Jeopardy in the AD Domain

Access rights

Domain architecture

Logging and monitoring

Findings and root causes

Entra ID

100

These accounts are used by more than one (1) individual.

What are Shared IDs?

100

Each forest for a typical client should have just one of these.

What is a domain?

100

This tool correlates all logs through forwarding.

What is a SIEM?

100

All users require this to logon, the first step being a username and password.

What is MFA?

100

This MFA solution is built-in to MS tooling.

What is Authenticator?

200

We treat these as the "system administrators" of AD.

What is a "Domain Administrator?"

200

This feature on an OU overrides prcedence and inheritance.

What is enforcement?

200

Logs should be stored with this restriction.

What is read-only mode?

200

Terminated and inactive / unnecessary users are a result of this deficient process.

What is access right administration / review?

200

In this most popular cloud model, a provider provisions AD infrastructure.

What is Infrastructure-as-a-Service (IaaS)?

300

These grant full access rights to the object / machine.

What are local administrator rights?

300

We check GPO layouts with this tool.

What is the group policy management console (GPMC)?

300

This function analyzes and responds to collected logs.

What is a Security and Operations Center (SOC)?

300

This is most commonly unnecessarily held by service desk or security personnel.

What is full administrative access to their own machine?

300

This replaces GPOs for Azure environments.

What are Intune policies?

400

This tool protects service accounts.

What is a password vault?

400

This policy does not follow traditional precedence and inheritance rules.

What is the default domain policy?

400

These types of logs cover system health, performance, and other errors.

What are event logs?

400

This ensures management appropriately designs all required controls for AD.

What is the risk assessment?

400

Thi scontrol, though it can enforce MFA, is not in itself a form of MFA.

What is condititional access?

500

This recommended privilege model replaces traditional security group membership.

What is a "tiered-privilege" model?

500

This set-up overrides GPO authentication settings.

What are fine grained password policies?

500

These types of logs record who did what when.

What are audit logs?

500

When a full configuration program exists, this is the next best reason for persistent misconfigurations?

What is MFA?

500

These accounts should not be synced between cloud and on premises environments.

What are privleged accounts?