Test 3

Question 1

What are the special “folders” that we create within Active Directory users and computers actually called?

Answer 1

Organizational Units

Question 2

What can be applied to the special “folders” within Active Directory users and computers to help control things like password policies and resource access rights?

Answer 2

Group Policy Objects

Question 3

What is the full name for Microsoft’s patch management solution that is baked into Windows Server?

Answer 3

Windows Server Update Services

Question 4

What web server component gets installed along with Microsoft’s baked in patch management role?

Answer 4

IIS [Internet Information Services]

Question 5

What command did we run to “push out” changes that we made to Active Directory policies?

Answer 5

gpupdate / force

Question 6

Making sure those who should be able to access the data they need is known as this part of the CIA triangle…

Answer 6

Availability

Question 7

What do each of the CIA letters stand for in the CIA triangle?

Answer 7

Confidentiality, Integrity, Availability

Question 8

What is data integrity?

Answer 8

Making sure data has not been tampered with or erroneously altered; either purposefully or accidentally

Question 9

This is the second A in the AAA of infosec and is the second step of what happens when you log into a machine

Answer 9

Authorization

Question 10

This is the type of “ticket” that windows Active Directory servers issue to a user when they authenticate; it is what is used to authorize access to devices and data

Answer 10

Kerberos

Question 11

When a user enters in their username and password, it is this first A of the AAA of infosec

Answer 11

Authenication

Question 12

This windows server role allows us to manage all phases of authentication, including password policies

Answer 12

Active Directory

Question 13

If I download a list of “known passwords” to use in a password attack, that list would be known as what?

Answer 13

Dictionary

Question 14

Give me the two password settings that can prevent a user from re-using the same password

Answer 14

Minimum password age and password history

Question 15

Password “strength” is a measurement of these two variables

Answer 15

Length and complexity

Question 16

The material that is contained in most UPS batteries…

Answer 16

Lead

Question 17

The main vertical structures of a rack that support everything else are known as these; they come in 2 or 4 varieties…

Answer 17

Posts

Question 18

These are the horizontal metal pieces that the servers and other rack mountable devices actually attach to…

Answer 18

Rails

Question 19

These are the numbers that are written in the vertical structure pieces of a rack

Answer 19

Rack units

Question 20

This is the typical width of server racks; in fact, they will actually be referred to as ___ racks

Answer 20

19 inches

Question 21

What is the name of the approach you should take to patch management?

Answer 21

One, some, many

Question 22

What does mitigation mean?

Answer 22

Ways to reduce risk

Question 23

Software that tells a piece of hardware how it is to operate and requires a special process known as flashing to update it is known as…

Answer 23

Firmware

Question 24

A Microsoft update that is securing against a vulnerability that could be used to spread an internet work would be given this rating…

Answer 24

Critical

Question 25

A vulnerability that, while not allowing the creation of a worm, may lead to the compromise of the CIA triangle would be given this Microsoft severity rating…

Answer 25

Inportant

Question 26

Software that is no longer being supported is known.L to have reached this…

Answer 26

EOL [End of Life]

Question 27

When you require an extra step for authentication beyond just the user’s password… a biometric could be one

Answer 27

Multifactor

Question 28

A vulnerability whose exploitation is protected against by default configuration and auditing would probably be given this Microsoft severity rating

Answer 28

Moderate

Question 29

These oft overlooked devices can be used as “bastion hosts” to launch further attacks against a network; please do make sure to patch and secure them…

Answer 29

Printers

Question 30

The “new” type of surgical ion that we talked about in class. It may allow us to move beyond passwords, but it is currently struggling with vendor lock in issues

Answer 30

Passkeys

Question 31

Giving users ONLY the permissions they need to get their job done is known as this technology concept…

Answer 31

Least privilege

Question 32

To force a specific Lock Screen, you would need to configure a setting under this main section of a GPO

Answer 32

Computer settings

Question 33

When setting permissions on the security tab in windows, yoh are said to be setting these filesystem permissions

Answer 33

NTFS

Question 34

If I remove your ability to change your screensaver via group policy, it can be said that I remove a user ____ from your account

Answer 34

Right

Question 35

Name the only time that an allow permission can override a deny permission with the appropriate terminology

Answer 35

When the deny is IMPLICIT and the allow is EXPLICIT

Question 36

What a backup gets everything on a machine it is known as this type of backup…

Answer 36

Full

Question 37

This type of backup backs up just files that have changed since the last backup; no matter what type of backup the previous one was

Answer 37

Incremental

Question 38

Name the two storage appliance types that are anagrams and often use technologies like RAID and ISCSI to achieve a large amount of storage that can be network accessible for things like backup or running virtual machines from…

Answer 38

SAN or NAS

Question 39

This type of backup will allow you to restore to a machine with a very similar hardware layout; in case a major component of your system dies

Answer 39

Bare metal

Question 40

This Microsoft technology exposes a point-in-time snapshot of a drive so that things that are normally locked [like open files or running databases] can be backed up

Answer 40

Shadow copies

Question 41

This technology is NOT a form of backup in itself, but might be used as a place to store backup files if configured with an appropriate level to achieve redundancy to provide fault tolerance

Answer 41

RAID

Question 42

This type of backup gets everything that has been modified since the last full backup; no matter how many other types of backups have been run in between

Answer 42

Differential

Question 43

This was a previous gold standard for large amounts of long term storage and is often still used by companies today for offsite archival purposes

Answer 43

Magnetic tape

Question 44

If you are backing up “to the cloud”, then tech/business types would probably refer to it as this type of backup

Answer 44

Off prem

Question 45

What is the 3,2,1 rule of backup?

Answer 45

3 copies of any important file, stored on 2 different types of storage media, and 1 copy should be stored off site

Question 46

What f do it’s GPO stand for?

Answer 46

Group Policy Object?

Question 47

Setting this password policy will force a user to have to change their password if it is older than the setting

Answer 47

Max password age

Question 48

This is the name of the one “default” GPO that exists when you first setup Active Directory and applied across your entire domain

Answer 48

Default Domain Policy

Question 49

This password setting includes that the user cannot use more than 2 consecutive characters from their first/last name or username

Answer 49

Password must meet complexity requirements

Question 50

These are the two password policies you can set in a GPO that work together to thwart brute force and/or dictionary attacks

Answer 50

Lockout threshold and lockout duration

Question 51

This is an exploit for which there currently is no patch available from the vendor

Answer 51

Zero day

Question 52

These items that add functionality to your web browser often have vulnerabilities that are found within them abd should be patched regularly

Answer 52

Plug-ins or extensions

Question 53

If I go public with proof of concept code without letting the vendor of the vulnerable program I just exploited know, I have practiced this

Answer 53

Unethical disclosure

Question 54

If I prevent machines at my company from being exploited by disabling 16-but software support until Microsoft can release a patch, I have practiced one of these; 2 possible answers

Answer 54

Mitigating factors or workaround

Question 55

This AV technology tries to identify threats which it does not have specific definitions or signature files for by suspect actions a piece of malware might be taking; like writing to kernel memory

Answer 55

Heuristics

Question 56

This backup technology shrinks data that is stored in a storage medium down to a smaller size for storage/transmission in one of several ways

Answer 56

Compression

Question 57

This backup technology aims to prevent storing multiple copies of the same file in backup sets to reduce overall storage needs

Answer 57

Deduplication

Question 58

If you want to keep a new folder you just created from getting permissions from the folder that contains it then you need to do this…

Answer 58

Disable inheritance

Question 59

If a user changes positions at you organization several times and never has their old permissions removed, they are getting these; no fault of their own

Answer 59

Creeping privileges

Question 60

Microsoft has rebranded service packs to these new forms of a patch that contains all updates that have been released up until a certain point of time

Answer 60

Feature updates