AI Skill Report Card
Managing Enterprise Infrastructure
Quick Start15 / 15
New hire onboarding checklist:
Bash# AD account creation New-ADUser -Name "John Doe" -SamAccountName "jdoe" -UserPrincipalName "jdoe@company.com" -Path "OU=Users,DC=company,DC=com" -AccountPassword (ConvertTo-SecureString "TempPass123!" -AsPlainText -Force) -Enabled $true # M365 license assignment Connect-MsolService Set-MsolUserLicense -UserPrincipalName "jdoe@company.com" -AddLicenses "company:ENTERPRISEPREMIUM" # Security group memberships Add-ADGroupMember -Identity "VPN_Users" -Members "jdoe" Add-ADGroupMember -Identity "Department_Sales" -Members "jdoe"
Recommendation▾
Add concrete templates/frameworks for security baselines and naming conventions instead of just mentioning them
Workflow12 / 15
User Provisioning
Progress:
- Create AD account with secure password
- Assign appropriate security groups
- Configure M365 license and mailbox
- Set up MFA enrollment
- Provision application access (VPN, line-of-business apps)
- Schedule password change on first login
Server Deployment
Progress:
- Size requirements and OS selection
- Deploy from template/image
- Configure networking (VLAN, firewall rules)
- Join to domain (Windows) or configure auth (Linux)
- Apply security baseline and patches
- Install monitoring agents
- Document in CMDB
Security Hardening
Progress:
- Enable audit logging
- Configure Windows Defender/endpoint protection
- Apply CIS benchmarks or security baselines
- Disable unnecessary services
- Configure backup and recovery
- Validate compliance scanning
Recommendation▾
Include specific compliance frameworks (SOX, HIPAA, PCI-DSS) and their requirements rather than generic 'CIS benchmarks'
Examples15 / 20
Example 1: Windows Server Deployment Input: New file server needed for Finance department Output:
- Windows Server 2022 with 500GB storage
- Joined to FINANCE OU
- File sharing role installed
- NTFS permissions configured for Finance_Users group
- Weekly backup scheduled
- Antivirus exclusions set for file shares
Example 2: M365 Security Configuration Input: Secure email for executive team Output:
- Conditional access policy requiring MFA
- Safe attachments and links enabled
- DLP policy blocking PII in external emails
- Retention policy for 7 years
- Advanced threat protection enabled
Example 3: Linux Server Hardening Input: Ubuntu web server deployment
Bash# Security baseline ufw enable systemctl disable unnecessary_service chage -M 90 -W 14 username echo "net.ipv4.ip_forward = 0" >> /etc/sysctl.conf
Recommendation▾
Provide actual PowerShell DSC configurations and Ansible playbooks rather than just suggesting their use
Best Practices
- Use automation: PowerShell DSC for Windows, Ansible for Linux
- Follow naming conventions: Consistent server/user naming schemes
- Implement least privilege: Start with minimal access, add as needed
- Document everything: Maintain accurate CMDB and runbooks
- Test backups monthly: Verify restoration procedures work
- Patch management: Schedule monthly patching windows
- Monitor continuously: Set up alerts for security events and performance
Common Pitfalls
- Granting excessive permissions during initial setup
- Skipping security baselines to save time
- Not testing disaster recovery procedures
- Forgetting to remove access for terminated employees
- Using default passwords or weak authentication
- Deploying servers without proper network segmentation
- Missing documentation updates after changes