Chapter 006 Security Planning and Administrative Delegation in Windows Server 2008 R2

Card Set Information

Author:
pacheco2001usa
ID:
216361
Filename:
Chapter 006 Security Planning and Administrative Delegation in Windows Server 2008 R2
Updated:
2013-04-29 21:41:37
Tags:
Chapter 006 Security Planning Administrative Delegation Windows Server 2008 R2
Folders:

Description:
Chapter 006 Security Planning and Administrative Delegation in Windows Server 2008 R2
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user pacheco2001usa on FreezingBlue Flashcards. What would you like to do?


  1. A __________ is an alphanumeric sequence of characters that you enter with a username to access a server, workstation, or shared resource.
    a) PIN
    b) password
    c) SecureID
    d) biometric
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account SecurityA password is an alphanumeric sequence of characters that you enter with a username to access a server, workstation, or shared resource. The primary function of a password is to protect a user’s authentication information, thus ensuring that no one can impersonate a particular user and thereby gain access to resources that the user has been authorized to view or edit.
  2. What can be defined as a password that follows guidelines that make it difficult for a potential hacker to determine the user’s password?a) complex passwordb) encrypted passwordc) strong passwordd) RSA SecureID
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account SecurityA strong password can be simply defined as a password that follows guidelines that make it difficult for a potential hacker to determine the user’s password. Configuring strong passwords on a Windows Server 2008 network is a combination of creating a minimum required password length, a password history, requiring multiple types of characters within a password, and setting a minimum password age.
  3. Password-__________ is an attempt to discover a user’s password.
    a) recovery
    b) tracing
    c) sniffing
    d) cracking
    • Ans: d
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account SecurityPassword-cracking is an attempt to discover a users password. Password-cracking tools are widely available on the Internet for download by even the least skilled attacker, and their ability to crack user passwords improves on almost a daily basis.
  4. Which of the following is not a characteristic of a strong password?
    a) at least eight characters in length
    b) contains uppercase and lowercase letters, numbers, and nonalphabetic characters
    c) contains your birth date
    d) differs significantly from other previously used passwords
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account SecurityA strong password has the following characteristics: at least eight characters in length; contains uppercase and lowercase letters, numbers, and nonalphabetic characters; at least one character from each of the previous character types; and differs significantly from other previously used passwords.
  5. What is a credit card–sized or token-style device, such as a USB device, that is used with a PIN to enable logon to the enterprise?
    a) RSA SecureID
    b) password token
    c) smart chip
    d) smart card
    • Ans: d
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security A smart card is a credit cardsized device or a token-style device, such as a USB device, that is used with a PIN to enable logon to the enterprise.
  6. What is a system of digital certificates, certification authorities (CAs), and other registration authorities (RAs) that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography?
    a) CKI
    b) PKI
    c) DKI
    d) PCI
    • Ans: b
    • Difficulty: Medium
    • Section Ref: Planning and Implementing Account SecuritySmart cards contain a chip that stores user information such as the user’s private key for certificate-related services; user credentials, such as the username; and a public key certificate. This requires the implementation of a public key infrastructure (PKI). PKI is a system of digital certificates, certification authorities (CAs), and other registration authorities (RAs) that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography.
  7. Which of the following is a benefit of implementing a public key infrastructure (PKI)?
    a) Users no longer need to remember passwords.
    b) All information is stored on the smart card, making it difficult for anyone except the intended user to use or access it.
    c) Smart cards can be used from remote locations, such as a home office, to provide authentication services.
    d) All of the above
    • Ans: d
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account SecurityThe benefits of implementing a PKI include: users no longer need to remember passwords; all information is stored on the smart card, making it difficult for anyone except the intended user to use or access it; security operations, such as cryptographic functions, are performed on the smart card itself rather than on the network server or local computer; smart cards can be used from remote locations, such as a home office, to provide authentication services; and the risk of remote attacks using a username and password is significantly reduced by smart cards.
  8. What command-line tool can be used with a standard user account to reduce the risks associated with the Administrator account?
    a) runas
    b) su
    c) runadmin
    d) launchas
    • Ans: a
    • Difficulty: Medium
    • Section Ref: Planning and Implementing Account SecurityThe recommended solution for reducing the risks associated with the Administrator account is to use a standard user account and use the Run as administrator option in the GUI or the runas command-line tool when it is necessary to perform an administrative task.
  9. Which OU is created by default when Active Directory is installed?
    a) Domain Controllers
    b) Usersc) Computers
    d) Member Servers
    • Ans: a
    • Difficulty: Medium
    • Section Ref: Planning an Organizational Unit Strategy When Active Directory is installed, only one OU is created by default: the Domain Controllers OU.
  10. What tool allows you to utilize a simple interface to delegate permissions for domains, OUs, or containers?
    a) Delegation Wizard
    b) Delegation of Control Wizard
    c) Delegation of Administration Wizard
    d) Administration Wizard
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Planning an Organizational Unit StrategyUsing the Delegation of Control Wizard, you utilize a simple interface to delegate permissions for domains, OUs, or containers. The interface allows you to specify to which users or groups you want to delegate management permissions and the specific tasks you wish them to be able to perform.
  11. What typically consists of at least four characters or digits that are entered while presenting a physical access token, such as an ATM card or smart card?
    a) password
    b) PIN
    c) smart card
    d) RSA SmartID
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account SecurityPasswords and personal identification numbers (PINs) are becoming common in many areas of life including banking, email, voice mail, and keyless entry systems, such as garage door openers. A PIN typically consists of at least four characters or digits that are entered while presenting a physical access token, such as an ATM card or a smart card.
  12. Password-cracking can be accomplished by intelligent guessing on the part of the hacker or through the use of an automated __________ attack
    a) brute force
    b) dictionary
    c) cracking
    d) work
    • Ans: b
    • Difficulty: HardSection Ref: Planning and Implementing Account SecurityPassword-cracking can be accomplished by intelligent guessing on the part of the hacker or through the use of an automated dictionary attack. Automated password-cracking tools will try every possible combination of characters until the correct sequence of characters is finally discovered.
  13. A password should be __________ characters in length to be considered a strong password.
    a) 6
    b) 10
    c) 12
    d) 8
    • Ans: d
    • Difficulty: Hard
    • Section Ref: Planning and Implementing Account SecurityA strong password has the following characteristics: at least eight characters in length; contains uppercase and lowercase letters, numbers, and nonalphabetic characters; at least one character from each of the previous character types; and differs significantly from other previously used passwords.
  14. Passwords for Windows Server 2008, Windows Vista, Windows Server 2003, and Microsoft Windows XP clients can be __________ characters in length.
    a) 97
    b) 68
    c) 127
    d) 142
    • Ans: c
    • Difficulty: Hard
    • Section Ref: Planning and Implementing Account SecurityWindows passwords for Windows Server 2008, Windows Vista, Windows Server 2003, and Microsoft Windows XP clients can be up to 127 characters in length.
  15. What method of authentication requires a smart card and a PIN to provide more secure access to company resources?
    a) two-factor authentication
    b) dual authentication
    c) complex authentication
    d) strong authentication
    • Ans: a
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account SecurityA smart card is a credit cardsized device or a token-style device, such as a USB device, that is used with a PIN to enable logon to the enterprise. This two-factor authentication method requires a smart card and a PIN to provide more secure access to company resources. It has been implemented by many high-security organizations.
  16. To implement PKI, what must be installed on your Windows 2008 Server?
    a) Active Directory Users and Computers
    b) Microsoft AdminPak
    c) Active Directory Certificate Services
    d) Microsoft Advanced Security Pack
    • Ans: c
    • Difficulty: HardSection Ref: Planning and Implementing Account SecurityPKI requires you to install Active Directory Certificate Services in your Windows Server 2008 environment. Active Directory Certificate Services is a server role available in Windows Server 2008 that allows you to create and administer PKI certificates for your users, computers, and applications.
  17. What dedicated workstation allows an administrator or another authorized user to preconfigure certificates and smart cards on behalf of a user or workstation?
    a) PKI server
    b) smart card enrollment station
    c) smart card verification station
    d) Certification Authority (CA)
    • Ans: b
    • Difficulty: Medium
    • Section Ref: Planning and Implementing Account SecurityPrior to deploying smart cards, you must set up at least one computer as a smart card enrollment station, which is a dedicated workstation that allows an administrator or another authorized user to preconfigure certificates and smart cards on behalf of a user or workstation.
  18. What types of certificates are generated by the enterprise CA and used to generate a smart card logon certificate for users in the organization?
    a) enrollment agent
    b) enrollment credential
    c) enrollment verification
    d) enrollment authority
    • Ans: a
    • Difficulty: Hard
    • Section Ref: Planning and Implementing Account SecurityEnrollment agent certificates are generated by the enterprise CA and are used to generate a smart card logon certificate for users in the organization. Because these enrollment agent certificates can generate smart cards with authentication credentials for anyone in the organization, you should make sure strong security policies are in place for issuing enrollment agent certificates.
  19. What component issues and manages certificates for individuals, computers, and organizations?
    a) enrollment agent
    b) PKI server
    c) certificate server
    d) Certification Authority
    • Ans: d
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account SecurityThe CA issues and manages certificates for individuals, computers, and organizations. Multiple CAs can be linked to form a public key infrastructure.
  20. Where is the certificate database located on a Certification Authority?
    a) C:WindowssystemCertLog
    b) C:Windowssystem32CertLog
    c) C:WindowsCertLog
    d) C:Windowssystem32CertLog32
    • Ans: b
    • Difficulty: Hard
    • Section Ref: Planning and Implementing Account SecurityWhen configuring certificate services, you can can specify a location for the certification database. This defaults to C:Windowssystem32CertLog.
  21. A strong password can be similar to a previously used password.
    • Ans: False
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  22. A password is a credit card–sized or token-style device, such as a USB device, that is used with a PIN to enable logon to the enterprise.
    • Ans: False
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  23. When configuring Certificate Services, you must install your CAs as enterprise CAs.
    • Ans: True
    • Difficulty: MediumSection Ref: Planning and Implementing Account Security
  24. Enrollment agent certificates are generated by the enterprise CA and used to generate a smart card logon certificate for users in the organization.
    • Ans: True
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  25. OUs represent the functional or geographical model of your company so that resources can be placed according to the users who need them.
    • Ans: True
    • Difficulty: Easy
    • Section Ref: Planning an Organizational Unit Strategy
  26. A(n) __________ is an alphanumeric sequence of characters that you enter with a username to access a server, workstation, or shared resource.
    • Ans: password
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  27. In Windows Server 2008, __________ passwords are required when Active Directory is installed.
    • Ans: strong
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  28. A strong password contains uppercase and lowercase letters, __________, and nonalphabetic characters.
    • Ans: numbers
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  29. A Public Key __________ is a system of digital certificates, certification authorities (CAs), and other registration authorities (RAs) that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography.
    • Ans: Infrastructure
    • Difficulty: Medium
    • Section Ref: Planning and Implementing Account Security
  30. The use of PKI requires you to install Active Directory __________ Services in your Windows Server 2008 environment.
    • Ans: Certificate
    • Difficulty: Medium
    • Section Ref: Planning and Implementing Account Security
  31. You must set up at least one computer as a smart card __________ station, which is a dedicated workstation that allows an administrator or another authorized user to preconfigure certificates and smart cards on behalf of a user or workstation.
    • Ans: enrollment
    • Difficulty: Hard
    • Section Ref: Planning and Implementing Account Security
  32. After determining the cost of implementing smart cards, you need to define a(n) __________ process.
    • Ans: support
    • Difficulty: Hard
    • Section Ref: Planning and Implementing Account Security
  33. The recommended solution for reducing the risks associated with the Administrator account is to use a standard user account and use the Run as __________ option.
    • Ans: administrator
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  34. By allowing administrative authority over an OU structure as opposed to an entire domain or site, you minimize the number of administrators with __________ privileges.
    • Ans: global
    • Difficulty: Hard
    • Section Ref: Planning an Organizational Unit Strategy
  35. The __________ option in Active Directory Users and Computers offers a safer method than the drag-and-drop feature, but has the same results.
    • Ans: Move
    • Difficulty: Medium
    • Section Ref: Planning an Organizational Unit Strategy
  36. What is an attempt to discover a user’s password?
    • Ans: password-cracking
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  37. Password-cracking can be accomplished by intelligent guessing on the part of the hacker or through the use of what automated attack?
    • Ans: dictionary attack
    • Difficulty: Medium
    • Section Ref: Planning and Implementing Account Security
  38. What is a system of digital certificates, certification authorities (CAs), and other registration authorities (RAs) that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography?
    • Ans: public key infrastructure, PKI
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  39. What type of CA can issue certificates only to users and computers in its own forest?
    • Ans: enterprise CA
    • Difficulty: Hard
    • Section Ref: Planning and Implementing Account Security
  40. What types of certificates are generated by the enterprise CA and used to generate a smart card logon certificate for users in the organization?
    • Ans: enrollment agent
    • Difficulty: Medium
    • Section Ref: Planning and Implementing Account Security
  41. What allows you to connect to a CA via a Web browser to perform such common tasks as requesting certificates, retrieving the CA’s Certificate Revocation List (CRL), or performing smart card certificate enrollment?
    • Ans: Certification Web Enrollment
    • Difficulty: Hard
    • Section Ref: Planning and Implementing Account Security
  42. Run as administrator and runas require what service to be running?
    • Ans: Secondary Logon
    • Difficulty: Medium
    • Section Ref: Planning and Implementing Account Security
  43. What wizard allows you to utilize a simple interface to delegate permissions for domains, OUs, or containers?
    • Ans: Delegation of Control Wizard
    • Difficulty: Easy
    • Section Ref: Planning an Organizational Unit Strategy
  44. What are the characteristics of a strong password?
    • Ans: It is at least eight characters in length; contains uppercase and lowercase letters, numbers, and nonalphabetic characters (one of each); and differs significantly from other previously used passwords.
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  45. What is two-factor authentication?
    • Ans: The two-factor authentication method requires a smart card and a PIN to provide more secure access to company resources. It has been implemented by many high-security organizations.
    • Difficulty: Easy
    • Section Ref: Planning and Implementing Account Security
  46. What is a public key infrastructure?
    • Ans: PKI is a system of digital certificates, certification authorities (CAs), and other registration authorities (RAs) that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography.
    • Difficulty: Medium
    • Section Ref: Planning and Implementing Account Security
  47. What is a certification authority?
    • Ans: A Certification Authority (CA) issues and manages certificates for individuals, computers, and organizations.
    • Difficulty: EasySection Ref: Planning and Implementing Account Security
  48. What is the recommended solution for reducing the risks associated with the Administrator account?
    • Ans: The recommended solution is to use a standard user account and use the Run as administrator option in the GUI or the runas command-line tool when it is necessary to perform an administrative task.
    • Difficulty: Medium
    • Section Ref: Planning and Implementing Account Security
  49. What does the Delegation of Control Wizard allow you to do?
    • Ans: The interface allows you to specify to which users or groups you want to delegate management permissions and the specific tasks you wish them to be able to perform. You can delegate predefined tasks, or you can create custom tasks that allow you to be more specific.
    • Difficulty: Easy
    • Section Ref: Planning an Organizational Unit Strategy
  50. What two methods can be used to move objects in Active Directory?
    • Ans: drag-and-drop and the Move menu option
    • Difficulty: Medium
    • Section Ref: Planning an Organizational Unit Strategy

What would you like to do?

Home > Flashcards > Print Preview