Active directory interview questions, part 2 of 2

  • How does group policy resolve setting conflicts?
  1. Following the GPO’s processing order. More particular – the GPO containing the conflicting policy setting that applies last is the setting that overwrites all other settings.
  • Give three examples of where PowerShell pipeline should be used, rather than set as variable
  1. This is an intriguing question also in the Linux/bash environment.
  2. Allows data to be sent from one command to the second, without the need of variable definition
  3. Allows for easier ongoing refining of the function/script results
  4. Streaming/ piping values allow working with “infinite” length of continuous data, while its rather impossible to define such a variable
  • How do you establish a remote PowerShell session?  What are the pre-requisites?
  1. [If working within Domain] Enable PowerShell Remoting/ Enable-PSRemoting -Force
    1. Starts the WinRM service
    2. Starts automatically with system start
    3. Creates a firewall rule for incoming connection
  2. [If working within Workgroup]
    1. Configure the network as private
    2. Configure TrustedHosts on both machines.
  3. To execute a single remote cmdlet: Invoke-Command
  4. To initiate a remote session: Enter-PSSession

 

Where does ISO/IEC 27001 fits

ISO 27001 is a part of the bigger ISO/IEC 27000 family of standards – Information security management systems. The ISO/IEC 27000 family of standards assists commercial and governmental organizations in keeping their information assets secure.

Usage of the ISO 27000 family of standards helps the organization manage the security of various assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).

The last version of ISO 27001 is from few years ago – 2013m thus the naming convention of the current one is ISO/IEC 27001:2013.

It describes the best practices for information security management system and its purpose is to protect the confidentiality, integrity and availability of the information in a company. This is being addressed by discovering potential problems related to the information (i.e., risk assessment), and then defining what must be done in order to prevent those problems from happening.

Therefore, the main philosophy of ISO 27001 is based on managing risks: find out where the risks are, and then systematically treat them via applying proper control measures.