Implementing Your Strategy(not needed for exam) Flashcards

1
Q

What’s the benefit of using a baseline approach as a starting point for your security strategy?

A. A baseline approach allows you to fully customize all the rules according to your organization’s needs.
B. You set the rules without the need for guidance.
C. You transfer the risk from yourself by using an approved baseline that a reputable author/authority creates.

A

C. You transfer the risk from yourself by using an approved baseline that a reputable author/authority creates.

With a baseline approach, you follow a checklist of prescribed controls and settings that you can configure to the baseline that you and your organization’s security team have decided on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What action takes place before tailoring your baseline with ODVs?

A. Generate new rules
B. Customize rules
C. Generate inital guidance

A

C. Generate inital guidance

Before you tailor your baseline, you should create documentation in the form of initial guidance to direct conversations with your security team and make important security-related decisions about which rules to include, omit, and customize in your security strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When discussing baselines and rules, which items CANNOT be properly tailored?

A. Rules
B. Benchmarks
C. Baselines

A

B. Benchmarks

You can edit a baseline by omitting rules, and you can edit rules by changing their values. But controls that the benchmark authors publish are intended to be measured against.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why must you generate revised guidance after tailoring a baseline?

A. The revised guidance removes any previous settings that were generated every time a baseline is tailored.
B. You must generate revised guidance every time you change a new setting in the baseline.
C. It allows you to scan and compare your current endpoint devices against the custom benchmark that you create based on your security plan.

A

C. It allows you to scan and compare your current endpoint devices against the custom benchmark that you create based on your security plan.

You use this guidance to scan your endpoints and bring them into compliance using the compliance script that you generate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s the purpose of the auditor guide?

A. This file runs checks and fixes on controls to modify any rules that require customization.
B. This file contains a report that auditors can submit to security teams to show compliance.
C. This file helps an auditor spot check controls and identify any customizations of rules.

A

C. This file helps an auditor spot check controls and identify any customizations of rules.

If rules were customized using the custom directory, then the .xls auditor guide can identify which customizations were implemented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What tasks does the compliance script perform?

A. It compares the settings in the managed endpoint computer with the guidance. Then it changes the settings that reflect a fail status so that the Mac computer is in compliance with the baseline rules.

B. It compares the settings in the managed endpoint computer with a computer that’s in compliance. Then it builds a list of results that reflects the pass or fail status of how each setting complies with those specified in the baseline’s rules.

C. It compares the settings in the managed endpoint computer with the guidance. Then it builds a list of results that reflects the pass or fail status of how each setting complies with those specified in the baseline’s rules.

A

C. It compares the settings in the managed endpoint computer with the guidance. Then it builds a list of results that reflects the pass or fail status of how each setting complies with those specified in the baseline’s rules.

The script creates output files that you can use to check and fix those settings that are out of compliance with the rules specified in the guidance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

On macOS, which of the following isn’t used by the mSCP Security Compliance Tool to remediate?

A. Manually
B. Configuration profiles
C. Blueprints

A

C. Blueprints

You can’t use Apple Configurator Blueprints with the mSCP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

While reviewing a rule in the auditor guide, what information does the Mechanism column contain?

A. It shows a description of the setting.
B. It shows the name of the setting.
C. It describes the method by which a noncompliant rule will be remediated.

A

C. It describes the method by which a noncompliant rule will be remediated.

A mechanism is a method that you use to remediate the settings that failed and then achieve compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which column in the auditor guide contains customized ODVs?

A. Title
B. Mechanism
C. Modified Rule

A

C. Modified Rule

This column contains any customized ODVs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the -x option do in the generate_guidance.py script?

A. It excludes rules defined in a baseline with a specified tag.
B. It generates reference documentation for the supplied baseline.
C. It creates mitigation scripts for extra rules defined in the custom rules folder.

A

B. It generates reference documentation for the supplied baseline.

The -x option generates baseline documentation in AsciiDoc, HTML, .xls, and PDF formats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which term describes the process used to select which rules to include in a baseline?

A. Customizing
B. Streamlining
C. Tailoring

A

C. Tailoring

The process used to select which rules to include in a baseline is called tailoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When using the generate_baseline.py script to customize rules for a baseline, what does the -t option do?

A. It performs an audit on a specified baseline.
B. It adds a timestamp to the generated baseline.
C. It runs the script in interactive tailoring mode.

A

C. It runs the script in interactive tailoring mode.

In this mode the script asks you for custom input values for each rule in the custom benchmark.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Where should you put modified rules that you want to include in the output that the generate_baseline.py script generates?

A. In the project’s rules directory
B. In the project’s build directory
C. In the project’s includes directory
D. In the project’s custom/rules directory

A

D. In the project’s custom/rules directory

Modified rules should be placed in the custom/rules directory to be included in any custom baselines that the generate_baseline.py script generates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When adding a custom rule that’s not part of the mSCP, where must you add the reference to your custom rule so that it’s included in the generated output?

A. At the end of the supported_payloads.yaml file
B. On a new line in an org.baseline.plist file in the project’s includes directory
C. On a new line in the appropriate section in your custom baseline file with a reference to the rule ID contained in your custom rule

A

C. On a new line in the appropriate section in your custom baseline file with a reference to the rule ID contained in your custom rule

A baseline file contains a separate line for each included rule with a reference to the rule ID defined in the associated rule file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which script is used to create profiles, plists, and documentation for a tailored baseline?

A. generate_baseline.py
B. generate_guidance.py
C. cis_lvl1-CUSTOMIZED_compliance.sh

A

B. generate_guidance.py

This script generates all of the output files related to a tailored baseline.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

After running the script to generate output for a tailored baseline called my_custom_baseline, which subdirectory contains .plist files that you can import into your MDM solution as custom configuration profiles to enforce the rules defined in your tailored baseline?

A. /my_custom_baseline/preferences
B. /my_custom_baseline/mobileconfigs/unsigned
C. /my_custom_baseline/mobileconfigs/preferences

A

C. /my_custom_baseline/mobileconfigs/preferences

You can import the files in this subdirectory into your MDM solution and use them to enforce the rules defined in your tailored baseline.

17
Q

After running the script to generate output for a tailored baseline called my_custom_baseline, which subdirectory contains a file that you can use to set explicit exemptions to rules on an endpoint computer so that compliance checks can succeed without findings?

A. /my_custom_baseline/preferences
B. /my_custom_baseline/mobileconfigs/unsigned
C. /my_custom_baseline/mobileconfigs/preferences

A

A. /my_custom_baseline/preferences

You can use the file in this subdirectory to set explicit exemptions to rules on an endpoint computer.

18
Q

After running the script to generate output for a tailored baseline called my_custom_baseline, which file is specifically formatted for an auditor to help them more easily spot check controls and identify any customizations of rules?

A. my_custom_baseline.adoc
B. my_custom_baseline.html
C. my_custom_baseline.xls

A

C. my_custom_baseline.xls

The information in this file is formatted in a spreadsheet table, making it easier for an auditor spot check controls and identify any customizations of rules.

19
Q

Which script did you use in section 6 to scan your endpoint computer against your tailored baseline?

A. generate_baseline.py
B. generate_guidance.py
C. cis_lvl1-CUSTOMIZED_compliance.sh

A

C. cis_lvl1-CUSTOMIZED_compliance.sh

This script is used to scan your endpoint computer for compliance against your tailored baseline.

20
Q

Which of the following contains the definitions for the remediation mechanisms for the rules defined in a tailored baseline called cis_lvl1-CUSTOMIZED?

A. /Library/Logs/cis_lvl1-CUSTOMIZED_baseline.log
B. /build/cis_lvl1-CUSTOMIZED/cis_lvl1-CUSTOMIZED.xls
C. /Library/Preferences/org.cis_lvl1-CUSTOMIZED.audit.plist

A

B. /build/cis_lvl1-CUSTOMIZED/cis_lvl1-CUSTOMIZED.xls

The auditor guide contains the remediation instructions for rules defined in a tailored baseline, including the mechanisms.

21
Q

When reviewing the audit log after a compliance scan, how do findings appear for rules whose check results don’t match the guidance defined in the baseline?

A. 1
B. True
C. Failed

A

C. Failed

The audit log displays a finding of Failed for rules whose check results don’t match the guidance defined in the baseline.

22
Q

Which remediation method was applied to your customized Disable Screen Sharing and Apple Remote Desktop rule?

A. Manual
B. Script
C. Configuration Profile

A

A. Manual

You and your security team made the RBD to remove the remediation instructions for this rule and to include documentation of your decision.

23
Q

Which remediation method was applied to your customized AirDrop Contacts Only rule?

A. Manual
B. Script
C. Configuration profile

A

C. Configuration profile

You implemented this custom rule’s remediation in your tailored baseline by adding a custom key to the com.apple.sharingd configuration profile.

24
Q

After running the cis_lvl1-CUSTOMIZED_compliance.sh script on your test endpoint computer against your tailored baseline, you notice in the audit log that one of the custom rules with a configuration profile remediation mechanism failed. What’s the most likely reason?

A. The profile was unsigned.
B. The profile wasn’t installed on the machine prior to running the scan.
C. The compliance script checks only rules with script remediation mechanisms.

A

B. The profile wasn’t installed on the machine prior to running the scan.

In order for rules with configuration profile mechanisms to pass a compliance scan, you should install the configuration profiles on your test endpoint Mac before you run a compliance scan.

25
Q

When running the the cis_lvl1-CUSTOMIZED_compliance.sh script in noninteractive mode, which option displays the compliance % results at the end of the scan?

A. –cfc
B. –check
C. –stats

A

C. –stats

You use this option when running the compliance script in noninteractive mode to generate results for passed, failed, and compliance completion percentages that will be displayed at the end of the scan.