Guide - Part 2: User Accounts Flashcards
What are the five types of user accounts in OS X? How are they different?
Standard is the default account type, administrative users can make changes to the system, a guest user doesn’t require a password, sharing-only users can access only shared files, and the root user has unlimited access to any file or folder in the system.
What are some security risks associated with each type of user account?
Standard user accounts are very secure, assuming they have strong passwords. Administrative users can make changes that may negatively affect the system or other user accounts. A guest user could fill shared folders with unwanted files. Sharing-only users are generally very secure as long as they don’t have too much access to other user’s items. The potential for mayhem with root user access is nearly unlimited.
Which two password methods are supported by OS X Yosemite for local user accounts?
In OS X Yosemite, local user accounts can take advantage of a locally saved password or a password that’s linked to an Apple ID.
What are account attributes?
Account attributes are the individual pieces of information used to define a user account. Examples include full name, account name, user ID, Universally Unique ID (UUID), group, and home folder.
How can you limit a user account from having full access to
all applications?
Parental controls can further limit a user account. Examples include enforcing a simple Finder, limiting applications and widgets, limiting Mac App Store content, setting time limits, and filtering content for several applications included in OS X.
What types of resource contention issues can occur when fast user switching is enabled?
Resource contention occurs when fast user switching is enabled and a user tries to access an item that another user has open in the background. Document contention occurs when a user attempts to open a document that another user has already opened. Peripheral contention occurs when a user attempts to access a peripheral that’s already in use by another user’s open application. Application contention occurs when a second user attempts to access an application that has been designed to run only once on a system.
Which storage-related security risk can occur when fast user switching is enabled?
When fast user switching is enabled, all users are allowed to see other users’ locally connected disks.
A user’s home folder contains which default folders? What are some optional folders that can be added to a user’s home folder?
The default folders in a user’s home folder are Desktop, Documents, Downloads, Library (hidden), Movies, Music, Pictures, and Public. Optional home folder items include Applications and Sites folders.
When you delete a local user account, the Users & Groups preferences gives you three options for dealing with the user’s home folder content. What are they?
When deleting a local user account, OS X can archive the home folder content into a compressed disk image, leave the home folder content in the /Users folder, or delete the home folder content. Optionally, OS X can perform a secure erase on the home folder content.
Which three primary sources can Migration Assistant pull from?
Migration Assistant can migrate information from other OS X systems, other Windows systems, and other disks, including Time Machine backups.
How do you make OS X associate a new local user account with a manually migrated or restored user’s home folder?
Before the local user account is created on a system, you must first copy the restored user’s home folder to the /Users folder. Then after you create the new user in Users & Groups preferences with the same account name, the system will prompt you to associate the new account with the restored home folder.
What does the master password do?
The master password is used to reset local account passwords.
When users change their own account password, how is their login keychain affected?
When users change their own account passwords, the system keeps their login keychain passwords in sync.
What options are available when you try to change the password for a user account with an Apple ID password?
When you change the password for a user account with an Apple ID password, you’re given the option to either change to a separate, locally saved password or to change the Apple ID password.
Which methods can be used to reset a user’s lost account password?
Local account passwords can be reset by an administrator in Users & Groups, by the master password at login, by a FileVault recovery key at startup, and by the Reset Password application in OS X Recovery. Local accounts with Apple ID passwords can also be resent online via https:// appleid.apple.com.
How does resetting a user’s account password affect that user’s login keychain?
The account password reset process won’t change any keychain passwords. Therefore, the user’s keychains don’t automatically open when the user logs in with a new password. The user will have to manually change the keychain passwords using the Keychain Access utility.
How does resetting the master password affect existing Legacy FileVault user accounts?
If a master password is reset because it was lost, Legacy FileVault accounts can’t be reset by the new master password.
How can you limit the use of Location Services?
The Privacy pane of Security & Privacy preferences can be used to allow or disallow applications’ access to Location Services, Contacts, Calendars, Reminders, and Accessibility application access.
How can you ensure that audio recordings used for Dictation
service remain private?
Audio recordings used for the Dictation service aren’t sent to Apple if the Use Enhanced Dictation feature is enabled in Dictation & Speech preferences.
Which feature can you enable to locate a lost Mac system?
iCloud Find My Mac allows you to remotely locate a lost Mac system. You enable this feature in iCloud preferences. To locate a lost Mac system, you can use the iCloud website or the Find My iPhone app on an iOS device.
How does the Firmware Password Utility help prevent users from making unauthorized password changes?
The Firmware Password Utility prevents users from starting up from another system disk. This in turn prevents them from using an OS X Recovery System to reset local passwords without authorization.
Which types of items can be stored in a keychain?
Keychains are used to store secrets such as resource passwords, digital certificates, and encryption keys. The keychain system can also securely store Safari AutoFill information, Internet Account settings, and secure text notes.
How does the keychain system help protect your
information?
The keychain system manages encrypted files that are used to securely save your items. By default, all users have login and Local Items keychains that use the same password as their account. Not even other administrative users can access your keychain secrets without knowing the keychain’s password.
Where are the keychain files stored?
Each user starts with a login keychain saved at /Users/ /Library/Keychain/ login.keychain and a Local Items/iCloud keychain saved in the /Users// Library/Keychains/ folder. Administrative users can manage systemwide authentication assets with the /Library/ Keychain/System.keychain. Finally, Apple maintains several items in /System/Library/Keychains/ for OS X system use.
