unit 15
Policies that define specific operating system functions (allow log on locally, ect.).
User rights
The built-in local groups on a Windows 8 workstation receive their special capabilities through which of the following mechanisms?
User rights
A user lost their password and requested that an administrator reset it for them. Of the options listed here for resetting the password, which would have the least impact on the user assuming they have EFS-encrypted files on their computer?
Using a password reset disk.
A new component in Windows 8 that provides a core biometric functionality and a Biometric Device control panel.
Windows Biometric Framework
Provides a core biometric functionality and a Biometric Device control panel.
Windows Biometric Framework
Collection of computers that are all peers.
Workgroup
The process by which Windows 8 verifies that the identity of the person operating the computer is the same as the user account the person is employing to gain access.
authentication
The process by which an authenticated user is granted a specific degree of access to specific computer or data resources.
authorization
A collection of logical objects that represent various types of network resources, including computers, applications, users, and groups. Each object consists of attributes that contain information about the object.
directory service
A set of network resources for the use of a group of users who can authenticate to the network to gain access to those resources.
domain
A Windows server with the Active Directory service installed. Each workstation computer joins the domain and is represented by a computer object. Administrators create user objects that represent human users. The main difference between a domain and a workgroup is that users log on to the domain once, rather than each computer individually.
domain controller
A Windows entity that represents a collection of users. System administrators can create groups for any reason, and with any name, and then use them just as they would a user account. Any permissions or user rights that an administrator assigns to a group are automatically inherited by all members of the group.
group
A simplified networking paradigm that enables users connected to a home network to share the contents of their libraries without the need for creating user accounts and permissions.
homegroup
A system that requires users to confirm their identities in two or more ways.
multifactor authentication
A type of authentication that occurs when a user has accounts with the same name and password on multiple workgroup computers, and the authentications occur automatically, with no user intervention.
pass-through authentication
A junior administrator has just informed you that a user on your network has lost their password. She would like to reset the password for the user. What advice would you provide her?
she could use password recovery disk or have the admin reset the password for her
Specific operating system tasks, such as Shut Down the System or Allow Log on Through Terminal Services, which can only be performed by certain users designated by a system administrator.
user rights
A collection of computers that are all peers. A peer network is one in which every computer can function as both a server, by sharing its resources with other computers, and a client, by accessing the shared resources on other computers.
workgroup
Involves using more than one identification method.
Multifactor authentication
You have set the Account Lockout Duration policy setting to 15 and the Account Lockout Threshold to 3. What would be the result?
1) A user will have to wait 15 minutes before Windows 8 automatically unlocks their account. 2) A user will be allowed 3 invalid logon attempts before they are locked out. 3) The user may get locked out due to normal user error during logon.
5 steps to back up an existing Windows 8 certificate?
1) Click the Search charm, choose Settings and then type cert in the search box. 2) In the Results list, click Manage user certificates to load the snap-in. 3) Right-click the certificate you want to back up and choose All Tasks > Export certificate. 4) Select the file format you want to use. 5) Type a name for the file, browse to the location where you want to store the file and then click Finish.
You are working on a corporate network owned by a company with several government contracts to develop classified technology. You have been assigned the task to create a set of password and account policy settings that meet the following criteria: • Users must change passwords every four weeks and cannot reuse the same passwords for one year. • User passwords must be at least 12 characters long, case sensitive, and consist of letters, numbers, and symbols. • Users are allowed no more than three unsuccessful logon attempts before the account is permanently locked down until released by an administrator. In the following table, enter the values for the policies that will meet these requirements.
1) Enforced Password history will be 12 2) Maximum Password Age 31 3) Minimum password Age 31 4) Minimum Password length 12 5) Password must meet Complexity Requirements lower and uppercase letters numbers and Symbols 6) Store passwords using reversible requirements defualt 7) Account Lockout Threshold 3 8) Account lockout Duration 0 9) Reset Account Lockout Counter After 1
Which of the following policy modifications would make it harder for intruders to penetrate user passwords by a brute force attack?
1) Increase the value of the Reset Account Logon Counter After policy 2) Enable the Password Must Meet Complexity Requirements policy
Which of the following statements are true regarding domain and local user accounts?
1) Local user accounts are stored in the Security Account Manager (SAM) database. 2) Domain user accounts must be unique within the directory.
6 steps to setup Account Lockout Policy?
1) Open Control Panel and then click System and Security > Administrative Tools. 2) Double-click Local Security Policy. 3) Expand the Account Policies header, and then click Account Lockout Policy. 4) Double-click the policy you want to configure to open its Properties sheet. 5) Configure the policy by setting a value using the spin box, radio button, or other control and then click OK. 6) Close the Local Security Policy console
10 steps to create a Local Group?
1) Open the Computer Management console. 2) In the console's scope pane, expand the Local Users and Groups node and click Groups. 3) Right-click the Groups folder and then, from the context menu, select New Group. 4) In the Group name text box, type the name you want to assign to the group. 5) Specify a Description for the group. 6) Click the Add button. 7) Type the names of the users that you want to add to the group, separated by semicolons, in the text box, and then click OK. 8) Click Create to create the group and populate it with the user(s) you specified. 9) Click Close. 10) Close the Computer Management console.
One of your users was recently issued a new Windows 8.1 computer that was configured by a new administrator in your department. The user reports she received an access denied message while trying to view her disk properties using the Disk Management tool. The message was as follows: You do not have access rights to Logical Disk Manager on Win8Pro.Y You remember the new administrator talking about local security policies and that he had been testing them a few days earlier. You suspect this could be the source of the problem.
1) i would go into local security policies and check for what was disabled or enabled then check if she has admin access if not then change the setting and add her as an admin and give her full control of the disk 2) Pretend you have the client in front of you and solve the problem for them.
Your Windows 8 computer is currently a member of a workgroup that includes four other Windows 8 computers. If you want to access resources on all four of these computers, you must have a user account on how many of them?
4
You would like to configure an Account Lockout Threshold policy that will protect your system from brute force attacks while still preventing lockouts from normal user error. Which value would you recommend for the Account Lockout Threshold setting?
5
Which of the following provides you with the strongest level of password protection on a computer that contains sensitive data?
A password created using 7 characters including uppercase, lowercase, numerical characters, and symbols.
This Windows element contains a list of users for each permission-protected resource and the degree of access each user has to the resource.
Access control list (ACL)
Specifies the number of invalid logon attempts that will trigger an account lockout.
Account Lockout Threshold
A directory service, included in Microsoft Windows operating systems, that functions as a storehouse for information about network hardware, software, and users.
Active Directory
You would like to implement an identification method that would provide the best security when it comes to protecting sensitive information on your network. Which of the following would you recommend?
PIN + Smart Card
You have a resource that you want to make available to only selected users on your domain-based network. Which of the following would provide the most efficient method of assigning and managing access to the resource as users join and leave the company?
Assign permissions for the resource to a group that contains the selected users' accounts.
The process of verifying that the identity of the person operating the computer is the same as the user account the person is employing to gain access.
Authentication
The process of granting an authenticated user a specific degree of access to specific data resources.
Authorization
Collection of logical objects that represent various types of network resources.
Directory service
Which of the following account lockout policy modifications could you make to ensure that user passwords cannot be intercepted by analyzing captured packets?
Disable the Store Passwords Using Reversible Encryption policy
Used to represent a collection of users.
Group
A standard for smart card authentication, published by the National Institute of Standards and Technology (NIST).
Personal Identity Verification (PIV)
Allows Windows 8 to obtain drivers for smart cards from Windows Update or use a mini driver included with the operating system.
Personal Identity Verification (PIV)
You want to configure an account lockout policy that will provide the best protection for your system against failed password attempts while still allowing you to know when someone has attempted to access your system. Which setting will allow you to accomplish this?
Set the Account lockout threshold to lock out after 5 failed password attempts and the Account lockout duration to 0
Which of the following statements is true?
The User accounts control panel applet can create local users only.
When you log on to a newly installed Windows 8 computer for the first time, why can you not use the Administrator account?
There is no Administrator account.