OS Process Management

Question 1

Which tool can be used to view and modify the Windows registry?

Answer 1

Regedit

Question 2

Your Windows server performance has degraded significantly. You need to determine if a specific service is consuming most of the CPU time. Which tool should you use?

Answer 2

Task Manager

Question 3

Which hardware security component can be used to store BitLocker encryption keys?

Answer 3

Trusted Platform Module (TPM)

Question 4

How does a Windows data collector set (DCS) differ from using Performance Monitor?

Answer 4

A DCS can be scheduled

Question 5

What is Patching

Answer 5

Patching involves applying updates to
software and systems to address
vulnerabilities

Question 6

What are the four steps in the Patch Management Process?

Answer 6

1. Scan for vulnerabilities
2. Examine vulnerability and identify missing patches
3. Deploy patches
4. Generate status report on patch update

Question 7

What are the four sub-categories of Configuration Management?

Answer 7

• Baseline
• Identification
• Version control
• Auditing

Question 8

What are the Risk Management Principles?

Answer 8

• Accept: acknowledge and accept certain risks when they are within tolerance levels
• Transfer: shift risk to another party through insurance or outsourcing
• Avoid: eliminate risks by not engaging in activities that pose the risk
• Mitigate: reduce or control risks through security measures

Question 9

Define policies and governance

Answer 9

• Policies: Guidelines and rules that define security practices and expectations
• Governance: Frameworks and processes for managing and enforcing policies.

Question 10

Define Threat Modeling

Answer 10

Threat Modeling a systematic approach to identifying and mitigating security threats

Question 11

What is the difference between a credentialed and a non-credentialed vulnerability scan?

Answer 11

• Credentialed scan: provides a much deeper insight into system misconfigurations and patch status
• Non-credentialed scan: limits the amount of detail obtained, but is more realistic from an external attacker’s perspective, as the scanner does not have valid login credentials for the target system

Question 12

When analyzing data to prioritize vulnerabilities, what factors should an analyst consider?

Answer 12

The analyst should consider the data classification of the information on the system, whether the system is internet-exposed, what services it offers, and its role (e.g., production, test, development)

Question 13

What type of issue might an analyst suspect if a vulnerability scan reports flags an administrator account with a password that never expires?

Answer 13

This issue indicates a misconfiguration or a lack of appropriate domain security policies that could affect many other systems on the network