Module 14 - User Account Management - Q&A Flashcards

1
Q
Which of the following methods are used to manage user credentials? (Choose two.)
A. Standalone
B. Centralized
C. Decentralized
D. Active Directory
A

B, C. Centralized and decentralized methods are used to manage user credentials in an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
Which of the following is used in a Windows Active Directory network to push policies down to individual users and computers?
A. Account policy
B. Group policy
C. Rights, permissions, and privileges
D. Password policy
A

B. Group policy is the method used to push security policy elements to individual computers and users in a Microsoft Windows Active Directory structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
Which of the following terms describes the number of possible combinations in a password?
A. Character space
B. Character set
C. Complexity
D. Length
A

A. Character space describes the number of possible combinations in a password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Which of the following is used to prevent the reuse of passwords?
A. Disabling accounts
B. Account lockout
C. Password complexity
D. Password history
A

D. The password history setting in the account policy is used to prevent the reuse of older passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following factors determines how often passwords should expire and be reset?
A. Password history
B. The minimum amount of time the user is required to use the same password
C. The time and effort it may take for a hacker to crack the password
D. Account lockout duration

A

C. The time it might take a hacker to crack a password, based on complexity and other considerations, is usually the primary factor that drives how long the password can be valid before it expires and must be changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following should be done to a user’s account when the user is under investigation for an indefinite period of time?
A. The account should be deleted.
B. The account should be locked.
C. The password for the account should be changed.
D. The account should be disabled.

A

D. If a user is under investigation, this may mean only a temporary suspension of his access to systems and data. Under this circumstance, the account should be disabled until management deems otherwise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
Which of the following is the primary way to defeat brute-force attacks on passwords?
A. Account deletion
B. Account lockout
C. Password changes
D. Password history
A

B. Account lockout is best way to prevent brute-forcing a user account and password, since a malicious user can attempt to log in only a few times before the account is locked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Several users in the accounting department each require the same levels of access to the accounting server and its share data. Which of the following is the most efficient way to grant access to these users?
A. Create a logical group, assign the group the appropriate permissions to the resources, and then add the individual accounting user accounts to the group.
B. Assign each accounting user the appropriate permissions to the resources.
C. Create a logical group, assign the group the appropriate permissions to the resources, assign the appropriate permissions also to each individual user account, and then add the individual accounting user accounts to the group.
D. Create a logical group, then assign the appropriate permissions to each individual user, and then add those user accounts to the group.

A

A. The most efficient way is to create a logical accounting group, assign that group the appropriate permissions to the accounting server resources, and then add the individual accounting user accounts to the group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following are the best ways to ensure that user accounts are being used appropriately and securely? (Choose two.)
A. Periodically review assigned privileges.
B. Allow users to maintain their privileges indefinitely, even during promotion or transfer.
C. Continuously monitor accounts, through auditing, to ensure accountability and security.
D. Ensure that users permissions stay cumulative, regardless of which group or job role they occupy.

A

A, C. Periodic reviews and continuous monitoring are two ways to ensure that accounts and privileges are used in accordance with organizational policy and in a secure manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Which of the following should usually be avoided and, if used, carefully documented and controlled?
A. System accounts
B. Multiple accounts
C. Shared accounts
D. Individual accounts Answers
A

C. Shared or group accounts should be avoided, and, if used, they should be thoroughly documented and carefully controlled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly