CIST 2601 Module 2
anti-malware shield
is software that intercepts and scans incoming information for malware. Some shield software can also scan outgoing information for malware. The shield helps protect a computer from new malware, or from sending malware to another computer if you have enabled outgoing scanning.
trojan horse
maleware that either hides or masquerdes as a useful or benign program.
ransom ware
malware ask for paying money
gpinventory of group policy inventory tool
tool that collect information from many computer across domain tot ensure that your group policy is deploying the way that you expect
Group Policy Objects (GPO)
*an object which stored collection of Group Policy setting. *can associated with one or more users without having to edit each user setting *take effect faster (currently) and not need to log off
service level Agreement (SLA)
contract with vendor that guarantee replacement hardware or software
GPO windows management Instrumentation (WMI) filters
control when and where GPO apply Can link one WMI filter to each GPO
antivirus software
detect and mitigate some type of maleware
backup
is a crucial part of an organization's ability to recover from losing data
business continuity plan (BCP)
is an organization plan. does not focus only on IT. ensure organixation can survice any discruption and continue operating.
redundant array of independent disks (RAID)
system protect computer from disk failure relatgd data loss
redundant array of independent disks (RAID)
system protect computers from disk failure related data loss.. it store extra data an can reconstruct damaged daa if a disk fail.
recovery time objective (RTO)
the amount of time it should take to recover a resource and bring it back to normal operation
profiling
the process of comparing real computer configurations to known baselines
restore operation
the process of copying secondary copies of files back o their primary location
verify compliance with security policy --> collect information --> create baseline--> identify configurtion change--> analyze changes
...
Windows checks for new or updates GPOs every _______ minutes
90 -120
Which of the following features allows you to restrict the groups to which a GPO applies
Security filter
zero-day attack
malware that is actively exploiting an unknown vulnerability and one or more of the following is true: • The malware's actions have not been noticed and the vulnerability has not been discovered. • The malware's actions have been noticed but not identified as an attack. • The malware and the vulnerability have been identified but no fix is available yet.
rootkit
malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised. usually work together with other malware
Vulnerable intelligence Feed (VIF)
modify and distribute vulneratbility intelligence provided by Secunia
Which folder does Windows use to store AD GPOs on the domain controller?
policies
Windows will automatically cause a user logoff or system reboot after applying new or changed GPOs.
FALSE
9. Windows stores each GPO in a subfolder with the same name as the ______ of the GPO.
GUID
Which of the following tools list information about deployed GPOs and other computer specific attributes?
Gpinventory.exe
Which of the following resources is installed with Windows? 1. Group Policy Settings Reference 2. Security Compliance Management Toolkit 3. Group Policy Best Practices Analyzer 4.GPOAccelerator
Group Policy Best Practices Analyzer
Which of the following statements best describes the relationship between security policy and Group Policy
Group Policy should implement security policy
Which tool would you most likely use to edit Group Policy settings in a standalone computer
Local Group Policy Editor
container
Unlike Local GPOs, AD GPOs do nothing until you link them to one or more _______
Who holds the primary responsibility to ensure the security of an organization's information
Management
snap-in
Microsoft provide the security Template ______ to the MMC that help you to creat an mange security templates
You can use the ______ tool to view the effective settings after all current GPOs are applied to a specific user
RSOP (resultant set of policy)
cold site
have hardware in place, but not set up or configured yet
Which of the following features allows you to restrict the types of operating systems to which a GPO applies?
WMI filter
security Configuration and Analysis (SCA)
help administrators analyze computer and compar its configurations setting to a baseline. can force current setting to match setting efined in baseline.
Organizational units (OUs)
a part of active directory object that contained within domain. it is an active directory container which can place user, group, computer or other OU.
Hyper-V
a product that support creating and running virtual machines in windows server 2008. can take snapshot of virtual machine and restore from snapshot for virtual mach8ine
bare metal recovery
a restore thta includes the operating system and all configurstion setting. all you need is th3e actual hardware.
Group Policy Inventory tool
a tool to audit GPO (check to see if Group Policy is still effective if some thing change, ex: an employee is leaving )
virtualization
ability to run two or more virtual machine simultaneously on a single physical computer.
Defining GPOs in_______ gives you the ability to centralize security rules and control how Windows applies each rule.
active directory
secondary copy
additional copy of primary copy
Enterprise VUlnerability Manger (EVM)
alerting and management tool enabled effective decentralized managment and hanling of vulnerability
virtual machines
an operating system or application environment is installed on the software. it immitate dedicated hardware
microsoft baseline security analyzer (MSBA)
an tool to analyzes computers to identify insecure configurations. it can identify problem ( most common secuirty vulnerabilities, rank them in severity, provide recommendation to fix ) each one.
Corporate SOftware Inspector (CSI)
authenticated vulnearability and patch scanner
restore uses
benefit of restore is to repairing damage and undo changes from users
cooperative agreement
between 2 or more organization to help one another ( let the one have disater use part of the one dont have disaster)
hot site
complete copy of environement at a remote site. can switching environement (when have disaster)with minimum downtime.
warm site
complete copy of environment, but update periodically ( daily or weekly)
buffer overflow
condition in which a running program stores data in an area outside the memory location set aside for the data
MMC ( microsoft management console)
during install window server backup utility on windows server. it is can install backup command line tool and ______
GPO guid
each GPO has a _____ that unique identify it as a windows object.
disaster recovery plan
ensure IT infrastructure is operational and ready to suppoer primary business function. Focus mainly on IT department
SHavlik Security Analyzers
extend and enhance MBSA's functionality, integrated with MSBN, can produce out put files MBSA can read and analyze can analyze patch status that MSBA does not support ( ex: old version Microsoft office)
You can only edit user specific Group Policy settings in the Windows Registry Editor
false
audit
is an evaluation of a collection of one or more project over a period of time. we can use collected information to compare to some standatds or guidelines and then determine if your collected informtion is similar to or differernt thatn then standard infomation similar as profiing (compare security setting to base line), but can compare security setting and performance to your security policy, over a period of time.
anti-spyware software
is type of anti-malware software but primary target is spyware.
worm
malware tht is self-contained , it can replicates and send copies of itself to other computer. Worm does not need a host program to infect. first one is Morris
personal software inspector (PSI)
need to install, can scan all Microsoft software product and thirds party can scheduled scan
Resultant set of Policy (RSOP) tool
one common tool to audit GPO, more detail than Group policy inventory tool. can see effective of user after apply GPO
Secunia personal scanner
one of secunia scanner product target in personal consumers
baseline
or snapshot, is a collection of configuration setting ,and it can take on many form, for a specific purpose
group policy
organize collections of security rules that control different aspects of how Windows operates
compensating controls
other method (besides backup) to avoid losing data due to error of failure.
heuristics
practice of identifying malware bases on previous experience. it will compare observed behavior with stored malware behavior
malware
refers to all types of malicious software
MSBA command line interface
same as MBSA GUI but add can start from the command line. can use batch files to scan computer for vulnerabilities, and schedule batch files run scans un attended at anytime
NetChk Protect
scan for security issues but extend support application list ( such as firefox, acrobat, sun Java, ..) can automated patch management support agentless and agent based operation inegrated antivirus, spyware.
Online software Inspector (OSI)
scanner that run in web browser. good computer where you cannot or choose not to install scanning software. cannot schedule scans does not scan number of programs that PSI does.
MBSA GUI ( microsoft baseline security Analyzer graphic user)
select type of resource, ( specific security vulnerabilities ) want to analyze. simple
spyware
software collects information without the user's knowledge or permission
malicious software
software designed to infiltrate a target computer and carry out the attacker's instructions
virus
software that attaches itself , copies itself into another program. it cause computer to follow instructions not intened by the original program developer
security templates
store the setting that make up baselines. contain a text file that contains a list of configuration setting
volume shadow copy service (VSS)
support utilities and application in creating snapshots of a running Windows system. aware application stop writing to data files unitl the snapshot completes
The Windows Group Policy feature provides a centralized set of rules that govern the way Windows operates
true
signature
unique set of instruction of malware as instance of malware
what day is the most vulnerable to attack
wednesday because microsoft releases patch on Tuesday, and attacker know that exploit, and they try to attack target before they update the patch.
Group Policy Inventory tool and Resultant set of Policy (RSOP) tool
what are common tool to audit GPO
Secunia COrporate Products include
what branch have these products Corporate software inspector (CSI) Enterprise Vulnerability Manager (EVM) VUlneratble inelligence Feed (VIF)
HKCU entry
what entry in registry active GPOs stores in
microsoft Management COnsole (MMC)
what help create and mange security templates
primary copy
what is the copy you use most frequently
security filters
what we need to use if we want an OU GPO to only apply to some computer or user in the OU ( not all computer and users as defaul)
registry editor
where can edit group policy setting in registry.
registry
where to store Group Policy setting.
signature database
where to store collection of known malware signature
domain controller
where windows store AD GPO in a folder on _______
active directory
where you can define both Local Group Policy and Group Policies
Group policy update tool
which can force GPO distribution instead of wait every 90-120 minutes
group policy management Console (GPMC)
which is use to created AD GPOson the domain controller can creat, edit, import, export, copy, paste, backup restore search, create report GPOs
WQL ( WMI Query Language)
which is uses to define the queries for the filters.
Windows management Instrumentation (WMI) filters
which to use to control over when and where GPO apply. ( more specific ( ex: type of OS) than Security filter)
local GPO, site GPOs defined in AD, DOmain GPOs, Oranizational Unit GPO
windows apply GPO in which order?
