Windows Security Policy

Question 1

foundational principles that guide the design, implementation, and management of security measures to protect information systems and data

Answer 1

security concepts

Question 2

1) Ensures sensitive information is accessible only to authorized individuals
2) Ensures data remains accurate, consistent, and unaltered
3) Ensures systems and data are accessible when needed by authorized users

Answer 2

confidentiality;
integrity;
availability

Question 3

A layered security approach that employs multiple security measures to protect information and resources within the organization

Answer 3

defense in depth

Question 4

Prioritizing and integrating security measures into the development and design of systems and software

Answer 4

security by design

Question 5

Ensures that the default software configuration settings are the most secure settings possible

Answer 5

security by default

Question 6

An integrated antivirus and anti-malware solution that provides real-time protection against threats such as viruses, spyware, and other malicious software;
enhanced threat detection & response

Answer 6

Windows Defender

Question 7

A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules;
Inbound and outbound rules to control network traffic

Answer 7

Windows Firewall

Question 8

a centralized database used to store configuration settings for the OS, hardware, software, and user preferences;
Organized in a hierarchical structure where each top-level node is called a _____

Answer 8

Registry hive; hive

Question 9

Fundamental components that act as containers for subkeys and values that store configuration settings;
help store settings for the operating system, applications, and hardware

Answer 9

registry keys

Question 10

Similar to folders in a file system, they can contain subkeys and values;
subkeys are nested within other keys
values are data entries stored within keys, each having name, type, & data

Answer 10

Hives/keys

Question 11

MASTER KEY (1/2);
registry key that contains configuration information for the local machine, including hardware, software, and system settings

Answer 11

HKEY_LOCAL_MACHINE (HKLM)

Question 12

MASTER KEY (1/2);
Stores user-specific settings for all users’ profiles on the system;
each user profile is represented by a subkey named after the user’s Security Identifier (SID)

Answer 12

HKEY_USERS (HKU)

Question 13

Stores settings and preferences for the currently logged-in user, such as desktop settings and user-specific software configurations;
derived key (1/3)

Answer 13

HKEY_CURRENT_USER (HKCU)

Question 14

Holds information about file associations and registered COM Objects; merges information from HKLM\Software\Classes and HKCU\Software\Classes;
derived key (1/3)

Answer 14

HKEY_CLASSES_ROOT (HKCR)

Question 15

Contains hardware configuration information used at system startup. It points to the current hardware profile settings in HKLM\SYSTEM\CurrentControlSet\
derived key (1/3)

Answer 15

HKEY_CURRENT_CONFIG (HKCC)

Question 16

**the actual data entries within Registry keys that store configuration settings and other necessary information for the operating system and applications;
each contains all 3 components of Name, Type, & Data

Answer 16

Registry values

Question 17

**A fixed-length text string

Answer 17

String Value (REG_SZ)

Question 18

**used for configuration settings and flags;
32-bits

Answer 18

DWORD Value (REG_DWORD)

Question 18

**hardware component information;
binary data

Answer 18

Binary Value (REG_BINARY)

Question 19

**A variable-length string that can contain environment variables that are expanded when the value is retrieved

Answer 19

Expandable String Value (REG_EXPAND_SZ)

Question 19

**used for more extensive data storage;
64 bit

Answer 19

QWORD Value (REG_QWORD)

Question 20

**A sequence of null-terminated strings, used for lists of items

Answer 20

Multi-String Value (REG_MULTI_SZ)

Question 21

**utilities and applications designed to access, view, edit, and manage the Windows Registry;
help users configure system settings, manage policies, and troubleshoot issues

Answer 21

Windows Registry tools

Question 22

**command-line utility that allows users to interact with the Windows Registry by querying, adding, modifying, and deleting registry keys and values;
enables exporting, importing, adding, deleting, and modifying registry keys and values through the command prompt

Answer 22

Command-Line Tools (reg.exe)

reg query- Retrieve registry data from specified keys or values
reg add- Add a new registry key or value
reg delete
reg export or import

Question 22

**A management console used to configure local policies on the computer & enforce them, including registry settings; used in enterprise environments for controlling user and computer policies

Answer 22

Group Policy Editor (gpedit.msc)

Question 22

**A graphical tool for viewing and editing the Windows Registry; Allows users to navigate the Registry tree, create, modify, and delete keys and values; provides a Graphical User Interface (GUI) to navigate the hierarchical structure of the Registry

Answer 22

Registry Editor (regedit.exe)

Question 23

specialized commands for managing registry data;

Answer 23

cmdlets

Question 23

advanced scripting capabilities to interact with the Windows Registry; cmdlets; scripting; pipelining

Answer 23

PowerShell

Question 24

**way to protect files; protects critical system files (such as .dll, .exe, .sys files) and specific registry keys essential for the operating system’s proper functioning; 5 key components

Answer 24

Windows Resource Protection (WRP); Access Control List (ACLs), System File Checker (SFC), TrustedInstaller Service, File Protection & Registry Protection

Question 25

scans and verifies the integrity of all protected system files

Answer 25

System File Checker (SFC)

Question 26

___ ___ and keys cannot be changed by most applications, including malware, ensuring the integrity of the operating system

Answer 26

protected files

Question 27

____ ____ are foundational principles that guide the design, implementation, and management of security measures to protect information systems and data

Answer 27

security concepts

Question 28

Availability can sometimes be referred to as

Answer 28

denial prevention

Question 28

the overall security strength and resilience against cyber threats; security measures implemented within a system to protect against vulnerabilities and threats

Answer 28

Windows System Security Posture

Question 29

a collection of settings in Windows that can be used to establish a security auditing system for your local computer or the entire network; help identification, improvement, investigation, & review

Answer 29

audit policy

Question 30

Audit policies include ____, which are generated by the auditing system to capture activity data, & _____, which are recorded details about user actions, system changes, and access attempts

Answer 30

logs & events

Question 31

What are the common forms of persistence within the Windows Registry

Answer 31

Run and RunOnce Keys, services, scheduled tasks

Question 32

32-bit number, often used for config settings and flags

Answer 32

DWORD Value (REG_DWORD)

Question 33

variable-length string that can contain environment variables

Answer 33

expandable string value (REG_EXPAND_SZ)

Question 34

a fixed length text string

Answer 34

string value (REG_SZ)

Question 35

a sequence of null-terminated strings, used for a list of items

Answer 35

multi-string value (REG_MULTI_SZ)

Question 36

raw binary data, used for hardware component information

Answer 36

binary value (REG_BINARY)

Question 37

owns and protects critical system files and registry keys

Answer 37

TrustedInstaller Service

Question 38

a component of the Windows Registry that contains user-specific settings for all users' profiles on the system

Answer 38

HKU

Question 39

real-time protection against threats, regular updates, and cloud-based protection

Answer 39

Windows Defender