Test 3 Flashcards
What are the special “folders” that we create within Active Directory users and computers actually called?
Organizational Units
What can be applied to the special “folders” within Active Directory users and computers to help control things like password policies and resource access rights?
Group Policy Objects
What is the full name for Microsoft’s patch management solution that is baked into Windows Server?
Windows Server Update Services
What web server component gets installed along with Microsoft’s baked in patch management role?
IIS [Internet Information Services]
What command did we run to “push out” changes that we made to Active Directory policies?
gpupdate / force
Making sure those who should be able to access the data they need is known as this part of the CIA triangle…
Availability
What do each of the CIA letters stand for in the CIA triangle?
Confidentiality, Integrity, Availability
What is data integrity?
Making sure data has not been tampered with or erroneously altered; either purposefully or accidentally
This is the second A in the AAA of infosec and is the second step of what happens when you log into a machine
Authorization
This is the type of “ticket” that windows Active Directory servers issue to a user when they authenticate; it is what is used to authorize access to devices and data
Kerberos
When a user enters in their username and password, it is this first A of the AAA of infosec
Authenication
This windows server role allows us to manage all phases of authentication, including password policies
Active Directory
If I download a list of “known passwords” to use in a password attack, that list would be known as what?
Dictionary
Give me the two password settings that can prevent a user from re-using the same password
Minimum password age and password history
Password “strength” is a measurement of these two variables
Length and complexity
The material that is contained in most UPS batteries…
Lead
The main vertical structures of a rack that support everything else are known as these; they come in 2 or 4 varieties…
Posts
These are the horizontal metal pieces that the servers and other rack mountable devices actually attach to…
Rails
These are the numbers that are written in the vertical structure pieces of a rack
Rack units
This is the typical width of server racks; in fact, they will actually be referred to as ___ racks
19 inches
What is the name of the approach you should take to patch management?
One, some, many
What does mitigation mean?
Ways to reduce risk
Software that tells a piece of hardware how it is to operate and requires a special process known as flashing to update it is known as…
Firmware
A Microsoft update that is securing against a vulnerability that could be used to spread an internet work would be given this rating…
Critical
A vulnerability that, while not allowing the creation of a worm, may lead to the compromise of the CIA triangle would be given this Microsoft severity rating…
Inportant
Software that is no longer being supported is known.L to have reached this…
EOL [End of Life]
When you require an extra step for authentication beyond just the user’s password… a biometric could be one
Multifactor
A vulnerability whose exploitation is protected against by default configuration and auditing would probably be given this Microsoft severity rating
Moderate
These oft overlooked devices can be used as “bastion hosts” to launch further attacks against a network; please do make sure to patch and secure them…
Printers
The “new” type of surgical ion that we talked about in class. It may allow us to move beyond passwords, but it is currently struggling with vendor lock in issues
Passkeys
Giving users ONLY the permissions they need to get their job done is known as this technology concept…
Least privilege
To force a specific Lock Screen, you would need to configure a setting under this main section of a GPO
Computer settings
When setting permissions on the security tab in windows, yoh are said to be setting these filesystem permissions
NTFS
If I remove your ability to change your screensaver via group policy, it can be said that I remove a user ____ from your account
Right
Name the only time that an allow permission can override a deny permission with the appropriate terminology
When the deny is IMPLICIT and the allow is EXPLICIT
What a backup gets everything on a machine it is known as this type of backup…
Full
This type of backup backs up just files that have changed since the last backup; no matter what type of backup the previous one was
Incremental
Name the two storage appliance types that are anagrams and often use technologies like RAID and ISCSI to achieve a large amount of storage that can be network accessible for things like backup or running virtual machines from…
SAN or NAS
This type of backup will allow you to restore to a machine with a very similar hardware layout; in case a major component of your system dies
Bare metal
This Microsoft technology exposes a point-in-time snapshot of a drive so that things that are normally locked [like open files or running databases] can be backed up
Shadow copies
This technology is NOT a form of backup in itself, but might be used as a place to store backup files if configured with an appropriate level to achieve redundancy to provide fault tolerance
RAID
This type of backup gets everything that has been modified since the last full backup; no matter how many other types of backups have been run in between
Differential
This was a previous gold standard for large amounts of long term storage and is often still used by companies today for offsite archival purposes
Magnetic tape
If you are backing up “to the cloud”, then tech/business types would probably refer to it as this type of backup
Off prem
What is the 3,2,1 rule of backup?
3 copies of any important file, stored on 2 different types of storage media, and 1 copy should be stored off site
What f do it’s GPO stand for?
Group Policy Object?
Setting this password policy will force a user to have to change their password if it is older than the setting
Max password age
This is the name of the one “default” GPO that exists when you first setup Active Directory and applied across your entire domain
Default Domain Policy
This password setting includes that the user cannot use more than 2 consecutive characters from their first/last name or username
Password must meet complexity requirements
These are the two password policies you can set in a GPO that work together to thwart brute force and/or dictionary attacks
Lockout threshold and lockout duration
This is an exploit for which there currently is no patch available from the vendor
Zero day
These items that add functionality to your web browser often have vulnerabilities that are found within them abd should be patched regularly
Plug-ins or extensions
If I go public with proof of concept code without letting the vendor of the vulnerable program I just exploited know, I have practiced this
Unethical disclosure
If I prevent machines at my company from being exploited by disabling 16-but software support until Microsoft can release a patch, I have practiced one of these; 2 possible answers
Mitigating factors or workaround
This AV technology tries to identify threats which it does not have specific definitions or signature files for by suspect actions a piece of malware might be taking; like writing to kernel memory
Heuristics
This backup technology shrinks data that is stored in a storage medium down to a smaller size for storage/transmission in one of several ways
Compression
This backup technology aims to prevent storing multiple copies of the same file in backup sets to reduce overall storage needs
Deduplication
If you want to keep a new folder you just created from getting permissions from the folder that contains it then you need to do this…
Disable inheritance
If a user changes positions at you organization several times and never has their old permissions removed, they are getting these; no fault of their own
Creeping privileges
Microsoft has rebranded service packs to these new forms of a patch that contains all updates that have been released up until a certain point of time
Feature updates
