Authorization

Question 1

You are configuring Windows Dynamic Access Control. You have created a user claim, enabled the “Department” resource properly, and you have created an Access Control Rule. What must you also do? Choose more than one option.
A. Install Routing and Remote Access on file servers
B. Add the central access rule to a Central Access Policy (CAS), deploy the CAS using Group Policy
C. Add the central access rule to the server audit list
D. Install File Server Resource Manager on file servers

Answer 1

B. Add the central access rule to a Central Access Policy (CAS), deploy the CAS using Group Policy
D. Install File Server Resource Manager on file servers
Here’s a breakdown of why these are the correct choices:

B. Add the central access rule to a Central Access Policy (CAS), deploy the CAS using Group Policy:
This is the primary method for deploying Dynamic Access Control policies to file servers.
The CAS defines the access rules, including the user claims and resource properties that will be used to determine access.
By deploying the CAS using Group Policy, you ensure that the policies are applied consistently across all file servers in your domain.

D. Install File Server Resource Manager on file servers:
This role service is required on file servers to enable Dynamic Access Control.
It allows the file servers to process the access rules defined in the CAS and enforce them on file access requests.

Question 2

Which Linux command can be used to grant regular users the ability to run privileged commands?
A. grep
B. chmod
C. ps
D. visudo

Answer 2

D. visudo.
The visudo command allows you to edit the /etc/sudoers file, which defines which users can execute which commands with elevated privileges. By modifying this file, you can grant specific users or groups the ability to run privileged commands.

Here’s a brief explanation of the other options:
A. grep: Used for searching text patterns in files.
B. chmod: Used for changing file permissions.
C. ps: Used for displaying process information.

Question 3

Which security principal strives to grant only those permissions required to perform a specific task?
A. Single sign-on
B. Principle of least privilege
C. Defense in-depth
D. Multifactor authentication

Answer 3

B. Principle of least privilege.

This principle dictates that users should be granted only the minimum level of access necessary to perform their assigned tasks. By limiting permissions, you reduce the potential impact of a security breach.

Question 4

You are using the Azure portal to configure RBAC. You have opened the properties of a resources group. What should you click on to configure RBAC?
A. Access Control (IAM)
B. Monitoring
C. Properties
D. Security

Answer 4

A. Access Control (IAM).
When you open the properties of a resource group in the Azure portal, you’ll find the “Access control (IAM)” option under the “Settings” section. Clicking on this option will allow you to manage the role assignments for that resource group, effectively configuring RBAC.

Question 5

You need to determine how an attacker has gained access to the file system of a Windows server. Which file system configurations should you check? Choose more than one option.
A. NTFS permissions
B. Shared folder permissions
C. Size on a disk
D. Compression

Answer 5

A. NTFS permissions
B. Shared folder permissions
These two configurations are crucial for controlling access to files and folders on a Windows server. By checking NTFS permissions, you can determine who has the rights to read, write, modify, or delete files and folders. Shared folder permissions control access to files and folders shared over a network.

Question 6

Which access control model uses the operating system to determine resource access?
A. RBAC
B. DAC
C. MAC
D. ABAC

Answer 6

C. MAC (Mandatory Access Control).

In MAC, the operating system enforces a strict set of rules to determine who can access which resources. These rules are based on security labels assigned to both subjects (users) and objects (resources). The system compares these labels to determine if access is allowed. This model is often used in highly secure environments where strict control over access is necessary.

Question 7

Which Linux command is used to set file system permissions?
A. chgrp
B. chmod
C. chown
D. visudo

Answer 7

The command used to set file system permissions in Linux is B. chmod.

Here’s a breakdown of the other options:
A. chgrp: Used to change the group ownership of a file or directory.
C. chown: Used to change the owner of a file or directory.
D. visudo: Used to edit the /etc/sudoers file, which controls user privileges.
By using chmod, you can modify the read, write, and execute permissions for a file or directory, controlling who can access and modify it.