Chapter 12.1 Best Practices
Which security practice is an example of the Principle of Least Privilege?
All users on a Windows workstation are limited users except for one user who is responsible for maintaining the system.
One of the Windows workstations you manage has four user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. The fourth account is the Guest user account, which has been enabled to allows management employees convenient workstation access. Each limited and administrative user has been assigned a strong password. File and folder permissions have been disabled on the system. What should you do to increase the security of this system?
Disable the Guest account.
Your client has hired you to evaluate their wired network security posture. As you tour their facility, you note the following: -Server systems are kept in a locked server room. -User accounts on desktop systems have strong passwords assigned. -A locked door is used to control access to the work area. Users must use ID badges to enter the area. -Users connect their personal mobile devices to their computers using USB cables. -Users work in three 8-hour shifts per day. Each computer is shared by three users. Each has a limited account on the computer they use. Based on this information, what should you recommend your client do to increase security?
Disable the USB ports on user's workstations.
Which of the following actions directly improves system security on Windows systems?
Enable the Windows firewall. Install anti-malware software.
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. What else could you do to increase the security of this system?
Install a privacy filter on the monitor. Secure the system to the desk with a cable lock.
Match each security policy on the left with the appropriate description on the right. Each security policy may be used once, more than once, or not at all.
Provides a high-level overview of the organization's security program. -- Organizational Security Policy Defines an employee's rights to use company property. -- Acceptable Use Policy Identifies the requirements for credentials used to authenticate to company-owned systems. -- Password Policy Identifies a set of rules or standards that define personal behaviors. -- Code of Ethics Sets expectations for user privacy when using company resources. -- Acceptable Use Policy Specifies that user accounts should be locked after certain number of failed logins attempts. -- Password Policy
One of the Windows workstations you manage has three user accounts defined on it. Two of the users are limited users while the third (you account) is an administrative user. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. What else could you do to increase the security of this system?
Set a screensaver password. Disable autorun on the system.
Which are examples of a strong password?
TuxP3nguinsRn0V3l. il0ve2EatIceCr3am.
