OSS Quiz 4 Ch.10-11

recording user's actions

Auditing is used for which of the following purposes? -authenticating users -authorizing users -recording user's actions -assessing a user's permissions

to verify a user's identity

Authentication is used for which of the following purposes? -to grant access to a user -to verify a user's identity -to determine security restrictions -to calculate effective permissions

to grant access to a user

Authorization is used for which of the following purposes? -to grant access to a user -to verify a user's identity -to determine security restrictions -to calculate effective permissions

in Security logs in Event Viewer

In which of the following locations can you view audit events? -in the C:\Temp\Logs folder as text files -in System logs in Event Viewer -in Security logs in Event Viewer -by using audit /logs at the command line

Registry objects, files, folders, and printers

On which types of objects can you enable object auditing?

1. Server Manager->Tools->Group Policy Management. 2. Expand the Domain Controllers to show the Default Domain Controllers Policy. 3. Right-click the Default Domain Control Default Policy and click Edit. 4. Expand Computer Configuration, Windows Settings, Security Settings, Local Policies, and select Audit Policy. 5. Double-click Audit account logon events. 6. Select Define these policy settings and select both Success and Failure.

Specify the correct order of steps necessary to audit account logon. -Double-click Audit account logon events. -Expand Computer Configuration, Windows Settings, Security Settings, Local Policies, and select Audit Policy. -Select Define these policy settings and select both Success and Failure. -Right-click the Default Domain Control Default Policy and click Edit. -Expand the Domain Controllers to show the Default Domain Controllers Policy. -Server Manager->Tools->Group Policy Management.

1. Choose Server Manager > Tools > Group Policy Management. 2. In the console tree, right-click a group policy object, and then click Edit. 3. Double-click Computer Configuration, double-click Security Settings, double-click Advanced Audit Policy Configuration, and double-click Object Access. 4. Double-click Audit Removable Storage. 5. Select the Configure the following audit events check box, select the Success check box, and then click OK.

Specify the correct order of steps necessary to configure monitoring of removable storage devices. -In the console tree, right-click a group policy object, and then click Edit. -Select the Configure the following audit events check box, select the Success check box, and then click OK. -Choose Server Manager > Tools > Group Policy Management. -Double-click Computer Configuration, double-click Security Settings, double-click Advanced Audit Policy Configuration, and double-click Object Access. -Double-click Audit Removable Storage.

1. Install the LAPS program by executing the LAPS msi file on a domain controller. 2. Execute the Udpate-AdmPwdADSchema cmdlet. 3. Specify the computers that can be managed by LAPS. 4. Configure the LAPS GPO.

Specify the correct order of steps necessary to install and use LAPS. -Specify the computers that can be managed by LAPS. -Configure the LAPS GPO. -Install the LAPS program by executing the LAPS msi file on a domain controller. -Execute the Udpate-AdmPwdADSchema cmdlet.

1. Choose Control Panel > View devices and printers. 2. Right-click and select Printer properties. 3. On the Security tab, click Advanced. 4. Select the Auditing tab. 5. Click the Add button to open the Auditing Entry for Microsoft XPS Document Writer dialog box. 6. To specify a user or group, click Select a principal. 7. For Type, select Success, Fail, or All.

Specify the correct order of steps necessary to setting up Printer Event Auditing. -Right-click and select Printer properties. -On the Security tab, click Advanced. -To specify a user or group, click Select a principal. -Select the Auditing tab. -For Type, select Success, Fail, or All. -Click the Add button to open the Auditing Entry for Microsoft XPS Document Writer dialog box. -Choose Control Panel > View devices and printers.

Enable the object in the Group Policy Editor and then specify the audit objects.

What are the two steps to auditing NTFS files, NTFS folders, and printers?

Run as administrator

When you want to run a program with elevated or administrative privileges, you can right-click the program's link and select which shortcut menu item? -Run as administrator -Run with permission -Run elevated -Run protected

Global Object Access Auditing

Which auditing feature allows you to define computer-wide system access control lists for the file system or the registry? -Global Object Access Auditing -Filereg Auditing -Registry Trail Auditing -System Tracker Auditing snap-in

-AuditPol.exe

Which command is used to manage auditing at the command prompt? -Audit.exe -AdPolicy.exe -AuditPol.exe -Policy.exe

-You must update the Active Directory schema with the Update-AdmPwdADSchema cmdlet -You must use PowerShell 2.0 or newer -You must use .NET Framework 4.0

Which of the following are requirements for LAPS? (Choose all that apply) -You must update the Active Directory schema with the Update-AdmPwdADSchema cmdlet -You must use PowerShell 2.0 or newer -You must use Windows Server 2000 domain functional level -You must use .NET Framework 4.0

right

Which of the following are special privileges that allow a user to perform specific system tasks, such as backing up files and directories and logging in to a system? -permission -right -checksum -customization

To focus on important audit items

Which of the following best describes the purpose of implementing new audit subsettings? -To fill up Event Logs even faster than before -To build intricate audit trails for regulatory compliance -To audit every possible user process -To focus on important audit items

Audit policies might cause conflicts or erratic behavior.

Which of the following best describes why you should avoid using basic audit policy settings and advanced audit policy settings together? -That amount of auditing will fill up Event Logs too quickly. -The two audit setting ranges have too much redundancy or overlap between them. -Setting too many policies can put your system in an "out of compliance" state. -Audit policies might cause conflicts or erratic behavior.

Searching through too many events makes finding problems more difficult.

Which of the following best describes why you should set up auditing for only those objects that you really need to focus on? -Object auditing is complex and requires a lot of time to set up. -Searching through too many events makes finding problems more difficult. -By enabling object auditing, you also enable many other events. -Auditing too many events adds an extra layer of complexity to management tasks.

Removable Storage Access

Which of the following enables you to track, limit, or deny a user's ability to use removable storage devices such as USB drives in Windows Server 2016? -USB Storage Access -Removable Storage Access -Removable Device Access -Storage Device Audit

Group Policies

Which of the following is used to assign user rights? -Active Directory Users and Computers -Active Directory Sites and Services -Registry Editor -Group Policies

-Use BitLocker -Use Device Guard and AppLocker policies -Enable Credential Guard

Which of the following is used to lock down Privileged Access Workstations? (Choose all answers that apply) -Use BitLocker -Access only SSL protected websites on the Internet -Use Device Guard and AppLocker policies -Enable Credential Guard

Using Windows Defender Credential Guard

Which of the following protects the credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that is requesting the connection? -Defining the Remote Desktop Credentials security property -Defining the accounts in the Remote Desktop Connection user right -Enabling LAPS -Using Windows Defender Credential Guard

Local Administrator Password Solutions

Which of the following provides a central repository for local administrator passwords for domain-member machines? -Local Administrator Password Solutions -Just-Enough Administration -Just-in-time Administration -Enhanced Security Administrative Environment

Privileged Access Workstations

Which of the following provides a system that is locked down and protected from various attacks and threats and is used for sensitive administrative tasks? -Windows Credential Guard -Privileged Access Workstations -Least Privileged Administrator -Just-Enough Administration

Principle of Least Privilege

Which of the following requires that a user, system, or application be given no more privilege than necessary to perform its function or job? -Separation of duties -DREAD -Defense in depth -Principle of Least Privilege

GPOs

Which technology or mechanism is used to assign user rights?

Group Policy Editor

Which utility is used to access advanced audit policy settings? -Local Policy Editor -Group Policy Editor -Domain Policy Editor -Schema Policy Editor

High levels of auditing can affect system performance.

Why is it better to choose what to audit rather than audit everything that a user does? -High levels of auditing can affect system performance. -Auditing sets up an air of suspicion for users. -Extensive audit trails often lead to too much troubleshooting. -Auditing requires a high level of expertise to set up and maintain.

It bypasses the domain password policy

Why should the Password Never Expires option not be used?

By using a separate system for sensitive administrative tasks, you help protect the organization against a wide range of attacks, including phishing attacks, application and OS vulnerabilities, various impersonation attacks, and credential theft attacks.

Why should you use a separate system for sensitive administrative tasks?