Chapt 23 (chapt 7 Security) Flashcards
You have a Windows domain network and want to ensure that users are required to meet password complexity requirements period What is the best way to implement this on the network?
A) use a firewall
B) use a VPN
C) use group policy
D) use DLP
Use group policy
In a Windows domain, password policies can be configured at the Domain level using Group Policy objects GPO. There are hundreds of variables that can be configured. Variables that can be configured relating to passwords include password complexity and length and time between allowed changes to passwords, and they lock out policy for failed attempts. DLP data loss prevention is the process of monitoring and identifying sensitive data to make sure it is accessed only by authorized persons
You are setting up a new wireless router for a home office period which of the following should you change immediately when initially configuring the network? Choose two.
A) the routers default administrator username and password
B) the default SSID
C) the radio power level
D) the guest account password
A, B
When configuring a new wireless router, always change the administrators username and password first. This prevents would be Hackers from having easy access to the router. Then change the default ssid. These default values can easily be found online, and not changing them immediately makes your router more vulnerable to attack. The radio power level might be changed later if you discover the signal is too weak or too strong. There is no guest account on a router
On a Windows 10 workstation, there are two NTFS volumes. The manager’s group has modify Access to the D:\mgmt directory. You move the folder to the D:\keyfiles folder, the which the manager’s group has read Access. What level of permissions will the manager’s group have to the new D:\keyfiles\mgmt directory?
A) full control
B) modify
C) read and execute
D) read
Modify
When you move a file or folder on the same NTFS volume, it will keep it’s original permissions. If you copy it or move it to a different volume, it will inherit permissions from its new parent directory
You want to recycle some hard drives that your company no longer uses but want to ensure that other people will not be able to access the data. Which methods of removing the data are acceptable for your purposes? Choose two.
A) formatting the drive
B) using an overwrite utility
C) using a drive wipe utility
D) using electromagnetic fields
Using an overwrite utility and using a drive wipe utility
The best methods are using either overwrite or driveway programs. Overriding the drive and Tails copying over the data with new data. A common practice is to replace the data with zeros. Drive wipes do a similar thing. Formatting the drive does not guarantee that others can’t read the data. Electromagnetic fields or decalsing isn’t reliable and can damage the hard drive and won’t work on all solid state hard drives
What does NTFS use to track users and groups and their level of access to resources?
A) ACLs
B) tokens
C) badges
D) control rosters
ACLs
With ntfs, each file, directory, and volume can have its own security. NTFS track security and access control lists for each resource. The access control list will contain the user or group name and the level of access they have been granted. The basic permissions to choose from our full control, modified, read and execute, list folder contents, read and write. There are also special permissions and settings that can be applied. A token is a software or Hardware that is used in multi-factor authentication and falls under the category of something a user has. Control rosters are used in areas that have security guards and contain a list of people who are allowed to enter
Which of the following active directory Concepts can help enforce security settings? Choose two.
A) EFS
B) Group Policy updates
C) Port security
D) login Scripts
Group Policy updates on login scripts are a common way to push and enforce security settings on active directory objects. EFS is the encrypting file system, which is used to encrypt volumes, files and folders. Port security means opening or closing ports on a router to control what type of packets transverse the router
What protocol was designed to authenticate remote users to a dial-in access server?
A) TKIP
B) TACACS+
C) VPN
D) RADIUS
RADIUS
Remote authentication dial-in user service was originally designed to authenticate remote users to a dial-in access server but is now used in several Authentication situations.
What concept and active directory creates a directory subdivision within which may be placed users, groups, computers and other objects?
A) user
B) domain
C) organizational unit
D) home folder
Organizational unit
The organizational unit OU is a subdivision within which may be placed users, groups, more OU, and other objects. The OU exists on a domain, which is a group of users and resources under a single administrative control. Windows domains are managed by software called active directory. Active directory is organized into organizational units, usually for security purposes.
Which of the following Authentication encryption protocols is older than the others and was developed by Cisco but became an open protocol in the 1990s and can be found on Linux distributions?
A) AES
B) TACACS+
C) Kerberos
D) RADIUS
TACACS+
Is an Authentication Protocol developed by Cisco that is now an open standard. It separates the AAA authentication authorization and accounting packets and encrypts them. It was released in 1993 and radius is an Authentication Protocol that was released in 1997. Kerberos is an open source Authentication Protocol that has been around since the 1980s.
A user has joined your company as a network administrator. Let’s assume that their username is O’Shea. What is the recommended way to give O’Shea the administrative privileges they need?
A) add the O’Shea user account to the administrators group.
B) create an account called adminO’Shea. Add that account to the administrators group. Have the new administrator use the O’Shea account unless they need administrative rights, in which case they should use the adminO’Shea account
C) copy the administrator account and rename it O’Shea
D) add the OSHA user account to the power users group
B
Adding O’Shea to the administrators group will certainly work, but it is not recommended approach. Since members of the administrative group have such power they can inadvertently do harm such as an accidentally deleting a file that a regular user could not. To protect against this, the practice of logging in with an administrators group account for daily interaction is strongly discouraged. Instead, system administrators should log in with a user account with lesser privileges and change to the administrators group account with elevated privileges only when necessary
Which type of security system uses physical characteristics to allow or deny access to locations or resources?
A) ID badges
B) bollards
C) biometrics
D) tokens
Biometrics
A user is a member of the development group and the HR group. They are trying to access a local resource on an NTFS volume. The HR Group has full control permissions for the payroll folder and the development group has a deny read permission for the same folder. What is the user’s effective access to the payroll folder?
A) full control
B) read
C) write
D) deny
Deny
When there are conflicting in TFS permissions, generally they are combined, and the most liberal is granted. The exception to that is when there is an explicit deny. That overrides any allowed permissions
Which of the following are advantages of using NTFS permissions over using share permissions? Choose two
A) NTFS permissions will override share permissions if there is a conflict
B) NTFS permissions affect users at the local computer, but share permissions do not
C) NTFS permissions are more restrictive in their access levels than share permissions
D) NTFS permissions can be set at the file level but share permissions cannot
B, D
NTFS permissions affect users regardless of whether they are at the local computer or accessing the resource across the network. They can also be applied to individual files where share permissions can be applied only to folders. One set of permissions is not inherently more restrictive than the other, as either type can be used to deny access in a given situation, at least when accessing across the network. When NTFS and share permissions affect the same folders the most restrictive permissions apply
You use your smartphone for email and extensive internet browsing period you want to add an additional level of security to always verify your identity online when accessing various accounts. Which type of app do you need?
A) authenticator app
B) trusted Source app
C) biometric authenticator app
D) account encryption app
Authenticator app
An authenticator app can help securely verify your identity online, regardless of the account you want to log into. Different apps work in different ways, but the general procedure is that the app will generate a random code for you to type along with your username and password. The random code helps identify you and tells the site you are logging into that you really are who you say you are. The other options are not actual application types
Which type of digital security is designed to protect your network from malicious software programs by both preventing them from entering the system and removing them if they are found?
A) firewall
B) anti-malware
C) EFS
D) UAC
Anti-malware
Anti malware software will help protect computers from malicious programs. Typically, anti-malware does everything that antivirus software does as well as identify threats Beyond just viruses. In fact, viruses are a type of malware. A lot of anti-malware software is marketed as antivirus software. A firewall is a hardware or software device designed to prevent certain types of traffic from entering or leaving a network