Security Fundamentals 98-367: Lesson 2

Ace your homework & exams now with Quizwiz!

effective permission

Actual permissions when logging in and accessing a file or folder. They consist of explicit permissions plus any inherited permissions

auditing

Also known as accounting, is the process of keeping track of a user's activity while accessing network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during each session.

accounting

Also known as auditing, is the process of keeping track of a user's activity while accessing network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during each session.

asymmetric encryption

Also known as public key cryptography, uses two mathematically related keys for encryption. One key is used to encrypt the data, while the second is used to decrypt it.

certificate chain

Also known as the certification path, is a list of certificates used to authenticate an entity. It begins with the certificate of the entity and ends with the root CA certificate.

biometrics

An authentication method that identifies and recognizes people based on physical traits, such as fingerprints, face recognition, iris recognition, retinal scans, and voice recognition.

digital certificate

An electronic document that contains an identity, such as a user or organization name, along with a corresponding public key. Because a _____ is used to prove a person's identity, it can also be used for authentication.

owner

An identity that controls an object including what permissions are set on the object and to whom permissions are granted.

domain user

A user account stored on the domain controller and allows you to gain access to resources within the domain, assuming you have been granted permissions to access those objects.

local user account

A user account that is stored in the Security Account Manager (SAM) database on the local computer.

right

A(n) _____ authorizes a user to perform certain actions on a computer.

permission

A(n) _____ defines the type of access over an object or the properties of an object such as an NTFS file or printer.

hash function

Has a one-way encryption, which means that after something has been encrypted with this method, it cannot be decrypted.

The same permissions as the target folder

If you copy a file or folder to a new volume, what permissions will that file or folder have?

SAM

Local user accounts are found in:

explicit permission

Permissions granted directly to a file or folder

inherited permission

Permissions granted to a folder (parent object or container) that flows into child objects (subfolders or files) inside that folder.

NTFS Permission

Permissions that allow you to control which users and groups can gain access to files and folders on an NTFS volume

nonrepudiation

Prevents one party from denying the actions it has carried out.

auditing

To track a user's activities in Windows, you need to enable _____.

symmetric encryption

Uses a single key to encrypt and decrypt data.

Kerberos

What is the primary authentication method used on Microsoft Active Directory?

multifactor authentication

When two or more authentication methods are used to authenticate someone.

ownership

When you cannot access a folder because someone removed the permissions so that no one can access it, you must take _____ of the folder.

Full Control

Which NTFS permission is needed to change attributes and permissions?

PKI

Which infrastructure is used to assign and validate digital certificates?

NTFS

Which of the following file systems offers the best security? -FAT -FAT32 -NTFS -EFS

Password reader

Which of the following is not a biometric device? -Password reader -Retinal scanner -Fingerprint scanner -Face scanner

Encryption

Which of the following is not a method for authentication? -Something the user knows -Something the user owns or possesses -Encryption -Something the user is

RADIUS

Which of the following services is used for centralized authentication, authorization, and accounting? -VPN -PGP -RADIUS -PKI

NTFS folder Active Directory user Registry key

Which of the following uses an ACL? -NTFS folder -Active Directory user -Registry key -Login rights

EFS

Which technology is used to encrypt an individual file on an NTFS volume?

Asymmetric

Which type of key has one key for encryption and a different key for decryption?

Explicit

Which type of permission is granted directly to a file or folder?

domain controller

A Windows server that stores a replica of the account and security information of a domain and defines the domain boundaries.

registry

A central, secure database in which Windows stores all hardware configuration information, software configuration information, and system security policies. Components that use the ____ include the Windows kernel, device drivers, setup programs, hardware profiles, and user profiles.

group

A collection or list of user accounts or computer accounts

organizational units (OU)

A container used in Active Directory to help organize objects within a domain and minimize the number of domains

Secure Sockets Layer (SSL)

A cryptographic system that uses two keys to encrypt data, a public key known to everyone and a private key known only to the recipient of the message. The public key is published in a digital certificate, which also confirms the identity of the web server.

security token

A device that may give you a second password to log in to a system is a(n) _____.

five

By default, your computer clock should not be off more than ____ minutes or you might have problems with Kerberos authentication.

Active Directory

A directory service technology created by Microsoft that provides a variety of network services, including Lightweight Directory Access Protocol (LDAP), Kerberos-based and single sign-on (SSO) authentication, DNS-based naming and other network information and a central location for network administration and delegation of authority.

dictionary attack

A form of attack which attempts all words in one or more dictionaries. Lists of common passwords are also typically tested.

access control list (ACL)

A list of all users and groups that have access to an object.

certificate revocation list (CRL)

A list of certificates (or more specifically, a list of serial number for certificates) that have been revoked or are no longer valid and therefore should not be relied on.

Security Account Manager (SAM)

A local security database found on most Windows computers.

user account

A logical object that enables a user to log on to a computer and domain.

computer account

A logical object that provides a means for authentication and auditing a computer's access to a Windows network, as well as its access to domain resources.

digital signature

A mathematical scheme that is used to demonstrate the authenticity of a digital message or document. It is also used to prove that the message or document has not been modified.

BitLocker To Go

A new feature in Windows 7 that enables users to encrypt removable USB devices, such as flash drives and external hard disks.

security token

A physical device that an authorized computer services user is given to ease authentication.

smart card

A pocket-sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic.

personal identification number (PIN)

A secret numeric password shared between a user and a system that can be used to authenticate the user to the system.

password

A secret series of characters that enables a user to access a particular file, computer, or program

member server

A server that is not running as a domain controller

administrative share

A shared folder typically used for administrative purposes.

Syslog

A standard for logging program messages that can be accessed by devices that would not otherwise have a method for communications.

IP Security (IPsec)

A suite of protocols that provides a mechanism for data integrity, authentication, and privacy for the Internet Protocol. It is used to protect data that is sent between hosts on a network by creating secure electronic tunnels between two machines or devices. ____ can be used for remote access, VPN, server connections, LAN connections, or WAN connections.

public key infrastructure (PKI)

A system consisting of hardware, software, policies, and procedures that create, manage, distribute, use, store, and revoke digital certificates. Within the ____, the certificate authority (CA) binds a public key with respective user identities and issues digital certificates containing the public key.

brute force attack

A type of attack that tries as many possible combinations of characters as time and money permits.

right

Authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up files and directories on a system. User _____ are assigned through local policies or Active Directory group policies.

Key

Can be thought of as a password, is applied mathematically to plain text to provide cipher or encrypted text. Different _____ produce different encrypted output.

permission

Defines the type of access that is granted to an object (an object can be identified with a security identifier) or object attribute

shared folder

Technology that allows access of data files over the network.

single sign-on (SSO)

Technology that allows you to log on once and access multiple related but independent software systems without having to log in again.

virtual private network (VPN)

Technology that links two computers through a wide-area network such as the Internet. To keep the connection secure, the data sent between the two computers is encapsulated and encrypted.

domain controller

The _____ holds a copy of the centralized database used in Active Directory

registry

The centralized database that holds most of the Windows configuration is known as the _____.

NTLM

The default authentication protocol for Windows NT, stand-alone computers that are not part of a domain, and situations in which you are authenticating to a server using an IP address.

Kerberos

The default domain computer network authentication protocol, which allows hosts to prove their identity over a non-secure network in a secure manner.

built-in groups

The default groups that are included within Windows or Active Directory

PDC Emulator

The master time keeper and master for password changes in an Active Directory domain is:

NTFS

The preferred file system for today's Windows operating system

decryption

The process of converting data from encrypted format back to its original form.

encryption

The process of converting data into a format that cannot be read by another user. Once a user has ______ a file, that file automatically remains _____ when it is stored on disk.

authorization

The process of giving individuals access to system objects based on their identity.

authentication

The process of identifying an individual, usually based on a username and a password.

Inherited

_____ permissions flow from a parent object to a child object.

share permissions

permissions assigned to shared folders or drives


Related study sets

Quizlet-Bones of the Arms, hands, leg, ankle and foot

View Set

PRS Inservice- Practice Management

View Set