Ch 14 Quiz
Specifies the number of unsuccessful logon attempts that, if made within a predefined amount of time, might indicate that an unauthorized person is trying to access a computer or the network.
Account Lockout Policy
Which of the following characteristics describe the characteristics of a workgroup? (Choose all that apply.)
It uses the SAM database. All computers are located on same network segment.
Which of the following authentication protocols is used in Windows Active Directory domains?
Kerberos
Which of the following authentication protocols is best designed to support today's Active Directory-based networks?
Kerberos v5
The network authentication service that supplies ticket-granting tickets (TGTs) used by the Kerberos v5 protocol.
Kerberos v5 protocol. Key Distribution Center (KDC)
Which of the following authentication protocols is based on a challenge/response mechanism?
NTLM
Which of the following authentication types is the least secure?
Passwords
Which of the following components is used to create virtual smart cards?
Trusted Platform Module
A policy that helps administrators manage users who use their personal devices to access organizational resources
BYOD
Technology that can encrypt a volume, which is meant to protect the content if a system is stolen.
BitLocker
Specify the correct order of steps necessary to using Kerberos for authentication.
1 An authentication package is created and sent to the KDC. 2 The KDC validates the authentication package and sends the user a TGT. 3 The user attempts to access a resource and needs a session ticket. 4 The client creates an authentication package (to get a session ticket) and sends it to the KDC along with a request for the resource. 5 The KDC validates the authentication package and sends the user a session ticket. 6 A session ticket is used to authenticate to the file server that contains the resource the user wants. 7 The file server compares the ticket with a DACL.
Specify the correct order of steps necessary to creating a picture password.
1. Click Create a picture password. 2. Choose Picture. 3. Draw three gestures. 4. Confirm the gestures. 5. Log on using the picture password.
A security method that takes advantage of the uniqueness of every individual. By using a person's fingerprint, face, voice, or retina, biometrics offers advantages over other methods.
biometrics
Which of the following mechanisms is used to secure HomeGroups?
A password
Which of the following terms best describes the manner in which security principals prove their identity?
Authentication
Which of the following gestures are supported by picture passwords? (Choose all that apply.)
Circles Taps Straight Lines
Which of the following is used to verify the trustworthiness of a computer within a domain? (Choose two answers.)
Computer SID Computer password
Isolates and hardens key system and user security information (LSA credentials).
Credential Guard
Allows you to store credentials (such as user names and passwords) that you use to log on to websites or other computers on a network.
Credential Manager
Which of the following tools is used to remember user names and passwords when accessing a website?
Credential Manager
A group of key features that hardens a computer system against malware by only running trusted applications, preventing malicious code from running.
Device Guard
Used to access device security health and verify that the device is using Secure Boot, BitLocker, or Early Launch Antimalware (ELAM). Device Health Attestation is aimed at malware that starts on a system before Windows defenses and antimalware load, which allow the malware to remain hidden.
Device Health Attestation (DHA)
Previously called Workplace Join, allows users to join their devices to the organization's network without joining the device to the Active Directory domain.
Device Registration
Registers a non-domain-joined device in Active Directory and installs a certificate on the device.
Device Registration Service
You are an administrator for your company's Active Directory domain. Your manager has decided to allow users to use their own smartphones and tablets to access email and work documents. Explain what must be configured for users to use their own personal devices?
Device Registration allows users to join their devices to the organization's network without joining the device to the Active Directory domain. You can then manage access based on a wide range of attributes. When you join a device using Device Registration, Device Registration Service (DRS) registers a non-domain-joined device in Active Directory and installs a certificate on the device. By joining the device, Device Registration provides a secure Single Sign-On mechanism while controlling which resources can be accessed by the device. Users can then use the Windows 10 settings to add the device via work access
A collection of user and computer accounts that are grouped together to enable centralized management and to apply security.
Domain
A security technology that evaluates non-Microsoft Windows boot time device/application drivers for malicious code.
Early Launch Antimalware (ELAM)
Which of the following are considered authentication factors? (Choose all that apply.)
Smart cards Picture passwords Biometrics
Which of the following authentication factors offers the most security?
Smart cards with a PIN
Suppose there are 10 computers on a network that are configured to share a few printers and a single document folder. The company is not expected to add more computers or users over the next year. There is also no IT staff to support the network. Which of the following models is the best fit for this network?
Workgroup model
Which of the following certificate types is used with virtual smart cards?
Workstation authentication
You are an administrator for the Contoso Corporation, which has about 1,200 computers, mostly running Windows 10. Over the past year, you have managed several instances of malware appearing on the computers of key personnel, leading to a compromise of some key systems. You want to ensure that this does not happen again. Explain how to make sure that users' credentials and other key parts of Windows are not compromised by rootkits or other forms of malware.
You need to enable Device Guard and Credential Guard, both of which require installing virtual secure mode (VSM). To enable Device Guard and Credential Guard, you must install Hyper-V and Isolated User Mode on each computer. You will then use a GPO to enable Device Guard and Credential Guard.
Contains a security identifier (SID) for the user, all of the SIDs for the groups to which the user belongs, and the user's privileges
access token
Domain-level policies that define the security-related attributes assigned to user objects.
account policies
Represents the way that security principals (users, computers, and processes) prove their identity before they are allowed to connect to your network.
authentication
The combination of something you know (a password or PIN); something you have (a smart card); or something that is unique to you (a biometric), such as your fingerprint or an iris scan
authentication factor
After security principals prove their identity, this determines what they can do. This is determined through the use of Access Control Lists (ACLs) that are attached to each resource.
authorization
The computer that creates and manages the distribution and revocation of certificates.
certificate authority
Also known as the certification path, is a list of certificates used to authenticate an entity.
certificate chain
Provides a means for authenticating and auditing the computer's access to a Windows network and its access to domain resources
computer account
This process is about preventing people from reading information they are not authorized to read. Confidentiality is handled through the use of encryption technologies.
confidentiality
Caching the user's domain credentials
credential caching
A collection of data that binds an identity to a key pair.
digital certificate
Allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain
fine-grained password policies
An authentication method that uses two or more authentication factors.
multi-factor authentication