Ch 14 Quiz

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Specifies the number of unsuccessful logon attempts that, if made within a predefined amount of time, might indicate that an unauthorized person is trying to access a computer or the network.

Account Lockout Policy

Which of the following characteristics describe the characteristics of a workgroup? (Choose all that apply.)

It uses the SAM database. All computers are located on same network segment.

Which of the following authentication protocols is used in Windows Active Directory domains?

Kerberos

Which of the following authentication protocols is best designed to support today's Active Directory-based networks?

Kerberos v5

The network authentication service that supplies ticket-granting tickets (TGTs) used by the Kerberos v5 protocol.

Kerberos v5 protocol. Key Distribution Center (KDC)

Which of the following authentication protocols is based on a challenge/response mechanism?

NTLM

Which of the following authentication types is the least secure?

Passwords

Which of the following components is used to create virtual smart cards?

Trusted Platform Module

A policy that helps administrators manage users who use their personal devices to access organizational resources

BYOD

Technology that can encrypt a volume, which is meant to protect the content if a system is stolen.

BitLocker

Specify the correct order of steps necessary to using Kerberos for authentication.

1 An authentication package is created and sent to the KDC. 2 The KDC validates the authentication package and sends the user a TGT. 3 The user attempts to access a resource and needs a session ticket. 4 The client creates an authentication package (to get a session ticket) and sends it to the KDC along with a request for the resource. 5 The KDC validates the authentication package and sends the user a session ticket. 6 A session ticket is used to authenticate to the file server that contains the resource the user wants. 7 The file server compares the ticket with a DACL.

Specify the correct order of steps necessary to creating a picture password.

1. Click Create a picture password. 2. Choose Picture. 3. Draw three gestures. 4. Confirm the gestures. 5. Log on using the picture password.

A security method that takes advantage of the uniqueness of every individual. By using a person's fingerprint, face, voice, or retina, biometrics offers advantages over other methods.

biometrics

Which of the following mechanisms is used to secure HomeGroups?

A password

Which of the following terms best describes the manner in which security principals prove their identity?

Authentication

Which of the following gestures are supported by picture passwords? (Choose all that apply.)

Circles Taps Straight Lines

Which of the following is used to verify the trustworthiness of a computer within a domain? (Choose two answers.)

Computer SID Computer password

Isolates and hardens key system and user security information (LSA credentials).

Credential Guard

Allows you to store credentials (such as user names and passwords) that you use to log on to websites or other computers on a network.

Credential Manager

Which of the following tools is used to remember user names and passwords when accessing a website?

Credential Manager

A group of key features that hardens a computer system against malware by only running trusted applications, preventing malicious code from running.

Device Guard

Used to access device security health and verify that the device is using Secure Boot, BitLocker, or Early Launch Antimalware (ELAM). Device Health Attestation is aimed at malware that starts on a system before Windows defenses and antimalware load, which allow the malware to remain hidden.

Device Health Attestation (DHA)

Previously called Workplace Join, allows users to join their devices to the organization's network without joining the device to the Active Directory domain.

Device Registration

Registers a non-domain-joined device in Active Directory and installs a certificate on the device.

Device Registration Service

You are an administrator for your company's Active Directory domain. Your manager has decided to allow users to use their own smartphones and tablets to access email and work documents. Explain what must be configured for users to use their own personal devices?

Device Registration allows users to join their devices to the organization's network without joining the device to the Active Directory domain. You can then manage access based on a wide range of attributes. When you join a device using Device Registration, Device Registration Service (DRS) registers a non-domain-joined device in Active Directory and installs a certificate on the device. By joining the device, Device Registration provides a secure Single Sign-On mechanism while controlling which resources can be accessed by the device. Users can then use the Windows 10 settings to add the device via work access

A collection of user and computer accounts that are grouped together to enable centralized management and to apply security.

Domain

A security technology that evaluates non-Microsoft Windows boot time device/application drivers for malicious code.

Early Launch Antimalware (ELAM)

Which of the following are considered authentication factors? (Choose all that apply.)

Smart cards Picture passwords Biometrics

Which of the following authentication factors offers the most security?

Smart cards with a PIN

Suppose there are 10 computers on a network that are configured to share a few printers and a single document folder. The company is not expected to add more computers or users over the next year. There is also no IT staff to support the network. Which of the following models is the best fit for this network?

Workgroup model

Which of the following certificate types is used with virtual smart cards?

Workstation authentication

You are an administrator for the Contoso Corporation, which has about 1,200 computers, mostly running Windows 10. Over the past year, you have managed several instances of malware appearing on the computers of key personnel, leading to a compromise of some key systems. You want to ensure that this does not happen again. Explain how to make sure that users' credentials and other key parts of Windows are not compromised by rootkits or other forms of malware.

You need to enable Device Guard and Credential Guard, both of which require installing virtual secure mode (VSM). To enable Device Guard and Credential Guard, you must install Hyper-V and Isolated User Mode on each computer. You will then use a GPO to enable Device Guard and Credential Guard.

Contains a security identifier (SID) for the user, all of the SIDs for the groups to which the user belongs, and the user's privileges

access token

Domain-level policies that define the security-related attributes assigned to user objects.

account policies

Represents the way that security principals (users, computers, and processes) prove their identity before they are allowed to connect to your network.

authentication

The combination of something you know (a password or PIN); something you have (a smart card); or something that is unique to you (a biometric), such as your fingerprint or an iris scan

authentication factor

After security principals prove their identity, this determines what they can do. This is determined through the use of Access Control Lists (ACLs) that are attached to each resource.

authorization

The computer that creates and manages the distribution and revocation of certificates.

certificate authority

Also known as the certification path, is a list of certificates used to authenticate an entity.

certificate chain

Provides a means for authenticating and auditing the computer's access to a Windows network and its access to domain resources

computer account

This process is about preventing people from reading information they are not authorized to read. Confidentiality is handled through the use of encryption technologies.

confidentiality

Caching the user's domain credentials

credential caching

A collection of data that binds an identity to a key pair.

digital certificate

Allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain

fine-grained password policies

An authentication method that uses two or more authentication factors.

multi-factor authentication


Ensembles d'études connexes

Ch. 54 Starting/Charging Systems

View Set

Chapter Exam - Arkansas Laws and Rules

View Set

Jasperactive Word 2016 Core: Lesson 7

View Set

Chapter 15: Reconstruction, 1865-1877

View Set

Supply Chain Strategy Quiz 1 Chapter 1 - 2

View Set

Marketing 4650: Digital Marketing - Exam 2

View Set

Unit 5 - Consumers, Producers, & the Efficiency of Markets / The Costs of Taxation

View Set