.
What is Apple app notarization?
Notarization is a service by Apple that allows developers who plan to distribute their software outside the App Store to submit their code to be scanned for known malware.
How does threat prevention block known malware?
Processes that match any known threats in the Jamf Protect threat database are blocked and associated files are quarantined.
The MITRE ATT&CK PRE Matrix is composed of which two tactics?
The PRE Matrix contains the Reconnaissance and Resource Development tactics
In the context of the MITRE ATT&CK Matrix, what is a procedure?
A procedure is a real-world, documented example of a technique being used to achieve a tactical goal by a malicious actor.
Which feature in Jamf Protect functions as a detection method to expose malicious actors on a system or network and is built on tactics, techniques, and procedures from the MITRE ATT&CK Matrix?
Analytics
What do insights determine about enrolled computers?
Insights check for compliance with specific profiles from the CIS Benchmark for macOS.
How are severity levels for alerts determined?
The severity level of an alert corresponds to the severity level of the analytic that triggered it: informational, low, medium, or high.
Does an action have the ability to remediate malware on an enrolled computer?
No, actions determine the type and amount of data that is sent back to Jamf Protect for processing. Threat prevention remediates threats on enrolled computers.