Chapter 12 Part 1
Which security practice is an example of the Principle of Least Privilege?
All users on a Windows workstation are limited users except for one user who is responsible for maintaining the system.
One of the Windows workstations you manage has four user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. The fourth account is the Guest user account, which has been enabled to allows management employees convenient workstation access. Each limited and administrative user has been assigned a strong password. File and folder permissions have been disabled on the system. What should you do to increase the security of this system?
Disable the Guest account.
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. What else could you do to increase the security of this system?
Install a privacy filter on the monitor. Secure the system to the desk with a cable lock.
Match each security policy on the left with the appropriate description on the right. Each security policy may be used once, more than once, or not at all.
Provides a high-level overview of the organization's security program. -- Organizational Security Policy Defines an employee's rights to use company property. -- Acceptable Use Policy Identifies the requirements for credentials used to authenticate to company-owned systems. -- Password Policy Identifies a set of rules or standards that define personal behaviors. -- Code of Ethics Sets expectations for user privacy when using company resources. -- Acceptable Use Policy Specifies that user accounts should be locked after certain number of failed logins attempts. -- Password Policy
The chain of custody is used for what purpose?
Retaining evidence integrity by identifying people coming into contact with evidence
One of the Windows workstations you manage has three user accounts defined on it. Two of the users are limited users while the third (you account) is an administrative user. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. What else could you do to increase the security of this system?
Set a screensaver password. Disable autorun on the system.
Which of the following is an important aspect of evidence gathering?
Backing up all log files and audit trails
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?
Chain of custody
Examines data at rest, such as analyzing hard drive contents
Dead Analysis
Examines an active (running) computer system to analyze the network connection, memory contents, and running programs
Live Analysis
Do a complete memory dump to save the contents of physical RAM
Method to save the contents of memory as part of a forensic investigation
Which are examples of a strong password?
TuxP3nguinsRn0V3l. il0ve2EatIceCr3am.
