Systems

Question 1

What is an operating system (OS) really doing?

Answer 1

It acts as the middle layer between hardware and applications—managing CPU, memory, storage, processes, and user access so software can run.

Question 2

Why is the OS critical for security?

Answer 2

Because it controls access, permissions, processes, and system behavior—if compromised, the entire system is compromised.

Question 3

What is a process in a system?

Answer 3

A running instance of a program that consumes system resources like CPU and memory.

Question 4

Why do ISSOs care about processes?

Answer 4

Malicious processes can indicate compromise or unauthorized activity.

Question 5

What is memory (RAM) used for?

Answer 5

Temporary storage for active processes and data being used by the system.

Question 6

What is a server at a technical level?

Answer 6

A system designed to provide services, resources, or data to multiple clients over a network.

Question 7

What is an endpoint?

Answer 7

A user-facing device like a laptop or workstation used to access systems.

Question 8

Why are servers higher risk than endpoints?

Answer 8

They host critical services and multiple users depend on them—compromise has wider impact.

Question 9

Give examples of servers.

Answer 9

Domain controller, web server, database server, file server.

Question 10

Give examples of endpoints.

Answer 10

Laptops, desktops, tablets.

Question 11

What is authentication?

Answer 11

Verifying identity (username/password, smart card, etc.)

Question 12

What is authorization?

Answer 12

Determining what a user is allowed to access.

Question 13

Why is least privilege important?

Answer 13

It limits damage if an account is compromised.

Question 14

What happens if users have excessive privileges?

Answer 14

Increased risk of accidental or malicious system compromise.

Question 15

What is system configuration?

Answer 15

Settings that control how a system operates (security, services, access).

Question 16

Why is configuration critical for security?

Answer 16

Misconfigurations are one of the most common vulnerabilities.

Question 17

What is hardening in system terms?

Answer 17

Reducing vulnerabilities by securing configurations and disabling unnecessary features.

Question 18

Example of hardening?

Answer 18

Disabling unused services or enforcing password policies.

Question 19

What is a service?

Answer 19

A background process that performs a specific function (e.g., web server, authentication service).

Question 20

Why are services important for security?

Answer 20

Each service is a potential attack vector.

Question 21

What happens if unnecessary services are running?

Answer 21

Increased attack surface.

Question 22

What is patching?

Answer 22

Installing updates that fix bugs or security vulnerabilities.

Question 23

Why is patching critical?

Answer 23

Many attacks exploit known vulnerabilities that patches fix.

Question 24

What happens if systems are not patched?

Answer 24

They remain vulnerable to known exploits.

Question 25

What are system logs?

Answer 25

Records of system activity (logins, errors, events).

Question 26

Why are logs important?

Answer 26

They help detect and investigate suspicious activity.

Question 27

What would suspicious log activity look like?

Answer 27

Multiple failed logins, unusual login times, unknown processes.

Question 28

Why must ISSOs understand systems?

Answer 28

To verify security configurations and identify risks.

Question 29

What is the “attack surface” of a system?

Answer 29

All potential entry points (services, ports, accounts).

Question 30

How do you reduce attack surface on a system?

Answer 30

Disable services, close ports, apply STIGs, enforce policies.

Question 31

If a server is compromised, what is the impact?

Answer 31

Data exposure, service disruption, lateral movement.

Question 32

If an endpoint is compromised, what is the risk?

Answer 32

Credential theft and potential lateral movement.

Question 33

Why are domain controllers critical?

Answer 33

They control authentication for the entire domain.

Question 34

What happens if admin credentials are compromised?

Answer 34

Full control over systems and possibly the entire network.

Question 35

Why is system security layered?

Answer 35

To prevent a single failure from causing total compromise.

Question 36

What is defense-in-depth?

Answer 36

Multiple layers of security controls to protect systems.

Question 37

Why is disabling unused services important?

Answer 37

It removes unnecessary entry points for attackers.

Question 38

Why must ISSOs understand system roles?

Answer 38

To prioritize risk based on system importance.

Question 39

What is the relationship between systems and vulnerabilities?

Answer 39

Vulnerabilities exist within systems and must be identified and fixed.

Question 40

What is your role as an ISSO regarding systems?

Answer 40

Ensure systems are configured securely, compliant, and free of vulnerabilities.