Term
| What is a .inf file used for |
|
Definition
| Is a collection of configuration settings stored in security template |
|
|
Term
| What are the different switches for secedit.exe |
|
Definition
This command line to allows you to manage security templates:
/Configure, /Analyze, Import, /Export, /Validate, /GeneralRollback |
|
|
Term
| Where do you find the Security Templates Editor |
|
Definition
|
|
Term
| Where is the default security template for a newly promoted DC |
|
Definition
| Windows\Security\Templates\DC Security.inf |
|
|
Term
| What type of files does the SCW create |
|
Definition
|
|
Term
| What is the sytax of the commandline process for transforming a security policy into a GPO |
|
Definition
| scwcmd transform /p:"Contoso DC Security.xml” /g:"Contoso DC Security GPO” |
|
|
Term
| Where can the auditing nodes be found in GPOs |
|
Definition
| Computer Config\Windows Settings\Local Policies\Audit Policy |
|
|
Term
|
Definition
| Not all failure events are audited by default |
|
|
Term
|
Definition
| When you specify which properties to be audited they are cumlative. Full Control means that everything under Full Control will be audited |
|
|
Term
| Where do you configure auditing on an object such as a file/folder |
|
Definition
| Right-click and choose Properties>Select the Security Tab>Advanced Tab at the bottom>Audit Tab |
|
|
Term
| The are the steps to enabling auditing on files and folders |
|
Definition
Step1-From the Security tab in on the Properties of a folder/file press the Advanced button and enabling audting through the Auditing tab.
Step2-Create a GPO for the audit policy(Computer Config\Windows Settings\Security Settings\Local Settings\Local Polices\Audit Policy)and enable "Audit object access" |
|
|
Term
| Software Restriction Policies(SRPs) are based on what four characteristics |
|
Definition
| Hash(fingerprint),Certificate(Publisher),Path(UNC),Zone(Internet Zone) |
|
|
Term
|
Definition
| governs how an SRP repsonds to an application being run or installed. They are usually grouped together |
|
|
Term
| What is an SRP security level |
|
Definition
| Governs the way the OS reacts when the application defined in the rule is run |
|
|
Term
| What types of SRP Security Levels are available |
|
Definition
Disallowed(app will not run regardless of the rights of the user)
Basic User(software identified to run as standard user)
Unrestricted(Runs unrestricted by SRP) |
|
|
Term
|
Definition
Computer
Configuration\Windows Settings\Security Settings\Software Restriction Policies. |
|
|
Term
| What is the Default Security Level for and SRP if no rules are define |
|
Definition
| Unrestricted: Software Access is determined by the rights of the user |
|
|
Term
| **********REMEMEBER*********** |
|
Definition
| SRPs are not enabled by default in 2008R2 |
|
|
Term
| **********Remember******** |
|
Definition
| Implement ALL the necessary rules in Applocker when replacing SRPs as one Applocker rule will stop the processing of ALL SRPs |
|
|
Term
| What service MUST be running to support Applocker |
|
Definition
| Application Identity Service |
|
|
Term
| What is the path to configure Applocker |
|
Definition
| Computer Settings\Windows Settings\Security Settings\Application Control Policies\Applocker |
|
|
