Chapter 3 Flashcards
(32 cards)
True or False? In Windows, members of the IIS_IUSRS group may create and modify most types of accounts and can log in locally to domain controllers.
False
True or False? In the Windows operating system environment, all users, groups, and computers have unique security identifiers (SIDs).
True
What is Kevin defining when he uses security policy to detail what tasks the organization’s users can perform on their computers?
User rights
What should Oscar do as a first step to prevent contractors from viewing each other’s project files?
Enable an expression-based security audit policy to track contractors’ access
Which of the following stores all user and computer Kerberos master keys?
Key distribution center (KDC)
True or False? Windows Event Viewer enables auditing of event records.
True
What does Microsoft assign to distinguish objects that may originate from different computers?
Globally unique identifier (GUID)
Which principle describes the best balance between providing necessary access for authorized subjects and denying unnecessary access?
The principle of least privilege
Which command-line tool, first introduced with Windows 2000, is used to display or modify access control lists for files and folders?
Cacls.exe
Which of the following describes a collection of features used to describe user and data attributes?
* Security Access Token (SAT)
* Effective permissions
* Dynamic Access Control (DAC)
* Rights Management Services (RMS)
Dynamic Access Control (DAC)
True or False? Dynamic Access Control (DAC) can help a user identify and classify data.
True
True or False? Providing just the necessary access required to carry out a task is called the principle of least privilege.
True
True or False? Each entry in a discretionary access control list (DACL) is called an access control entry (ACE).
True
True or False? The token that Windows uses to store security identifiers (SIDs) is called the Security Access Token (SAT).
True
True or False? In Windows, the Security Access Token (SAT) contains Windows Registry information.
False
An access control strategy that gives a user or group of users only those powers that are absolutely essential to do the job required is called the:
Principle of least privilege
Which access control permission enables you to change the content of a file once it is saved?
Modify
In Windows, ________control access to network resources, such as servers or printers.
* NTFS permissions
* folder-level permissions
* privileged permissions
* share permissions**
Share permissions
Which icacls.exe command would allow members of the Managers group to modify, read, and execute files in the C:\LabDocuments\MGRfiles folder?
* icacls C:\LabDocuments\MGRfiles /set Managers:(M, RX)
* icacls C:\LabDocuments\MGRfiles /set Managers:(M, RE)
* icacls C:\LabDocuments\MGRfiles /grant Managers:(M, RE)
* icacls C:\LabDocuments\MGRfiles /grant Managers:(M, RX)
icacls C:\LabDocuments\MGRfiles /grant Managers:(M, RX)
In the icacls.exe help file (icacls.txt), which symbol would grant no access to the file or folder?
N
True or False? In Windows, the Security Access Token (SAT) is specific to a folder.
False
Which feature do systems administrators need to manage account passwords automatically at the domain level?
* Universally unique identifiers (UUIDs)
* Kerberos keys
* Discretionary access control lists (DACLs)
* Managed service accounts
Managed service accounts
True or False? In the context of access control, security controls must provide object access for all authorized subjects.
True
True or False? A security identifier (SID) identifies a security subject or group of subjects.
True
