6.6 Hardening Authentication
You have just configured the password policy and set the minimum password age to 10. What is the effect of this configuration? - Users must change the password at least every 10 days. - The password must contain 10 or more characters. - The previous 10 passwords cannot be reused. - Users cannot change the password for 10 days. - The password must be entered within 10 minutes of the login prompt being displayed.
Users cannot change the password for 10 days.
Multifactor authentication
Using more than one method to authenticate users.
Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company's customer database. Which action should you take? (Select two. Each response is part of a complete solution.) - Implement a Group Policy Object (GPO) that implements time-of-day login restrictions. - Delete the account that the sales employees are currently using. - Apply the Group Policy Object (GPO) to the container where the sales user accounts reside. - Train sales employees to use their own user accounts to update the customer database. - Implement a Group Policy Object (GPO) that restricts simultaneous logins to one.
- Delete the account that the sales employees are currently using. - Train sales employees to use their own user accounts to update the customer database.
Match each smart card attack on the left with the appropriate description on the right. - Software attacks - Eavesdropping - Fault generation - Microprobing
- Exploits vulnerabilities in a card's protocols or encryption methods - Captures transmission data produced by a card as it is used - Deliberately induces malfunctions in a card - Accesses the chip's surface directly to observe, manipulate, and interfere with a circuit
You are configuring the Local Security Policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again. Which policies should you configure? (Select two.) - Password must meet complexity requirements - Minimum password age - Enforce password history - Maximum password age
- Minimum password age - Enforce password history
Identify the characteristics that typically define a complex password.
Cannot contain the user's account name or parts of the user's full name that exceed two consecutive characters Must be at least six characters in length Must contain characters from three of the following four categories: - English uppercase characters (A through Z) - English lowercase characters (a through z) - Base-10 digits (0 through 9) - Non-alphabetic characters (for example, !, $, #, or %)
For users on your network, you want to automatically lock user accounts if four incorrect passwords are used within ten minutes. What should you do? - Configure the enable/disable feature in user accounts - Configure account expiration in user accounts - Configure password policies in Group Policy - Configure account lockout policies in Group Policy - Configure day/time restrictions in user accounts
Configure account lockout policies in Group Policy
You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days. What should you do? - Configure account policies in Group Policy - Configure expiration settings in user accounts - Configure account lockout policies in Group Policy - Configure day/time settings in user accounts
Configure account policies in Group Policy
You have hired ten new temporary employees to be with the company for three months. How can you make sure that these users can only log on during regular business hours? - Configure day/time restrictions in user accounts - Configure account lockout in Group Policy - Configure account expiration in user accounts - Configure account policies in Group Policy
Configure day/time restrictions in user accounts
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, which is a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer, and he would like his account to have even more strict password policies than are required for other members in the Directors OU. What should you do? - Create a granular password policy for Matt. Apply the new policy directly to Matt's user account. - Create a granular password policy for Matt. Create a new group, make Matt a member of the group, and then apply the new policy directly to the new group. Make sure the new policy has a higher precedence value than the value for the existing policy. - Create a granular password policy for Matt. Apply the new policy directly to Matt's user account. Remove Matt from the DirectorsGG group. - Edit the existing password policy. Define exceptions for the required settings. Apply the exceptions to Matt's user account.
Create a granular password policy for Matt. Apply the new policy directly to Matt's user account.
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. Which of the following actions should you take? - Create a GPO linked to the Directors OU. Configure the password policy in the new GPO. - Go to Active Directory Users and Computers. Select all user accounts in the Directors OU, and then edit the user account properties to require the longer password. - Create a new domain. Move the contents of the Directors OU to the new domain and then configure the necessary password policy on the domain. - Implement a granular password policy for the users in the Directors OU.
Implement a granular password policy for the users in the Directors OU.
What are the advantages of a self-service password reset management system?
People do not have to bother you when they get locked out.
What is a drawback to account lockout for failed password attempts?
People have to wait to login or bother you to help them change it.
Smart cards
Similar in appearance to credit cards, smart cards have an embedded memory chip that contains encrypted authentication information. These cards are used for authentication.
You are teaching new users about security and passwords. Which of the following is the BEST example of a secure password? - 8181952 - JoHnSmITh - T1a73gZ9! - Stiles_2031
T1a73gZ9!
Microprobing
The process of accessing a smart cards chip surface directly to observe, manipulate, and interfere with the circuit.
Radio frequency identification(RFID)
The wireless, non-contact use of radio frequency waves to transfer data.
What does the minimum password age setting prevent?
This means that people can't immediately change their password back.