TestOut Security+ A.2.1 Pro Domain 1: Identity Management and Authentication

You use a special user account called Administrator to log on to your computer. However, you think someone has learned your password. You are logged on as Administrator. In this lab, your task is to change your password to r8ting4str. The current Administrator account uses 7hevn9jan as the password.

Change your password. At the prompt, type passwd and press Enter. When prompted, enter 7hevn9jan and press Enter. This is the current password. At the New password prompt, enter r8ting4str and press Enter. Retype r8ting4str as the new password and press Enter.

The VP of marketing has told you that Paul Denunzio will join the company as a market analyst in two weeks. You need to create a new user account for him

Complete this lab as follows: Create the Paul Denunzio account and comment. From the Linux prompt, type useradd -c "Paul Denunzio" pdenunzio and press Enter. Create a password for Paul. Type passwd pdenunzio and press Enter. Type eye8cereal as the password and press Enter. Retype eye8cereal as the password and press Enter. Verify that the account was created. Type cat /etc/passwd and press Enter. Answer the question. In the top right, select Answer Questions. Select the correct answer. Select Score Lab.

Terry Haslam (thaslam) was dismissed from the organization. His colleagues have harvested the files they need from his home and other directories. Your company security policy states that upon dismissal, users accounts should be removed in their entirety. In this lab, your task is to: Delete the thaslam user account and home directory from the system. When you're finished, view the /etc/passwd file and /home directory to verify the account's removal.

userdel -r thaslamcat /etc/passwdls/ home

You are the IT security administrator for a small corporate network. You would like to use Group Policy to enforce settings for certain workstations on your network. You have prepared and tested a security template file that contains policies that meet your company's requirements.

Access the CorpNet.local domain. From Server Manager, select Tools > Group Policy Management. Expand Forest: CorpNet.local > Domains > CorpNet.local. Maximize the window for better viewing. Create the Workstation Settings GPO and link it to the CorpNet.local domain. Right-click the Group Policy Objects OU and select New. In the Name field, enter the Workstation Settings and then click OK. Link OUs to the Workstation Settings GPO. Right-click the OU and select Link an Existing GPO. Under Group Policy Objects, select Workstation Settings from the list and then click OK. Repeat step 3 to link the additional OUs. Import the ws_sec.inf security policy template. Expand Group Policy Objects. Right-click Workstation Settings and select Edit. Under Computer Configuration, expand Policies > Windows Settings. Right-click Security Settings and select Import Policy. Browse to the C:\Templates. Select ws_sec.inf and then click Open.

Maggie Brown (mbrown) and Corey Flynn (cflynn) have recently been hired in the human resources department. You have already created their user accounts.

Add users to the hr group. At the prompt, type usermod -G hr mbrown and press Enter. Use usermod -G hr cflynn and press Enter. Verify the group membership for the users added to each group. Use groups mbrown and press Enter. Use groups cflynn and press Enter

Salman Chawla (schawla) forgot his password and needs access to the resources on his computer. You are logged on as wadams. The password for the root account is 1worm4b8.

Complete this lab as follows: Change Salman Chawla's password. At the prompt, type su -c "passwd schawla", then press Enter. Type 1worm4b8, then press Enter. This is the password for the root user. At the New password prompt, type G20oly04, then press Enter. This is the new password for the schawla user account. At the Retype new password prompt, type G20oly04, then press Enter.

Currently, all the salespeople in your company belong to a group called sales. The VP of sales wants two sales groups, a western sales division and an eastern sales division.

Rename the sales group western_sales_division and create the eastern_sales_division group. At the prompt, type groupmod -n western_sales_division sales and press Enter. Type groupadd eastern_sales_division and press Enter. Modify the group membership as needed. Type usermod -G eastern_sales_division aespinoza and press Enter. Use cat /etc/group or groups aespinoza to verify aespinoza's group membership.

You are the IT administrator for a small corporate network. You recently added an Active Directory domain to the CorpDC server to manage network resources centrally. You now need to add user accounts in the domain. In this lab, your task is to create the following user accounts on CorpDC:

Access Active Directory Users and Computers on the CorpDC server. From Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. From Server Manager's menu bar, select Tools > Active Directory Users and Computers. Maximize the window for better viewing. Create the domain user accounts. From the left pane, expand CorpNet.local. Browse to the appropriate OU. Right-click the OU and select New > User. In the First name field, enter the user's first name. In the Last name field, enter the user's last name. In the User logon name field, enter the user's logon name which should be the first letter of the user's first name together with their last name. (e.g. jsuarez) Click Next. Select Next. In the Password field, enter asdf1234$. In the Confirm password field, enter asdf1234$. Make sure User must change password at next logon is selected and then click Next. Select Finish to create the object. Repeat steps 3e-3m to create the additional users. Modify user account restrictions for the temporary sales employee. Right-click Borey Chan and select Properties. Select the Account tab. Select Logon hours. From the Logon Hours dialog, select Logon Denied to clear the allowed logon hours. Select the time range of 8:00 a.m. to 5:00 p.m., Monday through Friday. Select Logon Permitted to allow logon. Select OK. Under Account expires, select End of. In the End of field, use the drop-down calendar to select 31 December of the current year. Select OK.

You are the IT administrator for the CorpNet domain. You have decided to use groups to simplify the administration of access control lists. Specifically, you want to create a group containing the department managers. In this lab, your task is to use Active Directory Users and Computers to complete the following actions on the CorpDC server: In the Users container, create a group named Managers. Configure the group as follows: Group scope: Global Group type: Security Make the following users members of the Managers group:

Access Active Directory Users and Computers on the CorpDC server. From Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. From Server Manager's menu bar, select Tools > Active Directory Users and Computers. Maximize the window for better viewing. In the Users container, create a group named Managers. From the left pane, expand and select CorpNet.local > Users. Right-click the Users container and select New > Group. In the Group name field, enter Managers.A pre-Windows 2000 group name is created automatically, but it can be changed. Under Group scope, make sure Global is selected. Under Group type, make sure Security is selected and select OK. Add user accounts to the Managers group. From the left pane, ensure that the Users container is still selected. From the right pane, right-click Managers and select Properties. Select the Members tab. Select Add. In the Enter the object names to select field, enter all the usernames. Use a semicolon to separate each name.Example: Steve Hoffer; Peter Williams; Princess Diana Select Check Names. Select OK to add the users and close the dialog. Select OK to close the Managers Properties dialog.

You are the IT administrator for a corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. You have created an Active Directory structure based on the company's departmental structure. While creating the structure, you added a Workstations OU in each of the departmental OUs. After further thought, you decide to use one Workstations OU for the entire company. As a result, you need to delete the departmental Workstations OUs.

Access the CorpDC server. From Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. Delete the applicable OUs. From Server Manager, select Tools > Active Directory Users and Computers. Select View > Advanced Features. This enables the Advanced feature, allowing you to disable the OU from accidental deletion. From the left pane, expand CorpNet.local > the_parent OU. Right-click the OU that needs to be deleted and then select Properties. Select the Object tab. Clear Protect object from accidental deletion and then select OK. Right-click the OU to be deleted and then click Delete. Click Yes to confirm the OU's deletion. Repeat steps 2c - 2h to delete the remaining OUs. From the Active Directory Users and Computers menu bar, select View > Advanced Features to turn off the Advanced Features view.

You work as the IT administrator for a growing corporate network. The Research and Development Department is working on product enhancements. Last year, some secret product plans were compromised. As a result, the company decided to implement smart cards for logon to every computer in the Research and Development Department. No user should be able to log onto the workstation without using a smart card.

Access the CorpDC server. In Hyper-V Manager, select CORPSERVER. Double-click CorpDC. Enforce the existing Research-DevGPO. From Server Manager, select Tools > Group Policy Management. Maximize the window for better viewing. From the left pane, expand Forest: CorpNet.local > Domains > CorpNet.local > Group Policy Objects. From the left pane, select the Research-DevGPO. From the Scope tab under Links, right-click Research-Dev and then select Enforced. Edit Research-DevGPO polices. From the left pane, right-click Research-DevGPO and then select Edit. Maximize the window for better viewing. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies. Select Security Options. From the right pane, double-click the policy and select Properties. Select Define this policy setting. Select additional parameters to configure the policy setting. Select OK. Repeat steps 3e-3h to configure the additional policy setting.

You are the IT security administrator for a small corporate network that has a single Active Directory domain named CorpNet.local. You are working on increasing the authentication security of the domain.

Access the CorpNet.local Default Domain Policy. From Server Manager, select Tools > Group Policy Management. Maximize the window for better viewing. Expand Forest: CorpNet.local > Domains > CorpNet.local. Edit the Default Domain Policy to configure the Kerberos policy for computer configurations. Right-click Default Domain Policy and then select Edit. Maximize the window for better viewing. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Account Policies. Select Kerberos Policy. From the right pane, double-click the policy you want to edit. Configure the policy setting and then select OK. Repeat steps 2e - 2f for each policy setting.

You are the IT security administrator for a small corporate network. You are working to increase the authentication security of the domain. You need to make sure that only authorized users have administrative rights to all local machines. Local users and groups can be controlled through a GPO linked to the domain.

Access the CorpNet.local domain under Group Policy Management. From Server Manager, select Tools > Group Policy Management. Maximize the windows for better viewing. Expand Forest: CorpNet.local > Domains > CorpNet.local. Create a policy to update the built-in Administrator local group. Right-click Default Domain Policy and select Edit. Maximize the windows for better viewing. Under Computer Configuration, expand Preferences > Control Panel Settings. Right-click Local Users and Groups and select New > Local Group. Using the Group name drop-down, select Administrators (built-in). Select Delete all member users to remove all member users. Select Delete all member groups to remove all member groups. Select Add. In the Name field, enter BUILTIN\Administrator and then select OK. Select Add. In the Name field, enter %DOMAINNAME%\Domain Admins and then select OK. Select OK to save the policy.

You work as the IT security administrator for a small corporate network. You are improving office computers' security by renaming and disabling default computer accounts.

Access the computer's Computer Management tool. Right-click Start and select Computer Management. Under System Tools, expand Local Users and Groups. Select Users. Rename the Administrator account. From the center pane, right-click Administrator and select Rename. Enter Yoda and press Enter. Disable the Guest account. Right-click Guest and select Properties. Select Account is disabled and click OK. Remove Password never expires option if it is selected. Right-click a user and select Properties. Deselect Password never expires (if selected) and then select OK. Repeat step 4 for each user. Delete any unused accounts. Right-click the user that has User must change password at next logon selected and select Delete. Click Yes to confirm deletion of the account.

You are the IT administrator for a small corporate network. You recently added an Active Directory domain on the CorpDC server to manage network resources centrally. Organizational units in the domain represent departments. User and computer accounts are in their respective departmental OUs.

Complete this lab as follows: Access Active Directory Users and Computers on the CorpDC server. From Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. From Server Manager's menu bar, select Tools > Active Directory Users and Computers. Maximize the window for better viewing. From the left pane, expand CorpNet.local. Unlock the Mary Barnes account. From the left pane, select Accounting. Right-click Mary Barnes and select Reset Password. In the New password field, enter asdf1234$. In the Confirm password field, enter asdf1234$. Make sure User must change password at next logon is selected. Make sure Unlock the user's account is selected. Select OK. Select OK to confirm the changed. Disable the Mark Woods account. From the right pane, right-click Mark Woods and select Disable Account. Select OK to confirm the change. Enable Pat Benton's account. From the left pane, select Research-Dev. From the right pane, right-click Pat Benton and select Enable Account. Select OK to confirm the change. Rename the Andrea Simmons account. Right-click Andrea Simmons and select Rename. Enter Andrea Socko and press Enter. This opens the Rename User dialog. In the Last name field, enter Socko. In the User logon name field, replace the old name with asocko. Select OK. Configure user account restrictions. From the left pane, select Support. Press the Ctrl key and then from the right pane, select both the Tom Plask and Janice Rons users to edit multiple users at the same time. Right-click the user accounts and select Properties. Select the Account tab. Select Computer restrictions. Select Log On To. Select The following computers.

You are the IT Administrator for the CorpNet.local domain. You are in the process of implementing a group strategy for your network. You have decided to create global groups as shadow groups for specific departments in your organization. Each global group will contain all users in the corresponding department.

Complete this lab as follows: Access Active Directory Users and Computers on the CorpDC server. From Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. From Server Manager's menu bar, select Tools > Active Directory Users and Computers. Maximize the window for better viewing. From the left pane, expand CorpNet.local. Create the groups. Right-click the OU where the new group is to be added and select New > Group. In the Group name field, enter the name of the group. Make sure the Global Group scope is selected. Make sure the Security Group type is selected. Click OK. Add users to groups. In the right pane, right-click the user account(s) and select Add to a group. (Use the Ctrl or Shift keys to select and add multiple user accounts to a group at one time.) In the Enter the object names to select field, enter the name of the group. Select Check Names and verify that the object name was found. Click OK to accept the groups added. Click OK to acknowledge the change. If a sub-OU with users exist, double-click on the sub-OU and then repeat step 3. Do this for each sub-group. Repeat steps 2 - 3 for additional groups and users.

Brenda Cassini (bcassini) was recently married. You need to update her Linux user account to reflect her new last name of Palmer. You are currently logged in as the root account, so you won't need to use the sudo command to get permissions to perform the required tasks.

Complete this lab as follows: Rename the bpalmer account and move her home directory. From the Favorites bar, select Terminal From the Terminal prompt, type usermod -l bpalmer bcassini -m -c "Brenda Palmer" -d /home/bpalmer and press Enter. Verify account modification. Type cat /etc/passwd and press Enter. Find the line that shows that Brenda's account has been changed. Type ls /home and press Enter to verify that the account was modified.Notice that now, the home directory for Brenda is bpalmer.

Every seven years, your company provides a six-week sabbatical for every employee. Vera Edwards (vedwards), Corey Flynn (cflynn), and Bhumika Kahn (bkahn) are leaving today. Maggie Brown (mbrown), Brenda Cassini (bcassini), and Arturo Espinoza (aespinoza) are just returning. The company security policy mandates that user accounts for employees gone for longer than two weeks be disabled.

Lock the applicable accounts. At the prompt, type usermod -L vedwards or passwd -l vedwards and press Enter. Type usermod -L cflynn or passwd -l cflynn and press Enter. Type usermod -L bkahn or passwd -l bkahn and press Enter. Unlock the applicable accounts. Type usermod -U mbrown or passwd -u mbrown and press Enter. Type usermod -U bcassini or passwd -u bcassini and press Enter. Type usermod -U aespinoza or passwd -u aespinoza and press Enter. Verify your changes by typing cat /etc/shadow and pressing Enter.The inclusion of the exclamation point (!) in the password field indicates whether the account is disabled.

You are the IT administrator for a small corporate network. The company has a single Active Directory domain named CorpNet.xyz. You need to increase the domain's authentication security. You need to make sure that User Account Control (UAC) settings are consistent throughout the domain and in accordance with industry recommendations.

On CorpDC, access the CorpNet.local domain for Group Policy Management. From Hyper-V Manager, select CORPSERVER. Double-click CorpDC. From Server Manager, select Tools > Group Policy Management. Maximize the window for easy viewing. Expand Forest: CorpNet.local > Domains > CorpNet.local. Configure the UAC settings. Right-click Default Domain Policy and select Edit. Maximize the window for easier viewing. Under Computer Configuration, expand and select Policies > Windows Settings > Security Settings > Local Policies > Security Options. From the right pane, double-click the policy you want to edit. Select Define this policy setting. Select Enable or Disable as necessary. Edit the value for the policy as needed and then click OK. Repeat steps 2d-2g for each policy setting.

You have been asked to perform administrative tasks for a computer that is not a member of a domain. To increase security and prevent unauthorized access to the computer, you need to configure specific password and account lockout policies. In this lab, your task is to use the Local Security Policy to configure the following password and account lockout policies:

Using Windows Administrative Tools, access the Local Security Policy. Select Start. Locate and expand Windows Administrative Tools. Select Local Security Policy. Maximize the window for easier viewing. Configure the password policies. From the left pane, expand Account Policies and then select Password Policy. From the center pane, expand the Policy column. Double-click the policy to be configured. Configure the policy settings. Click OK. Repeat steps 2c-2e to configure the additional password policies. Configure the account lockout policies. From the left pane, select Account Lockout Policy. From the center pane, expand the Policy column. Double-click the policy to be configured. Configure the policy settings (if needed, answer any prompts shown). Click OK. Repeat steps 3c-3e to configure the additional lockout policies.

Corey Flynn (cflynn) currently belongs to several groups. Due to some recent restructuring, he no longer needs to be a member of the hr group. To preserve existing group membership, use the usermod -G command to list all groups to which the user must belong. Do not include the primary group name in the list of groups.

View a list of all groups to which Cory Flynn belongs. At the prompt, type groups cflynn and press Enter.Notice that cflynn currently belongs to the mgmt1, hr, and it secondary groups. The cflynn group is the user's primary group. Change and verify Cory Flynn's group membership. Type usermod -G mgmt1,it cflynn and press Enter. Type groups cflynn and press Enter.Cory now only belongs to the mgmt1 and it groups

You are the IT administrator for a small corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. Now you need to create an Active Directory organizational unit (OU) structure based on the company's departmental structure. In this lab, your task is to create the following organizational units (OUs) on the CorpDC server and ensure that each is protected from accidental deletion as follows:

While completing this lab, use the following information: Beneath the CorpNet.local domain, create the following OUs: Accounting Admins Marketing Research-Dev Servers Support Workstations Sales Beneath the Sales OU, create the following OUs: SalesManagers TempSales Complete this lab as follows: Access the CorpDC server. From the left pane of Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. Create the Active Directory organizational units (OUs) beneath the CorpNet.local domain. From Server Manager's menu bar, select Tools > Active Directory Users and Computers. From the left pane, right-click CorpNet.local and then select New > Organizational Unit. Enter the name of the OU to be created. Ensure that Protect container from accidental deletion is selected and then select OK. Repeat steps 2b - 2d until all the required domain OUs are created. Create the OUs within the Sales OU. From the left pane, select CorpNet.local > Sales. From the menu bar, select the Create a new organizational unit in the current container icon. Enter the name of the OU to be created. Ensure that Protect container from accidental deletion is selected and then select OK. Repeat steps 3a - 3d to create the remaining OU.