6.3.5 Section Quiz
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?
Access token When a security principal logs on, an access token is generated. The access token is used to control access to resources and contains the following information: > The security identifier (SID) for the user or computer > The SID for all groups the user or computer is a member of > User rights granted to the security principal When the security principal tries to access a resource or take an action, information in the access token is checked. For example, when a user tries to access a file, the access token is checked for the SID of the user and all groups. The SIDs are then compared to the SIDs in the object's DACL to identify permissions that apply. Account policies in Group Policy control requirements for passwords, such as minimum length and expiration times. Cookies are text files that are stored on a computer to save information about your preferences, browser settings, and web page preferences. Cookies identify you (or your browser) to websites. A proxy is a server that stands between a client and destination servers.
What is the process of controlling access to resources such as computers, files, or printers called?
Authorization Authorization is the process of controlling access to resources such as computers, files, or printers. Mandatory access control (MAC) is an access control system based on classifications of subjects and objects to define and control access. Conditional access is a way to enforce access control while also encouraging users to be productive wherever they are. Authentication is the verification of the issued identification credentials.
Which of the following objects identifies a set of users with similar access needs?
Group A group is an object that identifies a set of users with similar access needs. Microsoft systems have two kinds of groups, distribution groups and security groups. Only security groups can be used for controlling access to objects. A discretionary access control list (DACL) is an implementation of discretionary access control (DAC). A system access control list (SACL) is used by Microsoft for auditing in order to identify past actions performed by users on an object. Permissions define the rights and access users and groups have with objects.
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder.Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
Have Marcus log off and log back in. On a Microsoft system, an access token is only generated during authentication. Changes made to group memberships or user rights do not take effect until the user logs in again and a new access token is created. Use NTFS and share permissions, not Group Policy, to control access to files. In addition, Group Policy is periodically refreshed, and new settings are applied on a regular basis.
Which of the following identifies the type of access that is allowed or denied for an object?
Permissions Permissions define the rights and access users and groups have with objects. Permissions are applied to objects such as files and folders. A discretionary access control list (DACL) is an implementation of discretionary access control (DAC). On a Microsoft system, a user right is a privilege or action that can be taken on a system, such as logging on, shutting down, backing up the system, or modifying the system date and time. A system access control list (SACL) is used by Microsoft for auditing in order to identify past actions performed by users on an object.
Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object?
SACL A system access control list (SACL) is used by Microsoft for auditing in order to identify past actions performed by users on an object. A discretionary access control list (DACL) is an implementation of discretionary access control (DAC). On a Microsoft system, a user right is a privilege or action that can be taken on a system, such as logging on, shutting down, backing up the system, or modifying the system date and time. Permissions define the rights and access users and groups have with objects. Permissions are applied to objects such as files and folders.
Which type of group can be used for controlling access to objects?
Security Only security groups can be used for controlling access to objects. A discretionary access control list (DACL) is an implementation of discretionary access control (DAC). Distribution groups cannot be used for controlling access to objects. Authorization is the process of controlling access to resources such as computers, files, or printers.
Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group.Several days after being promoted, Lori needs to have performance reviews with the team she manages. However, she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system.What is MOST likely preventing her from accessing this system?
She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions. The most likely cause of this problem is that Lori is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions. Allow permissions do not override Deny permissions unless the Allow permission is explicitly assigned and the Deny permission is inherited. It is unlikely that her user object has been assigned an explicit Deny permission to the performance management system since best practice is to assign permissions to groups, not to users.
Which security mechanism uses a unique list that meets the following specifications:> The list is embedded directly in the object itself.> The list defines which subjects have access to certain objects.> The list specifies the level or type of access allowed to certain objects.
User ACL A user ACL (user access control list) is a security mechanism that defines which subjects have access to certain objects and the level or type of access allowed. This security mechanism is unique for each object and embedded directly in the object itself. Mandatory access control (MAC) is an access control system based on classifications of subjects and objects to define and control access. Conditional access is a way to enforce access control while also encouraging users to be productive wherever they are. Hashing is a cryptographic tool that creates an identification code that is employed to detect changes in data.
Which of the following is a privilege or action that can be taken on a system?
User rights On a Microsoft system, a user right is a privilege or action that can be taken on a system, such as logging on, shutting down, backing up the system, or modifying the system date and time. User rights apply to the entire system. A discretionary access control list (DACL) is an implementation of discretionary access control (DAC). Microsoft uses a system access control list (SACL) for auditing in order to identify past actions performed by users on an object. Permissions define the rights and access users and groups have with objects. Permissions are applied to objects such as files and folders.