Mod 9 Managing Post-Installation Administrative Tasks Flashcards

Question 1

Q

Managing Users and Groups

Mod 9.1 Managing Users and Groups
Objective 3.3

Answer

A

Windows
Local Users & Groups console:
- create, modify accounts, set password polices, disable or enable accounts, assign users to specific groups

Local Windows Groups:
- create groups on job or functions, add users to appropriate groups, assign permissions to groups, adjust access when users change roles

Linux
Users:
- command line “useradd”
- useradd: create a new user
- userdel: delete user
- usermod - modify user properties
- passwd - change user password

Groups:
- groupadd: create group
- groupdel: delete group
- groupmod: modify group properties
- usermod -G: add user to groups

Question 2

Q

Password Policies

Mod 9.1 Managing Users and Groups
Objective 3.3

Answer

A

Standard Password Guideline
- Min 12+ characters, complex (upper/lowercase, numbers, symbols)
- Expiration periods (30-90 days)
- Account lockout after failed attempts, password history

Password Auditing:
- Penetration testing tools: Kali Linux

Common Password Attacks
- Dictionary, Brute Force, Password spraying, Credential stuffing

Question 3

Q

Enforcing Password Policies

Mod 9.1 Managing Users and Groups
Objective 3.3

Answer

A

Windows
Local Security Policies or Group Policy (locally or domain wide)
- Password complex requirements
- Min password length, history (max/min password age)
- Account lockout thresholds, duration

Linux
Pluggable Authentication Modules (PAM) Comfiguration: /etc/pam.d/common-password
- min password length, required character types, dictionary word checks, password reuse restrictions
- phrases, multi-factor authentication, password manager

Question 4

Q

Multifactor Authentication

Mod 9.1 Managing Users and Groups
Objective 3.3

Answer

A

3 Types: use 2 type increase security
What you know
- only user knows, Password or passphrase, PIN number, security questions

What you have
- physical items, smart card, security token, mobile device (SMS or app verify)

What you are
- biometric id, fingerprint, facial recognition, retina or iris scan, voice recognition

Question 5

Q

Single Sign-On (SSO)

Mod 9.1 Managing Users and Groups
Objective 3.3

Answer

A

Single Sign-On: users to authenticate once gain access to multiple systems w/o re-entering credentials

improved user experience, reduced password fatigue, centralized authentication management
streamlined access control, simplified user provisioning & deprovisioning

Active Directory, LDAP, SAML, OAuth, Open ID Connect

Question 6

Q

Access Controls

Mod 9.1 Managing Users and Groups
Objective 3.3

Answer

A

Windows
File & Folder Security: NTFS permissions control access at the file system level
- Read, Write, Read & Execute, Modify, Full Control
NTFS Permissions:
- Read: View files and execute programs
- Change: Read capabilities plus ability to add, modify, and delete files
- Full Control: All permissions, including changing permissions
Share permissions: Everyone - Full Control
NTFS permissions: Specific granular permissions

Linux
Absolute Mode: permissions are added to Users, Groups, Others 3 digit code
4 = Read (r)
2= Write (w)
1 = Execute (x)
Ex:
755: Owner (rwx), Group (r-x), Others (r-x)
644: Owner (rw-), Group (r–), Others (r–)
777: Owner (rwx), Group (rwx), Others (rwx)

Symbolic Mode: uses letter to add Users, Groups, Others, All
u = user/owner
g = group
o = others
a = all (user, group, others)

Operations:
(+) = add permission
(-) = remove permission
(=) = set exact permission

Ex:
chmod u+x file: Add execute permission for owner
chmod go-w file: Remove write permission for group and others
chmod a=r file: Set read-only permission for all

Question 7

Q

Account Auditing

Mod 9.1 Managing Users and Groups
Objective 3.3

Answer

A

Account Auditing: track activities, detect suspicious behavior, ensure compliance

User Auditing: tracks individual, login attempts, resource access

Group Auditing: changes to group membership & permissions

Third-party Auditing: external tools provide advanced monitoring & reporting capabilities

Question 8

Q

Guidelines for Secure Admin

Mod 9.1 Managing Users and Groups
Objective 3.3

Answer

A

User Account Management
Password Security
Permission Management

Picture

Question 9

Q

Server Roles Requirements

Mod 9.2 Manage Server Functions
Objective 2.3

Answer

A

(1) General Servers
- File, Print, Web, Directory
(2) Database & Application
- Database servers, Application/Middleware, Messaging/Email
(3) Network Infrastructure
- DNS Servers, DHCP servers, VPN servers
(4) Virtualization
- VM hosts, Hypervisors, Container platforms
(5) Collaboration
- Chat servers, Video Conferencing, Document sharing

Directory Service Config
- Active Directory: provide centralized authentication & management of resources
- User/Computer account management, Group Policy application
- Resource organization, security implementation

Question 10

Q

Storage Management in Windows

Mod 9.2 Manage Server Functions
Objective 2.3

Answer

A

Separate OS & data drives
RAID levels, regular backup schedules
Monitor storage utilization, Planning for capacity growth

Linux Directory Structure
/root
- base of the Linux filesystem hierarchy containing all other
directories and files

/home
- personal directories for each user (/home/username)

/var
- variable data files change during system operations
- log files (/var/log), Spool directories (/var/spool), Temp files (/var/tmp), Database files (/var/lib)

swap
- special partition used as virtual memory when physical RAM is full
- configured during install, sized to RAM and workload

Question 11

Q

Virtual Memory

Mod 9.2 Manage Server Functions
Objective 2.3

Answer

A

Ubuntu Linux Swap Recommendations
- Less than 2GB RAM: 2x RAM size
- 2-8GB RAM: Equal to RAM size
- 8-64GB RAM: At least 4GB
- More than 64GB RAM: At least 8GB

Question 12

Q

Data Transfers

Mod 9.2 Manage Server Functions
Objective 2.3

Answer

A

Data Transfers: secure & reliable data transfer tool for server management

Windows
- Robocopy: robust file copy utility w/ resume capabilities
- XCOPY: Extended copy command w/ more options than standard copy
- WinSCP: GUI tool for secure file transfer using SCP/SFTP

Linux
- rysnc: fast, versatile file copying tool with delta-transfer algorithm
- scp: secure copy based on SSH protocol
- sftp: secure FTP for interactive file transfers

Question 13

Q

Administrative Interfaces

Mod 9.2 Manage Server Functions
Objective 2.3

Answer

A

Console: direct connection, where the sysadmin stands at the server using a keyboard and mouse directly connected to the device

Remote Desktop: GUI on a remote device port 3389, Windows = Windows RDP, Linux = X Windows, VNC

SSH: standard tool to connect to Linux servers and network devices

Web interface: manage Linux servers,

Question 14

Q

Monitoring

Mod 9.2 Manage Server Functions
Objective 2.3

Answer

A

Windows

Performance Monitor: track system metrics
- real time performance graphs, Data collector sets, custom alerts

Event Viewer: troubleshooting & monitoring server health
- System events, application logs, security audits, setup events, forwarded events

Question 15

Q

Monitoring

Mod 9.2 Manage Server Functions
Objective 2.3

Answer

A

Linux

top: command provides system performance
- system uptime, load averages, tasks running, sleeping, stopped, zombie
- CPU usage breakdown (user, system, idle)
- Memory usage (total, used, free, buffers)
- Process details sorted by resource usage

Sar (system activity reporter): collect, reports, saves system, activity info
- analyzing performance bottlenecks, tracking historical performance patters, capacity planning, generating performance reports

Uptime: provides quick overview of
- current time, system uptime duration, number of logged-in users, load average for 1, 5, 15 mins

du (Disk Usage): estimates file space usage
- disk usage by directory, human readable (-h), summarize totals only (-s)

df (Dick Free): available & used disk space
- reports filesystem capacity, mount points, percentage used

Question 16

Q

Monitoring

Mod 9.2 Manage Server Functions
Objective 2.3

Answer

Study These Flashcards

A

Enterprise environments often require more sophisticated
monitoring solutions

Ex: Nagios, Zabbix, PRTG, SolarWinds, and cloud-native monitoring services

Question 17

Q

Monitoring

Mod 9.2 Manage Server Functions
Objective 2.3

Answer

Study These Flashcards

A

Log File Management
(1) Log File Retention
- Define retention periods based on compliance requirements
- Implement log rotation to manage file sizes
- Archive historical logs for long-term storage
- Ensure sufficient storage for log files

(2) Log Shipping
- Forward logs to a central server
- Implement SIEM solutions for analysis
- Ensure secure transmission of log data

Question 18

Q

Hardware Hardening

Mod 9.3 Configure Server Hardening
Objective 3.5

Answer

Study These Flashcards

A

Disable Unneeded Components
- NIC, External USB ports, Audio Devices, Bluetooth

Configure Boot Order
- Secure Boot, OS as first boot device, full disk encryption

BIOS/UEFI Password
- Admin password, TPM or enhanced security

Question 19

Q

Operating System Hardening

Mod 9.3 Configure Server Hardening
Objective 3.5

Answer

Study These Flashcards

A

Remove Unneeded Services
- disable or remove applications, ID all running services

Change Default Settings
- change default ports for service, rename admin accounts, disable guest accounts, account lockout, file permissions

Configure Firewall
- block inbound traffic, restrict IP address

Question 20

Q

Application Hardening

Mod 9.3 Configure Server Hardening
Objective 3.5

Answer

Study These Flashcards

A

Applications updated w/security patches, remove or disable features, least privilege principles, secure authentication, disable automatic information collection