Manage Incidents by Using Incident Response Tools
Learn how to improve IT security by managing incidents using incident response tools: centralized logging and group policies (e.g. enabling an account lockout policy, prohibiting access to the Control Panel, PC settings, and registry tools for non-administrators).
Note: Once you begin the Challenge Lab, you will not be able to pause, save, or exit and then return to your Challenge Lab. Please ensure that you have set aside enough time to complete the Challenge Lab before you start.
Understand the Scenario
You are a network and security administrator. You need to manage incidents by using incident response tools to improve IT security. First, you will configure centralized logging. Next, you will configure Group Policies to enable an account lockout policy for the domain, configure audit policies, and prohibit access to Control Panel, PC Settings and registry editing tools for non-administrators. Finally, you will perform manual Linux updates.
Understand Your Environment
You will be using two domain-joined Windows® 10 virtual machines named W10-ADMIN and W10-ADMIN2, a Windows Server 2019 domain controller virtual machine named WS2019-DC01_NC MailSRV, and a Kali Linux virtual machine named Kali Linux 2021.