Card Set Information

2011-01-09 20:14:49

Securing Windows Day 1: Active Directory and DNS
Show Answers:

  1. What is RSAT?
    Remote Server Administration Tools. Replaces the Admin pack.
  2. Command-Line tool that displays permissions on AD objects.
  3. Command-line tool that can manage ACLs on AD objects (good for scripts!)
  4. Command-line tool to view or delete AD permissions.
  5. Command-line tool for LDAP and permissions browsing.
  6. Command-line tool that checks the security descriptor of AD objects.
  7. Command-line tool that manages trusts and computer domain memberships.
  8. Command-line tool that manages netlogon service and DC's, updated for AD.
  9. Command-line tool that can import/export AD data to a CSV
  10. Command-line tool that can import/export bulk AD data to a text file.
  11. Command-line tool that can move objects between domains.
  12. Command-line tool that adds objects to AD.
  13. Command-line tool that displays properties of selected AD objects.
  14. Command-line tool that can modify objects in AD.
  15. Command-line tool that can move or rename objects in AD
  16. Command-line tool that find types of objects in AD.
  17. Command-line tool that can remove or delete objects in AD
  18. Command-line tool:
    Comprehensive troubleshooting diagnostics
  19. Command-line tool:
    Troubleshooting and managing DNS.
  20. Command-line tool:
    Compares AD data between multiple servers.
  21. Command-line tool:
    Maintain AD store, manage FSMO servers, clean metadata, perform AD recovery tasks, delegate roles, and more.
  22. Command-line tool:
    Tests operation of IP, DNS, Trusts, Kerberos, etc.
  23. Command-line tool:
    Maintain AD store, manage FSMO servers, clean metadata, perform AD recovery tasks and more.
    NTDSUTIL.exe DSMGMT.exe can also do this plus delegation of roles.
  24. Command-line tool:
    Monitor and manage replication links and the KCC. This is something like a command-line version of REPLMON.exe
  25. GUI tool for LDAP quering and editing.
  26. GUI tool to display and manage replication and links.
  27. VBScripts that use COM+ components to create mirror user, group and computer accounts in another domain which possess the same SIDs as the originals.
    • Clonepr.dll
    • Clone-gg.vbs
    • Clone-ggu.vbs
    • Clone-lg.vbs
    • Clone-pr.vbs
    • Sidhist.vbs
    • ADsSecurity.dll
    • ADsError.dll
  28. Free tool for restoring deleted AD objects
    ADRESTORE.exe from Sysinternals
  29. JoeWare tool for deleting old computer or user accounts
  30. True or False: The Active Directory Services Interface (ADSI) exposes and interface for the scripting management of any vendor's directory services including Windows AD
    Microsoft Exchange Server
    IBM Lotus Notes
  31. LDAP ports
    LDAP servers listen on ports TCP 389 and 636 by default. The Global Catalog service listens on ports TCP 3268 and 3269. LDAP over SSL uses TCP 636 and 3269 and requires a cert on the domain controller.
  32. Windows ports:
    TCP 3268
    Global Catalog with LDAP
  33. Windows ports:
    TCP 3269
    Global Catalog with LDAP and SSL encryption
  34. Windows ports:
    TCP 544
    Kerberos KSHELL
  35. Windows ports:
    TCP & UDP 464
    Kerberos Passwords
  36. Windows ports:
    TCP & UDP 88
    Kerberos Secure Authentication
  37. Windows ports:
    TCP 636
  38. Windows ports:
    TCP & UDP 389
  39. Windows ports:
    UDP 137
    NetBIOS query requests
  40. Windows ports:
    UDP 138
    NetBIOS query responses
  41. Windows ports:
    TCP 139
    NetBIOS Session ( for SMB or CIFS)
  42. Windows ports:
    TCP 135
    RPC mapper
  43. Windows ports:
    TCP 445
    SMB without NetBIOS (CIFS)
  44. Windows ports:
    TCP 3389
    Terminal Server
  45. Windows ports:
    TCP 42
    WINS Replication
  46. Windows ports:
    Global Catalog with LDAP
    TCP 3268
  47. Windows ports:
    Global Catalog with LDAP and SSL encryption
    TCP 3269
  48. Windows ports:
    Kerberos KSHELL
    TCP 544
  49. Windows ports:
    Kerberos Passwords
    TCP & UDP 464
  50. Windows ports:
    Kerberos Secure Authentication
    TCP & UDP 88
  51. Windows ports:
    TCP 636
  52. Windows ports:
    TCP & UDP 389
  53. Windows ports:
    NetBIOS query requests
    UDP 137
  54. Windows ports:
    NetBIOS query responses
    UDP 138
  55. Windows ports:
    NetBIOS Session
    TCP 139
  56. Windows ports:
    RPC Mapper
    TCP 135
  57. Windows ports:
    SMB without NetBIOS
    TCP 445
  58. Windows ports:
    Terminal Server
    TCP 3389
  59. Windows ports:
    WINS Replication
    TCP 42
  60. Why is it extremely important that DCs have anti-malware software that performs regular scans?
    Malware can replicate on a DC through the automatic FRS replication of the SYSVOL share.
  61. What should you do with the local admin account on a DC?
    Using the NTDSUTIL.exe tool, set a long passphrase for the account before that account is needed to restore AD in a crisis. Physically secure the copies of that passphrase.
  62. What type of hardware setup would be required to support 10,000 users logging on inthe morning in a 10-minute window at 50% load?
    • 1) Mirrored disks for the OS.
    • 2) Second set of mirrored disks for transactions logs
    • 3) 4-disk RAID 5 for AD and SYSVOL databases.
    • **Adding CPU's increases performance more than adding RAM beyond 1Gb.
  63. What is SYSKEY?
    A utility to encrypt password hashes in the SAM databases. Enabled by default in W2K+
  64. What type of key is the "System Key"
    128-bit RC4 key.
  65. What does the syskey encrypt?
    • 1) Protection keys for users' passwords in AD or the local SAM database.
    • 2) Users' "Master Keys" that are used to protect private keys for certificates
    • 3) Protection keys for the "LSA Secrets" in the registry, such as service account passwords and the computer's own Master Key.
    • 4) The protection key for the local administrator account password that is used when booting into Safe Mode.
  66. What are the three options for how the Syskey is created/stored?
    • 1) Key is stored locally and obscured. This is the default and the location is known.
    • 2) Key is derived from a password the user must enter during boot. Password can be up to 128 chars and is MD5 hashed to create the 128-bit system key. The password is not stored on the machine.
    • 3) Key is derived randomly and stored on a floppy disk. If the disk isn't present, the machine won't boot.
  67. Is a boot-up syskey password more diificult to circumvent than a bios password?
    Yes. The syskey password, when combined with EFS can secure a laptop's data against sophisticated and well-funded adversaries.
  68. Which method of syskey should NOT be used in high-security environments?
    Locally store option.
  69. where might you still find a copy of the system key regardless of how it is created/stored?
    in the crashdump file from a BSOD.
  70. how can administrators audit password strength if syskey is used?
    Administrators, and others with the SeDebugPrivilege user right can extract hashes.
  71. What are the two main benefits of BitLocker Drive Encryption?
    • 1) Verification of the integrity of boot-up files and other start-up data structures to help prevent rootkits from taking control.
    • 2) Sector-level encryption of entire hard drive volumes, including the paging and hibernation files to prevent exposure of confidential data on stolen or lost hard drives.
  72. What is a TPM?
    Trusted Platform Module. It is a chip built into the motherboard that can perform on-board random number generation, encryption, hashing and other cryptographic operations. The TPM is also a secure storage location for keys, passwords, hashes and other secret data. It is able to provide boot-up integrity checking.
  73. What does BitLocker require in terms of disk space and partitions?
    At least two partitions. A 1.5Gb minimum boot-up volume usually assigned D: and one or more volumes for the operating system usually assigned C.
  74. Using BitLocker, can the boot-up volume be encrypted?
  75. Name the five ways BitLocker can be implemented from more secure to least secure.
    • 1. TPM + PIN + USB Token
    • 2. TPM + USB Token
    • 3. TPM + PIN
    • 4. TPM Only
    • 5. USB Token Only (no TPM)
  76. Which of the five methods to implement BitLocker requires both a 4-20 digits pin and the insertion of a usb token during boot-up?
    TPM + PIN + USB Token