CBC
CBLO does not support these tables.
What are Evented Tables?
This is how "Workloads" are defined. (I will accept either the Sales external answer or how the Tech works in defining workloads in its current state. Bonus points for both)
What are;
Admin-Controlled vs User-Controlled
Anything managed under VCenter
These are the two trust vectors that help initially approve ~80-90% of a Windows Enviornment.
What are Reputation and Publishers?
This is the Custom Rule that allows you to monitor, or prevent, changes to critical files and map to compliance mandates of that nature.
What is FIC/FIM rules?
This makes up 50% of Nick's Ethnicity.
What is Spanish? (shocker I'm so pale, I know)
These are the Watchlists I said to always alert on in a CBTH POC.
What are; Advanced Threats, AMSI, TOR.
These are the 2 main points you are trying to communicate on CBP Demos.
What are; Proactive vs Reactive. And Ease (relative to other proactive solutions).
These are the two trust vectors which come OOTB, and are pre-built sets of custom rules.
What are Updaters and Rapid Configs?
This is the most commonly used custom rule for allowing a legacy application that uses an old version of java needed to run.
What is Execution Control?
ALL PLAY:
HURRY - First person to find something Pink and something light blue (they can be 2 different things) and share your camera showing them wins the points!!!
The correct response is what i allow.
This is what Uploads does.
What is nothing? Jk jk, it prevents files from being uploaded within the designated path if "Submit Unknown Binaries for Analysis" is checked off per policy.
These are the capabilities that VDI machines do not have in CWP. (there are technically 2, but I will accept the one main one, if a team gets both they get points too)
What are vuln assessment? And technically the lack of ability to do "agentless" install
This is the trust vector to discuss when highlighting the granularity CBP offers.
What are Custom Rules?
These are the two primary differences between a Trusted Path and a Trusted Directory.
What is Trusted Path allows files to run within the specified path, while Trusted Dir approves files in the path. And Trusted Dir must be local to a machine, while Trusted Path does not.
These are the 3 acceptable forms of Art, according to Jack Donaghy (30 Rock). (List 2).
What are paintings of; Horses, Ships with sails, or men holding swords staring off into the distance?
These are benefits between CBTH vs CBR. (Name 3)
What are;
Dynamic resource allocation, 30 day storage, Fuzzy searching, Regex Searching, AMSI (In console)
What are; Execution Control, Advanced/Expert rules, FIC/FIM, Device Control, Certain Rapid Configs, Memory rules, Blacklisting/banning.
These are the two trust vectors which comprise tamper protection for the CBP agent.
What are Custom and Memory Rules?
This is the Custom Rule often applied to high-read/write-activity servers, such as SQL and Exchange servers.
What is Performance Optimization?
The team to identify this jam wins - dont be that guy and use Soundhound or Shazam, if no one gets it I will just pick another song.
What is;
Rock me gently - Andy Kim
Paradise by the Dashboard Lights - Meatloaf
Alittle less conversation - Elvis
More than a feeling - Boston
Fast Car - Tracy Chapman
These are the respective TTPs that can be blocked by a rule for "Executes Code From Memory". (there are 2)
What are:
Packed_call
suspicious_behavior
These are the 3 benefits of CB Workloads.
What are; Vulnerability assessment, lifecycle management, and asset inventory. (will accept "agentless" install as one)
This is the trust vector that allows you to define what the CBP agent views as an executable.
What are Script Rules?
This is the type of rule whereby you can specify;
Spotify is only allowed to be run IF Visual Studio is also running. If Visual Studio is not running on the machine, Spotify is blocked.
What is an expert rule?
What are Napaleon and Hitler.