CIST 2601 Module 2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

anti-malware shield

is software that intercepts and scans incoming information for malware. Some shield software can also scan outgoing information for malware. The shield helps protect a computer from new malware, or from sending malware to another computer if you have enabled outgoing scanning.

trojan horse

maleware that either hides or masquerdes as a useful or benign program.

ransom ware

malware ask for paying money

gpinventory of group policy inventory tool

tool that collect information from many computer across domain tot ensure that your group policy is deploying the way that you expect

Group Policy Objects (GPO)

*an object which stored collection of Group Policy setting. *can associated with one or more users without having to edit each user setting *take effect faster (currently) and not need to log off

service level Agreement (SLA)

contract with vendor that guarantee replacement hardware or software

GPO windows management Instrumentation (WMI) filters

control when and where GPO apply Can link one WMI filter to each GPO

antivirus software

detect and mitigate some type of maleware

backup

is a crucial part of an organization's ability to recover from losing data

business continuity plan (BCP)

is an organization plan. does not focus only on IT. ensure organixation can survice any discruption and continue operating.

redundant array of independent disks (RAID)

system protect computer from disk failure relatgd data loss

redundant array of independent disks (RAID)

system protect computers from disk failure related data loss.. it store extra data an can reconstruct damaged daa if a disk fail.

recovery time objective (RTO)

the amount of time it should take to recover a resource and bring it back to normal operation

profiling

the process of comparing real computer configurations to known baselines

restore operation

the process of copying secondary copies of files back o their primary location

verify compliance with security policy --> collect information --> create baseline--> identify configurtion change--> analyze changes

...

Windows checks for new or updates GPOs every _______ minutes

90 -120

Which of the following features allows you to restrict the groups to which a GPO applies

Security filter

zero-day attack

malware that is actively exploiting an unknown vulnerability and one or more of the following is true: • The malware's actions have not been noticed and the vulnerability has not been discovered. • The malware's actions have been noticed but not identified as an attack. • The malware and the vulnerability have been identified but no fix is available yet.

rootkit

malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised. usually work together with other malware

Vulnerable intelligence Feed (VIF)

modify and distribute vulneratbility intelligence provided by Secunia

Which folder does Windows use to store AD GPOs on the domain controller?

policies

Windows will automatically cause a user logoff or system reboot after applying new or changed GPOs.

FALSE

9. Windows stores each GPO in a subfolder with the same name as the ______ of the GPO.

GUID

Which of the following tools list information about deployed GPOs and other computer specific attributes?

Gpinventory.exe

Which of the following resources is installed with Windows? 1. Group Policy Settings Reference 2. Security Compliance Management Toolkit 3. Group Policy Best Practices Analyzer 4.GPOAccelerator

Group Policy Best Practices Analyzer

Which of the following statements best describes the relationship between security policy and Group Policy

Group Policy should implement security policy

Which tool would you most likely use to edit Group Policy settings in a standalone computer

Local Group Policy Editor

container

Unlike Local GPOs, AD GPOs do nothing until you link them to one or more _______

Who holds the primary responsibility to ensure the security of an organization's information

Management

snap-in

Microsoft provide the security Template ______ to the MMC that help you to creat an mange security templates

You can use the ______ tool to view the effective settings after all current GPOs are applied to a specific user

RSOP (resultant set of policy)

cold site

have hardware in place, but not set up or configured yet

Which of the following features allows you to restrict the types of operating systems to which a GPO applies?

WMI filter

security Configuration and Analysis (SCA)

help administrators analyze computer and compar its configurations setting to a baseline. can force current setting to match setting efined in baseline.

Organizational units (OUs)

a part of active directory object that contained within domain. it is an active directory container which can place user, group, computer or other OU.

Hyper-V

a product that support creating and running virtual machines in windows server 2008. can take snapshot of virtual machine and restore from snapshot for virtual mach8ine

bare metal recovery

a restore thta includes the operating system and all configurstion setting. all you need is th3e actual hardware.

Group Policy Inventory tool

a tool to audit GPO (check to see if Group Policy is still effective if some thing change, ex: an employee is leaving )

virtualization

ability to run two or more virtual machine simultaneously on a single physical computer.

Defining GPOs in_______ gives you the ability to centralize security rules and control how Windows applies each rule.

active directory

secondary copy

additional copy of primary copy

Enterprise VUlnerability Manger (EVM)

alerting and management tool enabled effective decentralized managment and hanling of vulnerability

virtual machines

an operating system or application environment is installed on the software. it immitate dedicated hardware

microsoft baseline security analyzer (MSBA)

an tool to analyzes computers to identify insecure configurations. it can identify problem ( most common secuirty vulnerabilities, rank them in severity, provide recommendation to fix ) each one.

Corporate SOftware Inspector (CSI)

authenticated vulnearability and patch scanner

restore uses

benefit of restore is to repairing damage and undo changes from users

cooperative agreement

between 2 or more organization to help one another ( let the one have disater use part of the one dont have disaster)

hot site

complete copy of environement at a remote site. can switching environement (when have disaster)with minimum downtime.

warm site

complete copy of environment, but update periodically ( daily or weekly)

buffer overflow

condition in which a running program stores data in an area outside the memory location set aside for the data

MMC ( microsoft management console)

during install window server backup utility on windows server. it is can install backup command line tool and ______

GPO guid

each GPO has a _____ that unique identify it as a windows object.

disaster recovery plan

ensure IT infrastructure is operational and ready to suppoer primary business function. Focus mainly on IT department

SHavlik Security Analyzers

extend and enhance MBSA's functionality, integrated with MSBN, can produce out put files MBSA can read and analyze can analyze patch status that MSBA does not support ( ex: old version Microsoft office)

You can only edit user specific Group Policy settings in the Windows Registry Editor

false

audit

is an evaluation of a collection of one or more project over a period of time. we can use collected information to compare to some standatds or guidelines and then determine if your collected informtion is similar to or differernt thatn then standard infomation similar as profiing (compare security setting to base line), but can compare security setting and performance to your security policy, over a period of time.

anti-spyware software

is type of anti-malware software but primary target is spyware.

worm

malware tht is self-contained , it can replicates and send copies of itself to other computer. Worm does not need a host program to infect. first one is Morris

personal software inspector (PSI)

need to install, can scan all Microsoft software product and thirds party can scheduled scan

Resultant set of Policy (RSOP) tool

one common tool to audit GPO, more detail than Group policy inventory tool. can see effective of user after apply GPO

Secunia personal scanner

one of secunia scanner product target in personal consumers

baseline

or snapshot, is a collection of configuration setting ,and it can take on many form, for a specific purpose

group policy

organize collections of security rules that control different aspects of how Windows operates

compensating controls

other method (besides backup) to avoid losing data due to error of failure.

heuristics

practice of identifying malware bases on previous experience. it will compare observed behavior with stored malware behavior

malware

refers to all types of malicious software

MSBA command line interface

same as MBSA GUI but add can start from the command line. can use batch files to scan computer for vulnerabilities, and schedule batch files run scans un attended at anytime

NetChk Protect

scan for security issues but extend support application list ( such as firefox, acrobat, sun Java, ..) can automated patch management support agentless and agent based operation inegrated antivirus, spyware.

Online software Inspector (OSI)

scanner that run in web browser. good computer where you cannot or choose not to install scanning software. cannot schedule scans does not scan number of programs that PSI does.

MBSA GUI ( microsoft baseline security Analyzer graphic user)

select type of resource, ( specific security vulnerabilities ) want to analyze. simple

spyware

software collects information without the user's knowledge or permission

malicious software

software designed to infiltrate a target computer and carry out the attacker's instructions

virus

software that attaches itself , copies itself into another program. it cause computer to follow instructions not intened by the original program developer

security templates

store the setting that make up baselines. contain a text file that contains a list of configuration setting

volume shadow copy service (VSS)

support utilities and application in creating snapshots of a running Windows system. aware application stop writing to data files unitl the snapshot completes

The Windows Group Policy feature provides a centralized set of rules that govern the way Windows operates

true

signature

unique set of instruction of malware as instance of malware

what day is the most vulnerable to attack

wednesday because microsoft releases patch on Tuesday, and attacker know that exploit, and they try to attack target before they update the patch.

Group Policy Inventory tool and Resultant set of Policy (RSOP) tool

what are common tool to audit GPO

Secunia COrporate Products include

what branch have these products Corporate software inspector (CSI) Enterprise Vulnerability Manager (EVM) VUlneratble inelligence Feed (VIF)

HKCU entry

what entry in registry active GPOs stores in

microsoft Management COnsole (MMC)

what help create and mange security templates

primary copy

what is the copy you use most frequently

security filters

what we need to use if we want an OU GPO to only apply to some computer or user in the OU ( not all computer and users as defaul)

registry editor

where can edit group policy setting in registry.

registry

where to store Group Policy setting.

signature database

where to store collection of known malware signature

domain controller

where windows store AD GPO in a folder on _______

active directory

where you can define both Local Group Policy and Group Policies

Group policy update tool

which can force GPO distribution instead of wait every 90-120 minutes

group policy management Console (GPMC)

which is use to created AD GPOson the domain controller can creat, edit, import, export, copy, paste, backup restore search, create report GPOs

WQL ( WMI Query Language)

which is uses to define the queries for the filters.

Windows management Instrumentation (WMI) filters

which to use to control over when and where GPO apply. ( more specific ( ex: type of OS) than Security filter)

local GPO, site GPOs defined in AD, DOmain GPOs, Oranizational Unit GPO

windows apply GPO in which order?


Ensembles d'études connexes

NUR 108 Chapter 101 Basic Principles of Cancer Chemotherapy

View Set

S65 Chapter 2 - State Registration of Securities

View Set

215 Exam 3 Mobility and Nutrition

View Set

Chapter 24: Newborn Nutrition & Feeding

View Set