Unit 9 Lab 9 Perform Digital Evidence Collection & Documentation Aligned with the Chain of
This was the first incide
1. What services were attacked on the IIS server?
a. FTP, TFTP, IIS
2. How many failed logins were detected?
a. There were 40 failed login
This table includes the tools that we recommend for the Ken 7 Windows Limited CSIRT.
CSIRT Functional Needs
Archer Incident Management
D3 Incident Reporting and Cas
1. Download the latest version of MBSA (Microsoft Baseline Security Analyzer) at:
a. Check the system requirements to
1. What are other available Password Policy options that could be enforce to improve
1. You notice that your computer is getting slower each day. You have terminated unneeded
programs, disabled unneeded services, and have recently defragmented the disks. Your
1. What is the one thing that a virus, a worm, spyware, and malicious code have in
common? What are the differences among these four threa
Running head: UNIT 2 LAB 2: Implement Access Control Lists to Secure Folders and
Read/Write/Access to Files Learning Objectives and Outcomes
Unit 2 Lab 2
September 23, 2014
UNIT 2 LAB 2
1. The access requirements in the table above are based on reference groups. However,
should Windows access controls to implement these requirements be based on groups
1. Currently, system administrators create Ken 7 users in each computer where users
need access. In the Active Directory, where will system administrators create Ken 7
a. Active Di
The advantages of using Active Directory are that it is all centrally controlled. A user has
the ability to sign onto any PC with their credentials and that tells Active Directory which
Access Controls Criteria Worksheet
Access Control Requirement
Prevent unauthorized users from logging onto
another persons user account with period
1. What action initiates a program change or a new program?
a. Changing of hardware or upgrading a video card.
2. Who approves new or changed programs?
a. Management, s
1. Why is it important to run the MBSA?
a. To search for non-patched systems that may include vulnerabilities that could
pose a threat to the s
1. The ERP software vendor reports that some customers have experienced denial-ofservice (DoS) attacks from computers sending large volumes of packets to mail
servers on th
1. What are the steps you took to harden IIS on the Windows Sever? Explain why these
steps are necessary?
a. Launch IIS Manager: Start Inte
1. What functions should this software application provide?
a. To secure applications from outside threats and vulnerabilities
2. What functions should this software
Three important rules to change on a Windows XP computer are; close all unessential ports,
block unnecessary websites, and set up aut
1. Previous attempts to protect user accounts have resulted in users writing down long
passwords and placing them near their workstations. Users should not write down