Flashcards in IS3340 CHAPTER 7 Deck (25):
A evaluation of a collection of one or more objects is called an ___?
A collection of configuration settings often collected and saved for the purposes of comparing to other similar collections of configuration settings is called ___?
A structured collection, or collection of specific item versions.
An easy-to-use tool that evaluates the current security state of computers in accordance with Microsoft security recommendations is called __?
MICROSOFT BASELINE SECURITY ANALYZER (MBSA)
A graphical user interface framework that provides a centralized method to manage software components on Windows computers and is called ___?
MICROSOFT MANAGEMENT CONSOLE (MMC)
A security scanner from Shavlik that scans and analyzes the patch status of product MBSA does not support is called ___?
This also has a Limited version.
A consumer-based vulnerability scanner from Secunia that searches for vulnerable or out-of-date programs and plug-ins is called ___?
This runs in a Web browser and does not need to be installed on the computer it is scanning.
ONLINE SOFTWARE INSPECTOR (OSI)
The process of comparing real computer configurations with known baselines for the purpose of documenting the pertinent differences with secure settings and similarities to insecure settings is called ___?
A tool that helps administrators to analyze a computer and compare its configuration settings against a baseline is called ___?
SECURITY CONFIGURATION AND ANALYSIS (SCA)
A text file that contains a list of configuration settings is called ___?
An administrative program designed to run in the MMC is called ___?
1. A baseline is the initial settings in a newly installed system.
TRUE OR FALSE
2. A baseline, also called a ___, is a collection of settings at a specific point in time.
3. Which Microsoft tool analyzes a computer's settings and compares its configuration to a baseline?
4. Stored settings that comprise a baseline are stored in which type of files?
1. Baseline configuration
2. Baseline database
3. Security template
4. Security object
5. The Security Configuration and Analysis tool operates as a snap-in to the ___?
6. Which command line tool provides the same scanning capability as SCA?
7. Which of the following products does MBSA NOT analyze?
2. SQL Server
3. Adobe Acrobat
4. Windows 7
8. MBSA automatically ranks vulnerabilities by severity.
TRUE OR FALSE
9. Which command line tool provides the same scanning capability as MBSA?
10. Which security scanner looks for weak passwords?
3. NetChk Protect
11. What does NetChk Protect Limited do that MBSA does not do?
1. Scans the latest Microsoft products
2. Scans legacy Microsoft products
3. Scans all Microsoft products
4. Scans selected Microsoft products
Scans legacy Microsoft products
12. Which security scanner runs in a Web browser and doesn't require that you install a product before scanning?
1. NetChk Protect Limited
13. Which of the following statements best describe the relationship between profiling and auditing?
1. Auditing is often a part of profiling
2. Profiling is often a part of auditing
3. Profiling and auditing are interchangeable terms
4. If auditing is in place profiling is not necessary
Profiling is often a part of auditing
14. When designing an audit strategy, you should log access attempts on the ___ number of objects.