Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
39 Cards in this Set
- Front
- Back
|
Which of the following services is used for centralized AAA?
a - VPN b - PGP c - RADIUS d - PKI |
The RADIUS protocol, remote authentication dial-in user service, provides centralized authentication, authorization, and accounting for users who need to connect to a network service. pg 23
PKI - public key infrastructure - a system to deal with digital certificates pg 47 PGP - pretty good privacy - a protocol to encrypt email pg 51 |
|
|
What is the primary authentication method used in Microsoft Active Directory?
a - LDAP b - Kerberos c - NTLAN d - SSO |
Active Directory is a technology that provides a variety of network services, pg 25
Kerberos is the default authentication protocol for today's domain computers. In instances where Kerberos is blocked (e.g. by a firewall), servers can fall back to NTLM as a fall-back protocol. pg 26 Lightweight directory access protocol (LDAP) is an application protocol for querying and modifying data using directory services over TCP/IP NTLAN is probably NTLM SSO, single sign-on, allows you to log on once and access multiple related but independent software services without having to log on again. pg 25 |
|
|
Which NTFS permission is needed to change attributes and permissions?
a - Full control b - modify c - read and execute d - write |
a - full control. pg 35
|
|
|
In the world of information security, _____________ is a leading model for access control.
|
AAA
Authentication Authorization Accounting (or auditing) pg 20 |
|
|
How does the concept of nonrepudiation relate to AAA?
|
If you have established proper AAA, no user should be able to deny the actions he or she has carried out while in your organization's system - everything is tracked, monitored, and able to be accounted for.
pg 20 |
|
|
What are some ways to authenticate local users?
|
Authentication via
- what they know (passwords, personal details) - what they possess (smart cards, security tokens) - what they are (fingerprints, facial recognition, etc) pg 21-22 |
|
|
When you dial in with a VPN or access a wireless router via a laptop or other mobile device you are connecting to a RADIUS or TACACS+ server. What is going on behind the scenes to get you authenticated?
|
The server resides on a remote system and responds to queries from clients like the one you're using and also from switches, WAPs, and routers. The server authenticates username/password combinations, determines whether users are allowed to connect, and logs the connection.
pg 23 |
|
|
When it comes to setting up a AAA server, you can choose between RADIUS and TACACS+. Are these two protocols the same?
|
While they are not the same, TACACS+ is a variation of RADIUS created by CISCO and containing extra functions to meet their needs. It can be considered an extension of RADIUS
pg 24 |
|
|
Active Directory has been called the heart of a Windows server. What is it?
|
Active Directory service is technology developed by MS that
- stores, organizes, and provides access to information. - locates, manages, and administers common items and network resources - provides a variety of network services - organizes those network resources - permits administrators to assign passwords, permissions, and rights to those entities that need them - allows for the assignment of group object managers pg 25 |
|
|
What is the Lightweight Directory Access Protocol?
|
LDAP is an application protocol (network service) that provides for the querying and modifying of data using directory services running over TCP/IP,
Within the directory the objects are organized hierarchically to aid in location and management. |
|
|
What is a domain controller? For that matter, what the heck is a domain??
|
First, let's get things straight here: On a local area network, a domain is a subnetwork made up of a group of clients and servers under the control of a central security database. Within a domain, users authenticate once to a centralized server known as a domain controller, rather than repeatedly authenticating to individual servers and services. Individual servers and services accept the user based on the approval of the domain controller.
(from Indiana University IT Knowledgebase) A domain controller is a windows server that stores a replica of the account and security info of a domain and defines the domain boundaries. A windows server can become a domain controller after Active Directory Domain Services is installed. Pg 25 |
|
|
What is Kerberos?
|
Kerberos is the default computer network authentication protocol, which allows hosts to prove their identity over a nonsecure network in a secure manner.
In an environment with Kerberos-based authentication, hosts are assigned secret keys which the server keeps track of. |
|
|
To help organize objects within a domain organizational units are used. What do they hold?
|
OUs can hold users, groups, computers, and even other OUs. The objects must reside within the domain. Pg 27
OUs can be organized by location, function, or areas of management. If an object can hold other objects it's called a container and include the forest, tree, domain, and OU. |
|
|
T/F: Rights and permissions should be assigned to every user to properly secure the network.
|
False. Users should be placed into groups that have to proper rights and permissions for those users already applied. pg 32
|
|
|
To effectively manage the assigning of network resources to groups the mnemonic AGDLP is helpful. What does this mean?
|
Defines how to add users to a domain:
1. add the user Account into the Group where the user exists 2. add the group from the user domain into the Domain Local group in the resource domain 3. assign Permissions on the resource to the domain local group pg 33 |
|
|
What is the difference between rights and permissions? Where is this information stored?
|
A right authorizes a user to perform certain tasks on a computer whereas a permission defines the type of access granted to an object or object attribute (e.g., files, folders and printers).
Information about which users can access an object and what they can do with it is stored in the access control list. |
|
|
Why is NTFS preferred over FAT32?
|
The most significant advantages of NTFS include much larger file support and built in security through permissions and encryption
pg 35 |
|
|
Describe NTFS permissions
|
|
|
|
If a user is part of two groups and has permission to modify the contents of a folder as part of his group 1 permissions, but is denied the same right in the other group (explicit denial pg 38) what will be his effective permissions for that folder?
|
He will be denied modify permission because explicit denial always takes precedence.
|
|
|
Describe share permissions (pg 41)
|
|
|
|
What is UNC?
|
UNC stands for universal naming convention
\\servername\sharename pg 40 |
|
|
Transmitting private data over the public internet is (hopefully) done with either SSL or TLS. What are these and what is the difference between them?
|
SSL, secure sockets layer is a cryptographic system that uses 2 keys to encrypt data.
TLS, transport layer security, is an extension of SSL designed to be open-source to support continuing innovation. TLS is generally the standard in modern browsers today, though SSL can be used instead if needed. pg 51 |
|
|
What are the two encryption technologies offered with Windows 7?
|
Windows 7 has two built in encryption technologies - EFS - Encrypting File System - and Bitlocker. The former encryptes files and folders while the later encrypts entire drives.
|
|
|
What is IP Security, AKA IPsec?
|
IPsec is a suite of protocols that handle data integrity, authentication, and privacy for internet communication. It protects communications by creating secure electronic tunnels between two machines or devices and can be used for VPNs, LANs, and WANs.
It can be used in one of two modes: Transport - client to server Tunnel - server to [server or gateway] You must choose one of two protocols to use - ESP, encapsulating security payload - secures the message, but not the entire packet the message rides in - AH, authentication header - secures the entire packet but does not encrypt anything (it is readable but protected from modification) Pg 57-8 |
|
|
Which of the following services is used for centralized AAA?
a - VPN b - PGP c - RADIUS d - PKI |
c - RADIUS
|
|
|
What is the primary authentication method used on MS Active Directory?
a - LDAP b - Kerberos c - NTLAN d - SSO |
b - Kerberos
|
|
|
The master time keeper and password manager in an Active Directory domain is
a - PDC Emulator b - RID c - Infrastructure master d - Schema master |
a - PDC Emulator
|
|
|
Local user accounts are found in
a - Active Directory b - Registry c - SAM d - LDAP |
c - SAM, or security account manager
|
|
|
A(n) ___________ authorizes a user to perform certain actions on a computer.
a - permission b - encryption algorithm c - authentication protocol d - right |
d - right
pg 34 |
|
|
Which NTFS permission is needed to change attributes and permissions?
a - full control b - modify c - read and execute d - write |
a - full control
|
|
|
Which type of permission is granted directly to a file or folder?
a - explicit b - inherited c - effective d - share |
a - explicit
|
|
|
If you copy a file or folder to a new volume, what permissions will it have?
a - the same as it had before b - the same as the target folder c - the same as the source folder d - none |
b - the same permissions as the target folder.
If it was MOVED it would retain its own permissions |
|
|
Which of the following uses an ACL?
a - NTFS folder b - Active Directory user c - Registry key d - Login rights |
a-c
Information about which users can access an object and what they can do is stored in the Access Control List. pg 34 The registry uses permissions that are stored in the ACL pg 44 |
|
|
Which type of key has one key for encryption and a different key for decryption?
a - asymmetric b - symmetric c - hash function d - PKI |
a - asymmetric encryption uses 2 keys for encryption - one to encrypt and one to decrypt. SSL, TLS, and PGP all use asymmetric keys.
pg 46 PKI, public key infrastructure, is a system consisting of hardware and software that control the use and storage of digital certificates. |
|
|
What is a certificate revocation list?
|
Pg 47 - a CRL, or certificate revocation list, is a list of certificates that have been revoked or are no longer valid and therefore should not be relied upon.
|
|
|
A device that may give you a second password with which to log into a system is a(n) _______________.
|
security token, pg 22. AKA hardware token, or hard token. Such a device is issued to verified users to aid in authentication and are typically small enough to be clipped to a keychain. Some of them use a USB connector or RFID or bluetooth.
Some can generate a second code that users must input in order to be authenticated. |
|
|
When you can't access a folder because someone removed the permissions, you must _______________ to gain access to it again.
|
take ownership of the folder
|
|
|
To track a user's activities in Windows, you need to enable _____________.
|
auditing
|
|
|
List some of the disadvantages to biometrics.
|
1. Expensive (Fulcrum Biometrics sells their entry-level biometric server software for $2,500)
2. Some people might be missing the required body part 3. Requires a biometric database |
