Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
109 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
The effective policy is the result of applying all network or domain hosted security policies, then applying the local security policy. True or False?
|
False
|
|
|
|
Auditing can be defined for an object for specific users and groups for one or more individual services or actions. True or False?
|
true
|
|
|
|
What is the first thing the security system looks for when it scans an ACL for an object?
a. A Deny to the object for the requested service, at which point access is immediately denied. b. Any ACL that provides the requested permission c. It checks the default, and if access is permitted, it allows the request to proceed. d. None of the above |
A
|
|
|
|
What is the primary protocol that Windows 2000 uses for authentication?
a. NTLM b. Secure Sockets Layer c. Kerberos d. NetBIOS |
C
|
|
|
|
Which of the following statements are true about the local computer policy? (choose all that apply)
a. It is used to control aspects of the Windows 2000 security system. b. It is used to assign user accounts to groups c. It can be customized by third-party applications d. It can be superceded by a domain's group policy. |
All of Them
|
|
|
|
What is the special-purpose application invoked by the Windows 2000 attention sequence that serves as the logon process?
a. WinPopup.exe b. WinLogon.exe c. Usermgr.exe d. Explorer.exe |
B
|
|
|
|
What security feature is added to Windows 2000 specifically to protect TCP/IP communications?
a. Kerberos b. IPSec c. strong passwords d. EFS |
B
|
|
|
|
What is EFS used to protect?
a. passwords b. data files c. group policy d. communication sessions |
B
|
|
|
|
If the 2000 Explorer shell is replaced with the Program Manager shell, which of the following side effects will occur? (chose all that apply.
a. no access to the Start menu b. no taskbar c. no access to the Task Manager d. no more DOS command prompt |
A,B
|
|
|
|
Only the user who encrypted a file via EFS can access that file later. True or False?
|
False
|
|
|
|
What predefined IPSec policy should you use to employ encryption only when required by a remote system?
a. Client (Respond Only) b. Server (Request Security) c. Secure Server (Require Security) |
A
|
|
|
|
Audit events are recorded in System Log. True or False?
|
False, should be Security Log
|
|
|
|
Windows 2000 ___________ access to new objects by default.
a.restricts b.allows |
B
|
|
|
|
Which of the following is a good reason for adding DontDisplyLastUserName to the Windows 2000 Registry? (choose all that apply)
a. to prevent easy discovery of user account names b. to improve security on a shared machine c. to reduce burnout on the machine's monitor d. to force user to provide a valid username in addition to a password to logon |
A,B,D
|
|
|
|
Then Windows 2000 authentication process can be automated by adding default user information and the ____________value to the Registry.
a. DontDisplayLastUsername b. AutoAdminLogin c. Legal Notice Caption d. AutomateLogon |
B
|
|
|
|
Which of the following is the most likely reason to have a security notice appear when users attempt to log on to a Windows 2000 machine at the National Security Agency?
a. to make sure that outsiders don't try to break into the system b. to inform unauthorized users that they are subject to legal action if they obtain unauthorized access to the system. c. to remind valid system users about Acceptable Use Policies d. none of the above |
B
|
|
|
|
The default shell process for Windows 2000 is called the:
a. Windows Explorer b. Program Manager c. command shell d. C shell |
A
|
|
|
|
The _____________ is created by the Windows 2000 security subsystem at logon and identifies the current user to the subsystem.
a. access ID b. security ID c. group ID d. access token |
D
|
|
|
|
To customize the security structure of your Windows 2000 system, you can change the behavior of the logon process. True or False?
|
True
|
|
|
|
The ______________ key sequence initiates the logon process.
a. Ctrl + Esc b. Alt + Tab c. Ctrl + Break d. Ctrl + Alt + Delete |
D
|
|
|
|
An access token is required to access any Windows 2000 object. True or False?
|
True
|
|
|
|
The primary unit of execution in the Windows 2000 operating system environment, a ________ may contain one or more execution threads, all associated with a named user account,SID, and access token. _________'es essentially define the container within which individual applications and command execute under Windows 2000.
|
process
|
|
|
|
A security control of Windows 2000 whereby recovery agents for EFS and domain-wide and trusted certificate authorities are defined and configured. These policies can be enforced on a user-by-user basis.
|
public key policy
|
|
|
|
The primary unit of execution in the Windows 2000 operating system environment, a ________ may contain one or more execution threads, all associated with a named user account,SID, and access token. _________'es essentially define the container within which individual applications and command execute under Windows 2000.
|
process
|
|
|
|
A mechanism used primarily over HPPT communications to create an encrypted session link through the exchange of certificates and public encryption keys.
|
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
|
|
|
|
A unique name that identifies a logged-on user to the security system. ____'s can identify one user or a group of users.
|
security ID (SID)
|
|
|
|
The default user process that is launched when a valid account name and password combination is authenticated by the WinLogon process for Windows 2000. The default _____ of Windows 2000 is Windows Explorer. The default ______ process manages the desktop, Start menu, taskbar, and other interface controls. The _____ process defines a logged-on user's run-time environment from the point of authentication, forward, and supplies all spawned processes or commands with its acess token to define their access permissions, until that account logs out.
|
shell
|
|
|
|
This entity contains all of the information that defines a user to the Windows 2000 environment.
|
user account
|
|
|
|
A file that saves a user's preferences and environmental settings.
|
user profile
|
|
|
|
The process used by Windows 2000 to control user authentication and manage the logon process. ________ produces the logon dialog box where username, password, and domain are selected, and it controls automated logon, warning text , the display of the shutdown button, and the display of the last user to log onto the system.
|
WinLogon
|
|
|
|
Which of the following determines which user and groups have access to a particular NT object?
a. Security Access Manager b. local computer policy c. Event Viewer d. Group policy |
A
|
|
|
|
All processes in Windows 2000 require an access token. True or False
|
True
|
|
|
|
A SID is a unique number and is never duplicated. True or False?
|
True
|
|
|
|
Permissions that are changed while the user is actively logged on do not take effect until that user logs on the system again. True or False?
|
True
|
|
|
|
The default Windows 2000 authentication method requires the user to supply valid domain and account names, plus a valid password; however, Windows 2000 permits use of alternate authentication techniques. True or False?
|
True, Alternates are smartcard,finger prints etc...
|
|
|
|
An authentication encryption protocol employed by Windows 2000 to protect logon credentials.
|
Kerberos
|
|
|
|
A Window 2000 security control feature used to define and regulate security-related features and functions.
|
local computer policy
|
|
|
|
The control of user accounts, group memberships, and resource access for a single computer.
|
local computer security
|
|
|
|
Part of the act of connecting to or accessing resources from some other member of the domain network. ________ ________ is used to prove that you are a valid member of the domain, that your user account is properly authenticated, and that you have access permissions to perform the requested action.
|
network authentication
|
|
|
|
The authentication mechanism used on Windows NT that is retained by Windows 2000 for backward compatibility.
|
NTLM (NT LAN Manager)authentication
|
|
|
|
The control of user accounts, group memberships, and resource access for a single computer.
|
local computer security
|
|
|
|
Defines the conditions that result in a user account being locked out.
|
account lockout policy
|
|
|
|
Defines the events which are recorded in the Security log of the Event Viewer.
|
audit policy
|
|
|
|
Th state of a user account which is retained on the system but cannot be used to log on.
|
disabled
|
|
|
|
An organizational unit used to centralize network users and resources.
|
domain
|
|
|
|
A user account which can be used throughout a domain.
|
domain user account
|
|
|
|
The cummulative result of the priority application of group policies.
|
effective policy
|
|
|
|
A group which exist throughout a domain. A _______ ________ can be created only on a Windows 2000 Server system.
|
global group
|
|
|
|
An MMC snap-in that is used to specify desktop settings for group members.
|
group policy
|
|
|
|
Named collections of users to which you assign permissions. For example, the administrators __________ contains all users who require administrative access to network resources and user accounts.
|
groups
|
|
|
|
A local account created by duplicating the name and password of an existing domain account. An ________ __________ can be used only when the Windows 2000 Professional system is able to communicate with the domain of the original account.
|
imported user account
|
|
|
|
A group which exist only on the computer where it was created. A ______ _______ can have users and global groups as members.
|
local group
|
|
|
|
A set of specifications and preferences for an individual user stored on a local machine.
|
local profile
|
|
|
|
The centralized control mechanism which governs password, account lockout, audit, user rights, security options, public key, and IP security.
|
local Security Policy
|
|
|
|
A user account that exists on a single computer.
|
local user account
|
|
|
|
The state of a user account that is disabled because of repeated failed logon attempts.
|
locked out
|
|
|
|
The requirement to provide a name and password to gain access to the computer.
|
logon authentication
|
|
|
|
A code script that can map drive letters, launch applications, or perform other command-line operations each time the system boots.
|
logon script
|
|
|
|
A user profile which does not retain changes after the user logs out. __________ ________ are used to maintain a common desktop environment for users.
|
mandatory profile
|
|
|
|
An operating system which maintains separate and distinct user accounts for each person.
|
multiple-user system
|
|
|
|
A standardized regular method of creating names for objects, users, computers, groups, etc...
|
naming convention
|
|
|
|
A container object that is an administrative partition of the Active Directory. ____'s can contain users, groups,resources, and other _____'s. ____'s enable the delegation of administration to distinct subtrees of the directory.
|
OU-Organizational unit
|
all blanks is same answer.
|
|
|
Defines the restrictions on passwords
|
password policy
|
|
|
|
A set of configuration options that defines aspects of Windows 2000 security.
|
policy
|
|
|
|
Any useful service or object on a network. This includes printers, shared directories, and software applications. A _________ can be accessible by everyone across the network or by only one person on a single machine, and at any level in between.
|
resources
|
|
|
|
Defines and control various security features, functions, and controls of the Windows 2000 environment.
|
Security options
|
|
|
|
A named security element used by a computer system to identify individuals and to record activity,control access, and retain settings.
|
user account
|
|
|
|
Defines which groups or users can perform the specific privileged action.
|
User Rights Policy
|
|
|
|
A collection of user-specific settings that retain the state of the desktop,start menu, color scheme, and other environmental aspects across logons. By default, _________ _______ are stored in system partition root\Documents and Settings\<username>where username is the name of the user to whom the profile applies.
|
user profile or profile
|
|
|
|
What types of user accounts can Windows 2000 Professional create and manage? (choose all that apply)
a. local b. domain c. imported d. global |
a, c
|
|
|
|
What types of user accounts can be used on a Windows 2000 Professional system? (choose all that apply)
a. local b. domain c. imported d. global |
all of them
|
|
|
|
When not connected to a network, what types of user accounts can be employed on a Windows 2000 Professional system?
a. local b. domain c. imported d. global |
a
|
|
|
|
A multi user system is an operating system that allows more than one user account to log on to a single workstation simultaneously. True or False
|
True
|
|
|
|
Which of the following are true of groups? (choose all that apply)
a. Several default groups are built into Windows 2000. b. Groups are named collections of users. c. The system groups can be deleted through the Local Users and Groups tool. d. Groups used to simplify the assigment of permission. |
a,b,d
|
|
|
|
Why does Windows 2000 require logon authentication? (Choose all that apply)
a. to prevent the spread of viruses b. to track computer usage by user account c. to maintain security d. to promote a naming scheme |
b,c
|
|
|
|
Which of the following are true for both the Administrator account and the Guest account? (Choose all that apply)
a. cannot be deleted b. can be locked out c. cannot be disabled d. can be renamed |
a,d
|
|
|
|
When logged in under the Guest account, a user has the same access as another members of what group?
a. Authenticated Users b. Users c. Power Users d. Everyone |
d
|
|
|
|
Through what interface are imported user accounts managed?
a. User Manager for Domains b. Users and Passwords c. Local Users and Groups d. Active Directory Users and Computers |
b
|
|
|
|
Which of the following are true of imported users? (choose all that apply)
a. can be a member of only a single group b. you can change their password c. exist only when their domain of origin is present online d. are used to grant domain users access to the local resources |
a,c,d
|
|
|
|
When creating a new user via the Users and Passwords applet, the Restricted user selection makes the new user a member of what group?
a. Guests b. power Users c. Users d. Backup Operators |
c
|
|
|
|
To configure more than one group membership for a local user account requires the use of the Users and Passwords applet. True or False
|
False
|
|
|
|
When the control item under Secure boot on the Advanced tab of the Users and Passwords applet is selected, not only is Ctrl+Alt+Delete required, but the last user account to successfully log on will be automatically reused to log on to the system. True or False
|
False
|
|
|
|
You create several new user accounts. You tell everyone they need to log on and change their password to something other than the dummy "password" you entered to creat the account. In the past most users forget or refuse to change the password. What setting can you use to force them to make the change?
a. user cannot change password b. user must change password at next logon c. password never expires d. account is disabled |
b
|
|
|
|
On Windows 2000 Professional client, what types of profiles can be used (Choose all that apply)
a. Local b. Roaming c. Mandatory d. Dynamic |
a,b,c
|
|
|
|
User profiles are stored by default in a subdirectory named after the user account in what default directory on a Windows 2000 Professional system?
a. \Winnt\Profiles b. \Users c. \Profiles d. \Documents and Settings |
d
|
|
|
|
The user account Properties dialog box from the Local Users and Groups tool can be used to change the password. True or False
|
False
|
|
|
|
The user tools of Windows 2000 Professional can create and manage both local and global groups. True or False?
|
False
|
|
|
|
Local groups can have global groups as members. True or False
|
True
|
|
|
|
Which of the following groups are not configurable? (Choose all that apply)
a. Administrators b. Interactive c. Backup Operators d. Creator Owner e. Authenticated Users |
b,d,e
|
|
|
|
What makes a profile mandatory?
a. check box setting via the user account's Properties dialog box b. storing it locally c. renaming a file with the extension .man d. not connecting to a network |
c
|
|
|
|
Everything within the Windows 2000 operating environment is an ________ . ________'s include files, folders,shares,printers, and processes.
|
object
|
both blanks are same thing
|
|
|
The local security policy is a collection of what individual policies? (choose all that apply)
a. Password b. Account lockout c. Audit d. User rights e. Security options f. Public Key g. IP security |
All of them
|
|
|
|
To prevent malicious users from breaking into your computer system by repeatedly trying to guess a password, what built-in security tool can you use?
a. Password policy b. IP security c. Lockout d. Encryption |
c
|
|
|
|
What control element in Windows 2000 is used to assign specific privileged action to users and groups?
a. Auditing b. user rights c. Profiles d. Security options |
b
|
|
|
|
A list of security identifiers that are contained by a resource object. Only those processes with the appropriate access token can activate the service of the object.
|
ACL-access control list
|
|
|
|
Objects containing the security identifier of an active process. These tokens determine the security context of the process.
|
access token
|
|
|
|
The database that contains information about a domain's user accounts, group memberships, group policies, and access controls for resources.
|
Active Directory
|
|
|
|
The process of tracking events by recording selected types of events in the Security Log.
|
auditing
|
|
|
|
The process of validating a user's credentials to allow access to certain resources.
|
authentication
|
|
|
|
An electronic identity verification mechanism. _________ are assigned to a client or server by a __________authority. When communication begins, each side of the transmission can decide to either trust the other party based on its _________ and continue with the communication or not to trust the other party and terminate communications.
|
certificates, certificate
|
|
|
|
A collection of computers with centrally managed security and activities.
|
domain
|
|
|
|
A specified computer role of a Windows 2000 Server that authenticates domain logons and maintains the security policies and the account database for a domain.
|
domain controller
|
|
|
|
The control of user accounts, group memberships and resource access for all members of a network instead of for only a single computer.
|
domain security
|
|
|
|
A unique string of characters that must be provided before a logon or an access is authorized. _________'s are a security measure used to restrict initial access to Windows 2000 resources.
|
password
|
|
|
|
A security feature of NTFS under Windows 2000 that allows files, folders, or entire drives to be encrypted. Once encrypted, only the user account that enabled the encryption has the proper private key to decrypt and access the secured objects
|
encrypting file system (EFS)
|
|
|
|
Any significant occurrence in the system or in an application that requires users to be notified or a log entry to be added. Types of events include audits, driver failures, using logons, process launchings, and system shutdowns.
|
event
|
|
|
|
The utility which maintains logs about application, security, and system events on your computer, and enables you to view and manage the event logs, gather information about hardware and software problems, and monitor Windows 2000 security events.
|
Event Viewer
|
|
|
|
The process of extablishing a valid account identity on a Windows 2000 machine by supplying a correct and working domain name (if necessary) and an account name.
|
identification
|
|
|
|
An encrypted communication mechanism used by TCP/IP to create protected communication sessions. ______ is a suite of cryptography-based protection services and security protocols.
|
IPSec-IP Security
|
|
