E10 - Database Security (WBT) Flashcards
True or false: Eloqua allows you to manage security settings at the database level for the whole organization.
true
When are security settings configured?
At the time of Eloqua installation.
How do you access security settings?
Settings: Setup: Administration: Security
What should you do before modifying security settings?
Consult Eloqua
What are your options for password requirements?
Use a pre-built password policy or create a new one.
What is the default security complexity setting?
Eloqua Security Complexity
Can you change Password complexity settings if you are using the Eloqua Security Complexity setting?
No.
When using Eloqua Security Complexity setting, the password values are _____ and hidden from view.
hard-coded
When using Eloqua Security Complexity setting, the password values are hard-coded and ____.
hidden from view
What is the difference between Eloqua Security Complexity and Windows Security Complexity?
Windows Security Complexity is stricter.
If changes are required to Eloqua Security Complexity or Windows Security Complexity, what must you use?
Custom Security Complexity
When are the settings active under the Password complexity settings section?
Only if you have chosen Custom security complexity.
What determines the password expiration timeframe?
User passwords expire in
What are the maximum and minimum values for password expiration?
365 days and 0 days
What is the value for password expiration in Eloqua security complexity?
120 days
What is the value for password expiration in Windows security complexity?
42 days
What is the value for password expiration in Custom security complexity?
120 days
If you set the value for password expiration to zero, what does this mean?
The password will never expire.
What setting determines how long a user must wait before reusing a previous password?
Number of days in which a password cannot be reused.
The value in the “Number of days in which a password cannot be reused” is also driven by the setting in the ___ field.
Enforce password history
What is the value for Number of days in which a password cannot be reused in the Eloqua security complexity?
0 days
What is the value for Number of days in which a password cannot be reused in the Windows security complexity?
2 days
What is the value for Number of days in which a password cannot be reused in the Custom security complexity?
0 days
What setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused?
Enforce password history
To maintain the effectiveness of the password history, what should you do?
Do not allow passwords to be changed right after they were changed.
How do you prevent passwords from being changed after they were just changed?
By setting the Number of days in which a password cannot be reused security policy setting to 1.
What setting determines the minimum characters in the password?
Minimum password length.
What is the minimum value for password length?
5
What is the minimum password length for Eloqua security complexity?
6 characters
What is the minimum password length for Windows security complexity?
8 characters
What is the minimum password length for Custom security complexity?
5 characters
True or false: “Require at least one uppercase character” is enabled for all complexity levels.
True
True or false: “Require at least one lowercase character” is enabled for all complexity levels.
True
“Require at least one digit” is enabled for which complexity levels?
All
True or false: “Require at least one punctuation character” is enabled by default for all complexity levels.
False. It is disabled by default for all complexity levels.
“Password cannot contain more than 2 characters from the user name” - enabled or disabled for Eloqua security complexity?
Disabled
“Password cannot contain more than 2 characters from the user name” - enabled or disabled for Windows security complexity?
Enabled
“Password cannot contain more than 2 characters from the user name” - enabled or disabled for Custom security complexity?
Enabled
“Password cannot contain user’s account name” - enabled or disabled for Eloqua security complexity?
Disabled
“Password cannot contain user’s account name” - enabled or disabled for Windows security complexity?
Enabled
“Password cannot contain user’s account name” - enabled or disabled for Custom security complexity?
Enabled
“Require the first character to be alphanumeric” mandates that the first character of a user’s password must be ____ and cannot be a ___
alphanumeric and cannot be a special or Unicode character.
True or false: “Require the first character to be alphanumeric” is enabled for all complexity levels.
False - it is disabled
True or false: “Require the first character to be alphanumeric” is disabled by default for all complexity levels.
True
True or false: Eloqua offers a “Restrict login by IP address” option.
True
True or false: Eloqua provides you with options for configuring “Restrict Login By IP”
True.
What are the three options for configuring “Restrict Login by IP Address”?
By IP Range, Specific IP Block, By Network Mask.
What kind of environments would you be most likely to restrict login by IP address to a specific IP block?
Where IP addresses are not dynamically assigned.
How do you enter the “By Network Mask” option?
Enter the beginning IP address of the IP range you wish to add, followed by the network mask in slash notation.
Use the ____ section to define the timeframe and number of attempts after which a user must have their password reset.
Account Lockout Policy.
The Account Lockout Policy contains settings for: ____, Lockout effective period, Reset invalid login count after…
Maximum invalid login attempts
The default value for Maximum invalid login attempts is:
10
The default value for Lockout effective period is
5 minutes
If you set Lockout effective period to 0, what happens?
Account will be locked until an admin manually unlocks it.
The __ setting determines the number of minutes that must pass before the lockout threshold is reset.
Reset invalid login count after…
If Reset invalid login count after… is set to zero, what happens?
An admin must manually reset the account.
The Account Lockout Policy contains settings for: Maximum invalid login attempts, _____, Reset invalid login count after…
Lockout effective period
The Account Lockout Policy contains settings for: Maximum invalid login attempts, Lockout effective period, ______
Reset invalid login count after…
______ determines the duration after which a current session will expire in case of abandonment.
Session timeout value in minutes
The ____ includes Session Timeout value and Forgotten password reset time
Session Timeout Policy.
What is the default Session Timeout value?
120 minutes
The ___ determines the duration after which a user can get a new Forgot Password email.
Forgot password reset time