Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

109 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)
The effective policy is the result of applying all network or domain hosted security policies, then applying the local security policy. True or False?
Auditing can be defined for an object for specific users and groups for one or more individual services or actions. True or False?
What is the first thing the security system looks for when it scans an ACL for an object?
a. A Deny to the object for the requested service, at which point access is immediately denied.
b. Any ACL that provides the requested permission
c. It checks the default, and if access is permitted, it allows the request to proceed.
d. None of the above
What is the primary protocol that Windows 2000 uses for authentication?
b. Secure Sockets Layer
c. Kerberos
d. NetBIOS
Which of the following statements are true about the local computer policy? (choose all that apply)
a. It is used to control aspects of the Windows 2000 security system.
b. It is used to assign user accounts to groups
c. It can be customized by third-party applications
d. It can be superceded by a domain's group policy.
All of Them
What is the special-purpose application invoked by the Windows 2000 attention sequence that serves as the logon process?
a. WinPopup.exe
b. WinLogon.exe
c. Usermgr.exe
d. Explorer.exe
What security feature is added to Windows 2000 specifically to protect TCP/IP communications?
a. Kerberos
b. IPSec
c. strong passwords
d. EFS
What is EFS used to protect?
a. passwords
b. data files
c. group policy
d. communication sessions
If the 2000 Explorer shell is replaced with the Program Manager shell, which of the following side effects will occur? (chose all that apply.
a. no access to the Start menu
b. no taskbar
c. no access to the Task Manager
d. no more DOS command prompt
Only the user who encrypted a file via EFS can access that file later. True or False?
What predefined IPSec policy should you use to employ encryption only when required by a remote system?
a. Client (Respond Only)
b. Server (Request Security)
c. Secure Server (Require Security)
Audit events are recorded in System Log. True or False?
False, should be Security Log
Windows 2000 ___________ access to new objects by default.
Which of the following is a good reason for adding DontDisplyLastUserName to the Windows 2000 Registry? (choose all that apply)
a. to prevent easy discovery of user account names
b. to improve security on a shared machine
c. to reduce burnout on the machine's monitor
d. to force user to provide a valid username in addition to a password to logon
Then Windows 2000 authentication process can be automated by adding default user information and the ____________value to the Registry.
a. DontDisplayLastUsername
b. AutoAdminLogin
c. Legal Notice Caption
d. AutomateLogon
Which of the following is the most likely reason to have a security notice appear when users attempt to log on to a Windows 2000 machine at the National Security Agency?
a. to make sure that outsiders don't try to break into the system
b. to inform unauthorized users that they are subject to legal action if they obtain unauthorized access to the system.
c. to remind valid system users about Acceptable Use Policies
d. none of the above
The default shell process for Windows 2000 is called the:
a. Windows Explorer
b. Program Manager
c. command shell
d. C shell
The _____________ is created by the Windows 2000 security subsystem at logon and identifies the current user to the subsystem.
a. access ID
b. security ID
c. group ID
d. access token
To customize the security structure of your Windows 2000 system, you can change the behavior of the logon process. True or False?
The ______________ key sequence initiates the logon process.
a. Ctrl + Esc
b. Alt + Tab
c. Ctrl + Break
d. Ctrl + Alt + Delete
An access token is required to access any Windows 2000 object. True or False?
The primary unit of execution in the Windows 2000 operating system environment, a ________ may contain one or more execution threads, all associated with a named user account,SID, and access token. _________'es essentially define the container within which individual applications and command execute under Windows 2000.
A security control of Windows 2000 whereby recovery agents for EFS and domain-wide and trusted certificate authorities are defined and configured. These policies can be enforced on a user-by-user basis.
public key policy
The primary unit of execution in the Windows 2000 operating system environment, a ________ may contain one or more execution threads, all associated with a named user account,SID, and access token. _________'es essentially define the container within which individual applications and command execute under Windows 2000.
A mechanism used primarily over HPPT communications to create an encrypted session link through the exchange of certificates and public encryption keys.
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
A unique name that identifies a logged-on user to the security system. ____'s can identify one user or a group of users.
security ID (SID)
The default user process that is launched when a valid account name and password combination is authenticated by the WinLogon process for Windows 2000. The default _____ of Windows 2000 is Windows Explorer. The default ______ process manages the desktop, Start menu, taskbar, and other interface controls. The _____ process defines a logged-on user's run-time environment from the point of authentication, forward, and supplies all spawned processes or commands with its acess token to define their access permissions, until that account logs out.
This entity contains all of the information that defines a user to the Windows 2000 environment.
user account
A file that saves a user's preferences and environmental settings.
user profile
The process used by Windows 2000 to control user authentication and manage the logon process. ________ produces the logon dialog box where username, password, and domain are selected, and it controls automated logon, warning text , the display of the shutdown button, and the display of the last user to log onto the system.
Which of the following determines which user and groups have access to a particular NT object?
a. Security Access Manager
b. local computer policy
c. Event Viewer
d. Group policy
All processes in Windows 2000 require an access token. True or False
A SID is a unique number and is never duplicated. True or False?
Permissions that are changed while the user is actively logged on do not take effect until that user logs on the system again. True or False?
The default Windows 2000 authentication method requires the user to supply valid domain and account names, plus a valid password; however, Windows 2000 permits use of alternate authentication techniques. True or False?
True, Alternates are smartcard,finger prints etc...
An authentication encryption protocol employed by Windows 2000 to protect logon credentials.
A Window 2000 security control feature used to define and regulate security-related features and functions.
local computer policy
The control of user accounts, group memberships, and resource access for a single computer.
local computer security
Part of the act of connecting to or accessing resources from some other member of the domain network. ________ ________ is used to prove that you are a valid member of the domain, that your user account is properly authenticated, and that you have access permissions to perform the requested action.
network authentication
The authentication mechanism used on Windows NT that is retained by Windows 2000 for backward compatibility.
NTLM (NT LAN Manager)authentication
The control of user accounts, group memberships, and resource access for a single computer.
local computer security
Defines the conditions that result in a user account being locked out.
account lockout policy
Defines the events which are recorded in the Security log of the Event Viewer.
audit policy
Th state of a user account which is retained on the system but cannot be used to log on.
An organizational unit used to centralize network users and resources.
A user account which can be used throughout a domain.
domain user account
The cummulative result of the priority application of group policies.
effective policy
A group which exist throughout a domain. A _______ ________ can be created only on a Windows 2000 Server system.
global group
An MMC snap-in that is used to specify desktop settings for group members.
group policy
Named collections of users to which you assign permissions. For example, the administrators __________ contains all users who require administrative access to network resources and user accounts.
A local account created by duplicating the name and password of an existing domain account. An ________ __________ can be used only when the Windows 2000 Professional system is able to communicate with the domain of the original account.
imported user account
A group which exist only on the computer where it was created. A ______ _______ can have users and global groups as members.
local group
A set of specifications and preferences for an individual user stored on a local machine.
local profile
The centralized control mechanism which governs password, account lockout, audit, user rights, security options, public key, and IP security.
local Security Policy
A user account that exists on a single computer.
local user account
The state of a user account that is disabled because of repeated failed logon attempts.
locked out
The requirement to provide a name and password to gain access to the computer.
logon authentication
A code script that can map drive letters, launch applications, or perform other command-line operations each time the system boots.
logon script
A user profile which does not retain changes after the user logs out. __________ ________ are used to maintain a common desktop environment for users.
mandatory profile
An operating system which maintains separate and distinct user accounts for each person.
multiple-user system
A standardized regular method of creating names for objects, users, computers, groups, etc...
naming convention
A container object that is an administrative partition of the Active Directory. ____'s can contain users, groups,resources, and other _____'s. ____'s enable the delegation of administration to distinct subtrees of the directory.
OU-Organizational unit
all blanks is same answer.
Defines the restrictions on passwords
password policy
A set of configuration options that defines aspects of Windows 2000 security.
Any useful service or object on a network. This includes printers, shared directories, and software applications. A _________ can be accessible by everyone across the network or by only one person on a single machine, and at any level in between.
Defines and control various security features, functions, and controls of the Windows 2000 environment.
Security options
A named security element used by a computer system to identify individuals and to record activity,control access, and retain settings.
user account
Defines which groups or users can perform the specific privileged action.
User Rights Policy
A collection of user-specific settings that retain the state of the desktop,start menu, color scheme, and other environmental aspects across logons. By default, _________ _______ are stored in system partition root\Documents and Settings\<username>where username is the name of the user to whom the profile applies.
user profile or profile
What types of user accounts can Windows 2000 Professional create and manage? (choose all that apply)
a. local
b. domain
c. imported
d. global
a, c
What types of user accounts can be used on a Windows 2000 Professional system? (choose all that apply)
a. local
b. domain
c. imported
d. global
all of them
When not connected to a network, what types of user accounts can be employed on a Windows 2000 Professional system?
a. local
b. domain
c. imported
d. global
A multi user system is an operating system that allows more than one user account to log on to a single workstation simultaneously. True or False
Which of the following are true of groups? (choose all that apply)
a. Several default groups are built into Windows 2000.
b. Groups are named collections of users.
c. The system groups can be deleted through the Local Users and Groups tool.
d. Groups used to simplify the assigment of permission.
Why does Windows 2000 require logon authentication? (Choose all that apply)
a. to prevent the spread of viruses
b. to track computer usage by user account
c. to maintain security
d. to promote a naming scheme
Which of the following are true for both the Administrator account and the Guest account? (Choose all that apply)
a. cannot be deleted
b. can be locked out
c. cannot be disabled
d. can be renamed
When logged in under the Guest account, a user has the same access as another members of what group?
a. Authenticated Users
b. Users
c. Power Users
d. Everyone
Through what interface are imported user accounts managed?
a. User Manager for Domains
b. Users and Passwords
c. Local Users and Groups
d. Active Directory Users and Computers
Which of the following are true of imported users? (choose all that apply)
a. can be a member of only a single group
b. you can change their password
c. exist only when their domain of origin is present online
d. are used to grant domain users access to the local resources
When creating a new user via the Users and Passwords applet, the Restricted user selection makes the new user a member of what group?
a. Guests
b. power Users
c. Users
d. Backup Operators
To configure more than one group membership for a local user account requires the use of the Users and Passwords applet. True or False
When the control item under Secure boot on the Advanced tab of the Users and Passwords applet is selected, not only is Ctrl+Alt+Delete required, but the last user account to successfully log on will be automatically reused to log on to the system. True or False
You create several new user accounts. You tell everyone they need to log on and change their password to something other than the dummy "password" you entered to creat the account. In the past most users forget or refuse to change the password. What setting can you use to force them to make the change?
a. user cannot change password
b. user must change password at next logon
c. password never expires
d. account is disabled
On Windows 2000 Professional client, what types of profiles can be used (Choose all that apply)
a. Local
b. Roaming
c. Mandatory
d. Dynamic
User profiles are stored by default in a subdirectory named after the user account in what default directory on a Windows 2000 Professional system?
a. \Winnt\Profiles
b. \Users
c. \Profiles
d. \Documents and Settings
The user account Properties dialog box from the Local Users and Groups tool can be used to change the password. True or False
The user tools of Windows 2000 Professional can create and manage both local and global groups. True or False?
Local groups can have global groups as members. True or False
Which of the following groups are not configurable? (Choose all that apply)
a. Administrators
b. Interactive
c. Backup Operators
d. Creator Owner
e. Authenticated Users
What makes a profile mandatory?
a. check box setting via the user account's Properties dialog box
b. storing it locally
c. renaming a file with the extension .man
d. not connecting to a network
Everything within the Windows 2000 operating environment is an ________ . ________'s include files, folders,shares,printers, and processes.
both blanks are same thing
The local security policy is a collection of what individual policies? (choose all that apply)
a. Password
b. Account lockout
c. Audit
d. User rights
e. Security options
f. Public Key
g. IP security
All of them
To prevent malicious users from breaking into your computer system by repeatedly trying to guess a password, what built-in security tool can you use?
a. Password policy
b. IP security
c. Lockout
d. Encryption
What control element in Windows 2000 is used to assign specific privileged action to users and groups?
a. Auditing
b. user rights
c. Profiles
d. Security options
A list of security identifiers that are contained by a resource object. Only those processes with the appropriate access token can activate the service of the object.
ACL-access control list
Objects containing the security identifier of an active process. These tokens determine the security context of the process.
access token
The database that contains information about a domain's user accounts, group memberships, group policies, and access controls for resources.
Active Directory
The process of tracking events by recording selected types of events in the Security Log.
The process of validating a user's credentials to allow access to certain resources.
An electronic identity verification mechanism. _________ are assigned to a client or server by a __________authority. When communication begins, each side of the transmission can decide to either trust the other party based on its _________ and continue with the communication or not to trust the other party and terminate communications.
certificates, certificate
A collection of computers with centrally managed security and activities.
A specified computer role of a Windows 2000 Server that authenticates domain logons and maintains the security policies and the account database for a domain.
domain controller
The control of user accounts, group memberships and resource access for all members of a network instead of for only a single computer.
domain security
A unique string of characters that must be provided before a logon or an access is authorized. _________'s are a security measure used to restrict initial access to Windows 2000 resources.
A security feature of NTFS under Windows 2000 that allows files, folders, or entire drives to be encrypted. Once encrypted, only the user account that enabled the encryption has the proper private key to decrypt and access the secured objects
encrypting file system (EFS)
Any significant occurrence in the system or in an application that requires users to be notified or a log entry to be added. Types of events include audits, driver failures, using logons, process launchings, and system shutdowns.
The utility which maintains logs about application, security, and system events on your computer, and enables you to view and manage the event logs, gather information about hardware and software problems, and monitor Windows 2000 security events.
Event Viewer
The process of extablishing a valid account identity on a Windows 2000 machine by supplying a correct and working domain name (if necessary) and an account name.
An encrypted communication mechanism used by TCP/IP to create protected communication sessions. ______ is a suite of cryptography-based protection services and security protocols.
IPSec-IP Security