CNIT 242 Exam 1
According to the lecture, _________ days is typically the optimal duration between password changes.
90
Which of the following is/are problematic when using roaming profiles?
A & B (- Login and logout times can be significantly extended - Files and settings are left behind on every computer the user has logged into)
Which of the following best explains a domain that uses only local profiles:
A & D (- Each user will have a completely separate profile on each computer - Logging into a new computer will create a new local profile for the user on that machine)
Which of the following is not contained in a user profile?
All of these are in a user profile ((My) Documents, Favorites, Desktop and Application Settings, Application Settings, and Desktop)
Your PC can communicate with a web server using the IP address (i.e. 157.166.255.236), but not through fully qualified domain name (FQDN, i.e. www.ncaa.com). What might be wrong? A) The web server is malfunctioning B) The configured DNS Server of the PC is malfunctioning C) Your PC is misconfigured to use a non-existing DNS server. D) B & C E) All of the above could be the reason for the problem
Answer: -D) B & C Correct - The DNS server you are querying is nonexistent, malfunctioning, or misconfigured. Other issues could include network connectivity between the DNS server and the authoritative server, or an issue with an intermediate or authoritative server
T/F: The best approach to implementing group policy is to create/modify one policy per OU that contains all of the applicable settings.
Answer: -F The best approach is to create separate policies for each setting and link them to applicable OUs. This creates a single point of administration for each policy. By making a change to the policy it will affect all OUs linked to the policy.
T/F: Special Characters, such as ?*"\ can be used in NetBios Name.
Answer: -F \/:*?";|+˽Cannot be used in a NETBIOS name
GPO settings are set to which of the following by default? Not Configured Enabled Disabled Enforced
Answer: -Not configured All GPO entries are set to "not configured" by default.
T/F: A computer's NetBIOS name and DNS hostname are independent. However, they should be set to the same value.
Answer: -T A computer's NetBIOS name and DNS hostname should be set to the same value.
T/F: Windows Active Directory can work with most DNS servers as long as they support dynamic updates.
Answer: -T As long as a DNS server includes dynamic update capability it can be used with Active Directory.
T/F: By default, if an eabled GPO setting in the parent OU conflicts with an enabled GPO setting in the child OU, the GPO setting in the child OU wins.
Answer: -T The GPOs are applied in order from the root to the object. If both the parent OU and child OU have a setting applied, the parent setting with be applied, then the child setting will be applied. If effect, the child setting would "win" in this scenario.
T/F: DNS, as currently deployed, has no formal security included.
Answer: -T There is no authentication, authorization, non-repudiation, or encryption in DNS.
What are the two components (items to which the policy can effect) to a Group Policy Object (GPO)?
Answer: -user -computer
Which of the following is not a way in which an administrator can control group policy inheritance: a.) Inheritance can be blocked for a GPO - forcing a child GPO to apply regardless of conflict b.) Inheritance can be forced to override lower level GPOs - forcing a parent GPO to apply regardless of conflict c.) Inheritance can be disabled domain-wide d.) All of these are ways in which an administrator can control group policy inheritance
Answer: Inheritance can be disabled domain-wide. Inheritance can be blocked or forced, but not disabled throughout the domain
Your PC can communicate with a web server using the IP address (i.e. 157.166.255.236), but not through fully qualified domain name (FQDN, i.e. www.ncaa.com). What might be wrong?
B & D (- The configured DNS Server of the PC is malfunctioning - Your PC is misconfigured to use a non-existing DNS server)
Which of the following is not a reason to implement directory services rather than relying on individual machine accounts?
Enable two-factor authentication
Access Control Lists provide one method of authentication. (T or F)
False
An advantage of Folder Redirection is that users can access their files even if they aren't connected to the network. (T or F)
False
Authentication is the process of determining what users should be able to do. (T or F)
False
Following best practices can enable you to create a perfectly secure system. (T or F)
False
In an enterprise environment, it is best to assign permissions to individual users. (T or F)
False
RADIUS is typically only used for authentication to network equipment for configuration purposes and terminal access. (T or F)
False
Special Characters, such as ?*"\ can be used in NetBios Name. (T or F)
False
The best approach to implementing group policy is to create/modify one policy per OU that contains all of the applicable settings. (T or F)
False
The two basic parts of authentication are usernames and passwords. (T or F)
False
To ensure that your machine stays free of viruses you can run multiple anti-virus solutions concurrently. (T or F)
False
You can install Active Directory on a Windows Server without having an existing DNS Server or installing a new DNS server. (T or F)
False
Malware that steals data passwords is known as:
Spyware
The order of scale, from smallest to largest, in an Active Directory is:
Subnet, site, domain, forest
The tool used to rename a domain is:
There is no tool to rename a domain
A computer's NetBIOS name and DNS hostname are independent. However, they should be set to the same value. (T or F)
True
By default, if an enabled GPO setting in the parent OU conflicts with an enabled GPO setting in the child OU, the GPO setting in the child OU wins. (T or F)
True
DNS, as currently deployed, has no formal security included. (T or F)
True
In Windows, an explicit allow cannot override an inherited deny. (T or F)
True
Non-repudiation ensures that the source of data is known and verified. (T or F)
True
Read, write and execute are examples of the file system permissions. (T or F)
True
The Kerberos protocol operates using a 6-step process. Steps 3 and 4 involve communication with a Ticket Granting Server. (T or F)
True
The number one rule of passwords is: Do not write them down. (T or F)
True
Windows Active Directory can work with most DNS servers as long as they support dynamic update. (T or F)
True
The best way to resolve the issue of profile version differences (such as XP and Vista+) is to:
Use folder redirection
The four parts of the basic security model from lectures are:
authentication, authorization, non-repudiation, encryption
A hardware device that filters packets based on traffic source, destination, and type is a
firewall
An attack against a person designed to get them to give up information, usually perpetrated through e-mail, is known as a
phishing
Unwanted e-mail regardless of content is known as:
spam
What are the two components (items to which the policy can effect) to a Group Policy Object (GPO)?
user, computer
Malware that propagates without user intervention by exploiting vulnerabilities in network services is called a(n):
worm
GPO settings are set to which of the following by default?
Not Configured
Malware that integrates with the system kernel and actively attempts to avoid being discovered is known as a(n):
Rootkit
Which of the following is not a way in which an administer can control group policy inheritance:
Inheritance can be disabled domain-wide
Active Directory supports this ISO standard for directory access:
LDAP
