Question

A global company has decided to implement a cross-platform baseline of security settings for all company laptops. A security engineer is planning and executing the project. Which of the following should the security engineer recommend?

1. Replace each laptop in the company’s environment with a standardized laptop that is preconfigured to match the baseline setting

2. Create batch script files that will enable the baseline security settings and distribute them to global employees for execution

3. Send each laptop to a regional IT office to be reimaged with the new baseline security settings enabled and then redeployed

4. Establish GPO configurations for each baseline setting, test each works as expected, and have each setting deployed to the laptop

5. Leverage an MDM solution to apply the baseline settings and deploy continuous monitoring of security configurations

Answer 1

as a security engineer...

1) replacing laptop is not good economically. so, if company is seeking the cost effective solution, then do not adapt this. Yes, if the security concern is much higher which can not be satisfied with older laptop, then can do so.

2) Most effective way is this one. once a batch script is created, it will shared with all employees, and by executing that file they can have their laptop configured as per the needs. Since, we need to create the script once, it is perfect solution.

3) we can call to send all laptop to regional IT office, but this is not effective. we should only do this when there is lack of IT staff.

4) yes. this step is necessary. since after implementing the mechanism, we need to test. so, this is essential step.

5) if we can do this like monitoring activity, then it will increase the security drashtically. you can call this as real time monitoring and for zero day security attack, it is needed.

Hope it helps. Thanks. If you have doubt, comment it.