Chapter 14 Final Study

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Users must have _____ before they can be granted a session ticket that allows access to a network resource.

A valid ticket granting ticket - A TGT contains information about the user, including group membership, which can be used by the KDC to later issue session tickets allowing access to network resources.

A picture password is made up of which of the following components? (Choose all that apply) a. A picture c. A password b. A PIN d. A gesture

A, D - A picture password consists of two components: a picture and a gesture that you draw on it.

Workgroup computers use which authentication protocol when granting resource access? a. Kerberos v5 c. NTLM v2 b. SSL d. LSASS

C - NTLM is used for systems running Windows NT 4.0 and earlier and for computers that are a member of a workgroup.

Which of the following is not an allowed gesture for a picture password? a. Circles c. Taps b. Straight lines d. Arcs

D - A picture password is limited to three gestures (circles, straight lines, and taps).

A _____ is a collection of data that binds an identity to a key pair

Digital certificate - A digital certificate is a collection of data that binds an identity to a key pair. A digital certificate contains a name that indicates who or what owns the certificate, a public key, the name of the certificate authority (CA) that issued it, and the digital signature of the CA that

Which of the following are examples of password policies? (Choose all that apply) a. History c. Complexity b. Length d. Age

A, B, C, D - Password policies include enforced password history, maximum password age, minimum password age, minimum password length, and complexity requirements.

Account policies contain various subsets. Which of the following are legitimate subsets of account policies? (Choose all that apply) a. Password Policy c. Kerberos Policy b. Account Lockout Policy d. User Name Policy

A, B, C - Account policies contain three subsets: Password Policy, Account Lockout Policy, and Kerberos Policy.

Which of the following passwords is considered complex? a. M!croS0ft c. bobj b. candybar01 d. fred@local

A - A complex password does not contain your name or user name, contains at least six characters, and contains characters from three of the following four groups: uppercase letters [A...Z], lowercase letters [a...z], numerals [0...9], and special, nonalphanumeric characters, such as !@#)(*&^%.

Which term refers to the process of determining what an authenticated security principal can do? a. Authorization c. Nonrepudiation b. Integrity d. Confidentiality

A - After security principals prove their identity, authorization determines what they can do. This is determined through the use of Access Control Lists (ACLs) that are attached to each resource

When visiting websites, users are automatically logged on. However, if other people use the same profile, a user might not want to automatically log on. Which of the following statements best describes how a user can delete the credentials used in the automatic logon? a. Using Credential Manager c. Deleting the access token b. Using Credential Caching d. Clearing the IE cache

A - Credential Manager allows you to store credentials (such as user names and passwords) that you use to log on to websites or other computers on a network. By storing your credentials, Windows can automatically log you on to websites or other computers.

Which of the following is used provides two-factor authentication that consists of an enrolled device and Windows Hello or a PIN? a. Microsoft Passport c. Credential Manager b. Kerberos d. Secure Sockets Layer

A - Microsoft Passport is two-factor authentication that consists of an enrolled device (such as a smartphone) and Windows Hello (biometric) or a PIN.

How does the TPM chip work? a. It encrypts private keys stored in the file system. b. It stores private keys, moving them out of the file system. c. It brokers connections to a network-installed hardware security module for private key storage. d. It brokers connections between the smart card reader and the smart card.

A - The TPM is used to encrypt the private key information, which is then stored on the computer's hard drive.

Which of the following is used to register a nondomain smartphone or tablet in Active Directory, which installs a certificate on a device so that it can secure single sign-on mechanism? a. Device Registration Service c. Credential Caching b. HomeGroup d. Credential Manager

A - When you join a device using Device Registration, previously known as Workplace Join, Device Registration Service (DRS) registers a non-domain-joined device in Active Directory and installs a certificate on the device. By joining the device, Workplace Join provides a secure single sign-on mechanism while controlling which resources can be accessed by the device.

Which of the following can access device security health and verify that the device is using certain security settings and technology to prevent malware early? a. Device Health Attestation c. Device Guard b. Virtual secure mode d. Credential Guard

A - With Windows 10 and Windows Server 2016, you can enable Device Health Attestation (DHA) to access device security health and verify that the device is using Secure Boot, BitLocker, or Early Launch Antimalware (ELAM). Device Health Attestation is aimed at malware that starts on a system before Windows defenses and antimalware load, which allow the malware to remain hidden.

Which of the following statements best describes key components of strong passwords? a. A strong password is generally one that is easy to remember. b. A strong password is generally one that has several characters. c. A strong password is generally one that can be found in a dictionary. d. A strong password is generally one that is complex, consisting of characters and numbers.

B - A password's length is a key component of its strength. Password length is the number of characters used in a password.

Discretionary Access Control Lists (DACLs) contain one or more of which of the following items? a. Session tickets c. Ticket-granting tickets b. Access control entries d. Security identifiers

B - DACLs contain one or more ACEs. ACEs contain SIDs, but DACLs don't directly contain SIDs.

Which term refers to the ability to guarantee that the information has not been arbitrarily changed? a. Authorization c. Nonrepudiation b. Integrity d. Confidentiality

B - Integrity is the ability to guarantee that the information has not been arbitrarily changed from the time it was sent from the original source to the time it was received by the other party.

Which of the following basic security components is used to support virtual smart cards? a. SSL certificates c. Kerberos b. Trusted Platform Module d. NTFS

B - Virtual smart cards, like physical smart cards, leverage hardware-based security and anti-hammering protection to protect sensitive information using private keys. In the case of virtual smart cards, this protection comes from the device's Trusted Platform Module (TPM), which is a standards-based hardware security component.

Which of the following is used to find computers, users, and other resources throughout an Active Directory forest? a. Key Distribution Center c. Kerberos b. Global Catalog d. Iterative query

B - When you implement multiple domains, a feature called the Global Catalog is used to find users, computers, and resources throughout the other domains.

Why are account lockout policies put into place? a. To enforce privacy standards c. To enforce policy standards b. To enforce security standards d. To enforce regulation standards

B - With enough time, a hacker can crack any password. To help prevent password cracking, you can limit how many times a hacker can guess a password.

Where are user accounts stored for computers that are in a workgroup? a. Accounts Manager Datastore c. Directory Information Tree b. Security Accounts Manager d. Local Security Authority

B - Workgroup computers must be on the same network segment and will maintain their own local security database to store user accounts, called the Security Accounts Manager.

Which authentication protocol is used when authenticating to a server that belongs to a different Active Directory forest? a. Kerberos v5 c. NTLM v2 b. SSL d. CHAP v2

C - NTLM is used for systems running Windows NT 4.0 and earlier and for computers that are a member of a workgroup. It is also used when authenticating to a server that belongs to a different Active Directory forest.

Which term refers to a method used to provide proof that a security principal is the source of data, an action, or a communication? a. Authorization c. Nonrepudiation b. Integrity d. Confidentiality

C - Nonrepudiation is a method used to provide proof that a security principal (user, computer, process) is the source of data, an action, or a communication. This is usually provided through the use of public key/private key technologies.

Which of the following statements best describes how Password Settings Objects (PSOs) should be assigned to users? a. You should assign PSOs directly to individual users. b. You should assign PSOs to a new group and add the users to the new group. c. You should assign PSOs to a global security group and add users to the group. d. You should assign PSOs to various Active Directory groups as needed.

C - To assign a PSO to a user, it is best to assign the PSO to a global security group and then add the user to the global security group.

Which server role is needed for Workplace Join? a. AD RMS c. AD FS b. RD GW d. PSO

C - To support Workplace Join, you'll need to install and configure Active Directory Federation Services (AD FS) and the new Device Registration Service.

When configuring two-factor authentication using digital certificates in Windows 10 on hardware with TPM chips, which of the following methods is the most cost effective and secure? a. Using digital certificates stored in the file system b. Using USB-attached smart card readers and smart cards c. Using virtual smart cards d. Using digital certificates with BitLocker Drive Encryption

C - Windows 10 introduces a new feature called virtual smart cards (VSCs), which makes additional hardware (smart card readers and smart cards) unnecessary. These cards emulate the functionality of regular smart cards but require a Trusted Platform Module (TPM) chip to protect the private keys. The TPM is used to encrypt the information, which is then stored on the computer's hard drive.

Which of the following provides biometric authentication that uses a user's face, iris, or fingerprint to unlock devices? a. Microsoft Passport c. Windows Hello b. Credential Manager d. Kerberos

C - Windows Hello is a Windows 10 biometric authentication system that uses a user's face, iris, or fingerprint to unlock devices. Windows Hello requires specialized hardware, including a fingerprint reader, illuminated infrared (IR) sensor, or other biometric sensors.

Which Windows 10 features are required in order to run virtual secure mode (VSM)? a. .NET Framework 3.5 c. Isolated User Mode b. BITS d. Hyper-V Platform

C, D - If you have the correct hardware to run Hyper-V, you will need to install Hyper-V and Isolated User Mode.

A _____ is the computer that creates and manages the distribution and revocation of certificates.

Certificate authority - A certificate authority is the computer that creates and manages the distribution and revocation of certificates.

Generally speaking, which of the following password conditions is not considered to be part of a strong password for a corporation? a. Is 12 characters long b. Does not use part of the organization's name c. Does not use words found in a dictionary d. Is also used for online accounts

D - A strong password has the following characteristics: • Is at least eight characters long • Uses at least one character from the following: upper- and lowercase letters, punctuation marks, numbers • Does not include your logon name, your real name, or your company name • Does not include a complete word that can be found in the dictionary • Should not be the same password that you have used in the past or used on other website accounts

Digital certificates, smart cards, picture passwords, and biometrics are used to perform which of the following actions? a. Integrity c. Authorization b. Confidentiality d. Authentication

D - Authentication represents the way that security principals (users, computers, and processes) prove their identity before they are allowed to connect to your network. In the past, authentication was handled through the use of passwords. Today, additional authentication tools, including digital certificates, smart cards, picture passwords, and biometrics, are used.

Which term refers to preventing people from reading information they are not authorized to read? a. Authorization c. Nonrepudiation b. Integrity d. Confidentiality

D - Confidentiality is about preventing people from reading information they are not authorized to read. Confidentiality is handled through the use of encryption technologies.

Which of the following is required by Device Guard and Credential Guard in order to operate? a. Virtual smart cards c. HomeGroups b. Credentials Manager d. Virtual secure mode

D - Device Guard and Credential Guard use Windows 10 virtual secure mode (VSM) that, in turn, uses the processor's virtualization to protect the PC, including data and credential tokens on the system's disks.

Which of the following items are not supported as a method of authentication in Windows 10? a. Picture passwords c. Digital certificates b. Biometrics d. One-time passwords

D - Windows 10 supports the following methods of authentication: passwords, picture passwords, digital certificates, smart cards, and biometrics.

Confidentiality is handled through the use of _____.

Encryption technologies - Confidentiality is handled through the use of encryption technologies.

_____ provides native support for the use of biometrics as an authentication factor.

Windows Biometric Framework - Microsoft introduced native support for biometric technologies through its Windows Biometric Framework (WBF). WBF enables users to manage device settings for biometric devices through Control Panel, provides support for managing device drivers, and manages Group Policy settings that can be used to enable, disable, or limit use of biometric data for a local computer or domain.


Ensembles d'études connexes

Contracts Midterm 2 Class Hypotheticals

View Set

Module 12 Review Quiz: Linux installation and configuration

View Set

Vascular Disorders - Multiple Choice

View Set

Fundamentals ATI Health Care Delivery Module

View Set

Mom & Baby Prep U questions 19, 20, 21, 22, 23, 24, 25

View Set

LIB160H Potential Exam Questions

View Set

MCN 273 MOD 1 (GTPAL, Intro to OB)

View Set