MTA 98-368 - Concepts A

Ace your homework & exams now with Quizwiz!

BYOD is a concept adopted by some companies to save on cost and increase productivity, this is by allowing users to use their over devices for work and personal use; as you can imagine there are many risks to this. The follow are technologies used to eliminate, control or reduce these risks.

Bring Your Own Device (BYOD)

this is one-way encryption, used when there is no intention to decrypt the data, passwords are a common example

Hash function

Lowers the probability of service failure.

High Availability of Microsoft Azure

(Internet Key Exchange) is needed for VPN Reconnect.

IKEv2

Windows 8.1 and newer, macOS, Android, iOS and Windows 10 Phone (Linux is not supported).

Intune platform support

this is when we would only want to remove any corporate data added to the device. Leaving installed applications in place.

Intune selective wipe

are scalable to meet increased demand within a certain time window.

Microsoft Azure applications

is a cloud-based service for document share and collaboration.

Office 365

is another Microsoft solution for mobility access; the app allows you to connect to remote PCs, virtual apps and desktops from one app (you will need permission from a system admin).

Remote Desktop app

is used to manage devices attached to a domain. It has a Portal App which allows users of Windows 8 and 10 to view and install applications that administrators make available to them.

SCCM

An authentication factor using biometrics, such as a fingerprint scanner.

Something you are

Authentication factor that relies on a piece of knowledge (password, PIN).

Something you know

the clue is in the name with this one, this type of malware is designed to spy on user activity.

Spyware

requires 2 drives to be useful and is a good option for performance, however is does not provide full protection.

Storage Spaces: Simple

Appears at the right of the taskbar and gives you easy access to system functions. The System Tray will appear on your main display when using dual monitors.

System tray/ notification area

is a series of interconnected LANs, this allows us to communicate with other networks and share resources, for example using a browser to access a webserver. The Internet is classed as a public network, it is open for anyone to use and isn't managed by anyone.

The Internet

In this model, an organisation pays a cloud provider for the use of infrastructure (servers, compute power, storage). This allows an organisation to set up their own Cloud based servers and would only need to worry about the install and licensing of the Operating System and software, no hardware to support or purchase. • Microsoft Azure and Amazon EC2 are examples of IaaS.

Infrastructure as a Service

Full wipe will revert the device back to factory settings.

Intune full wipe

This provided many features that FAT32 did not have, such as compression, encryption, disk quotas and file permissions; the maximum (efficient) drive size is 2TB.

NTFS (New Technology File System)

Bing, Bing App linking provides a link within a website that directs the user to the websites app when ie using a mobile device.

Office 365 Search service

SharePoint for Library and Document services. OneDrive is a well-used feature in Office 365 offering both free and paid versions

Office 365 Storage services

Lync online and Skype for Business

Office 365 communication service

On-premises IT refers to the physical equipment that is hosted within an organisation. This may include servers, workstations, laptops and printers. While most of these devices are still required for users to carry out their daily duties, at the server end (where costs are highest) Cloud Services are seeing a shift away from on-premises IT.

On-premises IT

available on mobile devices, built into Windows 8/8.1/10, Server OSs also support OneDrive - Server 2008 SP2 and newer. OneDrive is not built into Windows 7, macOS or Linux but the application can be downloaded

OneDrive

is when the public key is available to anyone and the private key is only used by the organisation securing the data. This means that anyone can encrypt and secure data, but without the private key it cannot be decrypted. A Public key can be sent to someone or published in a certificate, SSL & PGP both use this method.

Public-key encryption (asymmetric encryption)

can automatically verify and correct data to avoid file system errors. It should be used in drives over 2TB; currently used in servers but is possible with Windows 10.

ReFS

Centralises applications on the same trusted and reliable platform that governments, financial services companies and other large organisations use for sensitive information.

Remote App feature of Microsoft Azure

is a virtual application that provides access to applications running from a server; virtual apps can be accessed from a variety of devices and platforms, including Windows, Windows RT (mobile), iOS, macOS and Android. The app is essentially streamed to the device. Note - RDP is used to create a session between the client and server for access to the virtual apps.

RemoteApp

used to secure connections to websites using encryption. It uses a certificate on the server, this has been signed by a certificate authority and is presented to the web browser; this provides both authentication and security.

SSL

(2-way or 3-way); 3-way requires at least 5 drives and 2-way mirror can only tolerate one drive failure.

Storage Spaces: Mirror

for storage efficiency and to protect your files from drive failure by keeping multiple copies.

Storage Spaces: Parity

Microsoft is trying the phase out Control Panel and replace it for the Settings Menu, which is seen in Windows 10. This UI is seen to be more user friendly and aesthetically pleasing.

Windows 10 Settings Panel

is another common tab, not only do we love to personalise our desktop and screens but users are also passionate about their background images of their pets. Within Windows 10 we can now spread out the taskbar across multiple monitors, this would be configured in the personalisation tab. (If you have Windows 10 have a play around with the settings menu).

Windows 10 Settings Panel:Personalisation

typically used to gather information about the device (OS version, CPU, RAM etc.), enable Remote Desktop and add a device to a Domain (you will need a Domain administrator account to do this).

Windows 10 Settings Panel:System

is a server role that encrypts and limits access to documents such as Word, web pages, email and much more.

Windows Rights Management Services (AD RMS)

You can configure the Start menu, profiles, display settings, shortcuts, and group configurations and capabilities

Within the OS

is a Microsoft solution that is native with Windows 10, user data is stored on the server and synchronised to the users device when connected to the internet. The good thing about Work Folders is that any files can be worked on locally without a connection to the corporate network; any changes will be automatically synced and can be manually synced if the file does not appear. Work folders can be hosted from an Azure VM and work from inside Office apps.

Work Folders

provides seamless two-factor authentication and single sign-on to workplace resources and applications for mobile devices; it is certificate based and the device doesn't need to be on the Domain.

Workplace Join

a software program capable of reproducing itself that can spread from one computer to the next over a network; consuming bandwidth and stealing data are two of many worm abilities.

Worm

is an open vendor neutral file system typically used for DVDs and other optical media.

UDF (Universal Disk Format) file system

is a common way to allow access to your company network from an external connection (e.g. for someone working from home). Tunnelling protocols are used which include encryption and device authentication.

VPN (Virtual Private Network)

A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data

Virus

Using a firewall, antivirus, keeping systems updated and user education are effective

Ways to lower the risk of malware

Microsoft's latest storage solution is Storage Spaces

local storage

A security system that requires more than one method of proving someone or something is who or what it is declared to be. Different methods are used to independently verify the user's identity for a transaction or sign-in attempt, such as a password plus a fingerprint. Each layer increases the difficulty an attacker faces trying to breach the security of a target.

multifactor authentication (MFA)

Microsoft offers several solutions for online applications and data storage. Examples include OneDrive, Microsoft Azure storage, OneNote, Outlook and Office 365

Cloud storage services

Keeping a device up to date is one of the best ways of securing it and updates should not be ignored. This should also apply to apps and software; updates and patches are released when new features are available, or security flaws need patching. In a domain environment you can manage updates centrally using Windows Server Update Services (WSUS).

Configure updates

Is a starting point for configuring your device. It has applets which enable you to make changes, for example the System applet enables you to add a computer to a domain.

Control Panel

An authentication factor using something physical, such as a smart card or token.

Something you have

supports multi-touch, Windows experience and Workplace JoinStart Menu/Screen integration, and enables end users to use the latest devices to interact with their remote Windows 8 or 10 desktop.

Multi-touch Remote

is made up of different hard drives that can HDD, SSD or a mixture of both. From here, highly available volumes can be created which can have extra redundancy and performance enhancements. The 'Spaces' that are created are technically virtual storage and more disk space can be added if capacity is running low. This is essentially Microsoft version of RAID, but with an easier interface for standard users.

A storage pool

(Active Directory Rights Management Services) can be used to define who can open, modify, print or forward a document.

AD RMS

is resources made available for partner organisations to access using a browser; this is classes as a private network.

An Extranet

is internal resources which are accessed using a browser; it is a private network. You may have one of these in your work place, using an internal web page, SharePoint etc.

An Intranet

also known as public-key cryptography, two mathematically related keys are used; one to encrypt and one to decrypt.

Asymmetric encryption

can also be used and will connect automatically on the launch of a specified set of applications.

Auto-Triggered VPNs

is a cloud-based directory and identity management service. It can be integrated with your on-premises AD DS, allows AD DS users to authenticate to Azure using existing credentials.

Azure Active Directory

Single Sign-On (SSO), which simplifies user access to thousands of cloud applications on Windows, Mac and iOS devices.

Azure Active Directory enables

you can encrypt an entire drive or simple volume; it requires a Trusted Platform Module (TPM) which is a chip on the motherboard. This chip generates and stores the actual encryption keys and automatically unlocks your PC's drive when it boots, you can then sign in just by typing your Windows login password. Without a TPM you would need extra authentication like a password or a digital key on a USB flash drive. It is important to note that BitLocker will encrypt the OS volume and any other drives should be encrypted using other encryption methods; such as BitLocker to go or EFS.

BitLocker Drive Encryption

means that you encrypt a removable storage device, commonly USB. Unlike BitLocker drive encryption the USB can be secured with a password or smartcard. You must be very careful with this one, if you copy a file from the encrypted drive to a nonencrypted drive the file will be decrypted.

BitLocker To Go

you can either access BitLocker from Control Panel or user the PowerShell cmdlet Manage-bde.

BitLocker can be managed

Allows you to control data access and governance even further than NTFS and share permissions. This means you can classify documents with tags, such as confidential, archive, or even a specific job role; classification can be added manually or automatically. Access to documents can also be controlled based on the configuration or health of the device trying to access it (making sure the device has an up to date AV etc.). Some documents can be classified as PII (personally identifiable information), you can then allow any HR member to view files with this tag.

Dynamic Access Control (DAC)

moving files to the encrypted folder will result in them being encrypted.

ESF encrypted folder (moving files to)

allows you to encrypt a file or folder so other users cannot access it. It is a feature of NTFS

Encrypting File System (EFS)

This file system is not really seen anymore but exFAT used in USB Flash drives and SD cards, the maximum file size on FAT 32 is 4GB

File Allocation Table (FAT)

is the industry standard which uses IPSec (IP Security). Port 1701

L2TP (Layer 2 Tunneling Protocol)

Microsoft Intune client needs to be installed. You need local administration rights on the device. To manage mobile devices however, the Company Portal app must be installed, and the user would self enrol using their Intune username.

Manage devices with Intune,

is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft managed data centres. It provides software as a service (SaaS), platform as a service and infrastructure as a service and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems.

Microsoft Azure

A cloud-based management solution that allows you to manage your computers when they are not inside your corporate network.

Microsoft Intune

Allows you to sign into different devices and access data that is synced across the devices; single sign-on to services such as Outlook, OneDrive, Windows Store

Microsoft account

Many devices offer encryption: Android devices provide an encryption option from the start-up menu and Windows 10 phones have a Device Encryption setting within the phone settings.

Mobile device encryption

uses a single key to encrypt and decrypt, both sender and receiver have the secret key.

Symmetric encryption

is a feature introduced in Windows 7, this feature allows you to view recently accessed documents from any program that is pinned to your taskbar. To do this, right-click on any program that has an icon in the taskbar, and it will bring up a list of recently modified documents; you can also pin documents to the jump list. You can then modify the configuration Taskbar properties to increase the number of items displayed in the jump lists.

The Jump List

is available in Windows 7 and 10; Windows 8 has the Start Screen and is highly customisable in Windows 10. In Windows 8.1, notifications about updates are shown on the Start Screen.

The Start Menu


Related study sets

AP GOV: BROWN V. BOARD OF EDUCATION (1954)

View Set

Ch. 13 Key Pediatric Nursing Interventions

View Set

ATI Mood Disorder and Suicide Questions

View Set

Spanish Technical Things (Pronouns, conjugation, negatives)

View Set

HR Management Test 2 Study Guide

View Set

Chapter 11 Assessment for Education: Achievement and Aptitude Tests

View Set

BUS 215 Ch6 - Variable Costing and Segment Reporting: Tools for Management

View Set