The recommended solution is to use a standard user account and use the Run as administrator option in the GUI or the runas command line tool when it is necessary to by 0QkGX5N1

VIEWS: 627 PAGES: 12

									Import Settings:
Base Settings: Brownstone Default
Information Field: Difficulty
Information Field: Link to
Information Field: Section Refs



Lesson: Lesson 6: Security Planning and Administrative Delegation



Multiple Choice



1. A __________ is an alphanumeric sequence of characters that you enter with a username to
access a server, workstation, or shared resource.
a) PIN
b) password
c) SecureID
d) biometric

Ans: b
Difficulty: Easy
Section Ref: Planning and Implementing Account Security
A password is an alphanumeric sequence of characters that you enter with a username to access a
server, workstation, or shared resource. The primary function of a password is to protect a user’s
authentication information, thus ensuring that no one can impersonate a particular user and
thereby gain access to resources that the user has been authorized to view or edit.

2. What can be defined as a password that follows guidelines that make it difficult for a potential
hacker to determine the user’s password?
a) complex password
b) encrypted password
c) strong password
d) RSA SecureID

Ans: c
Difficulty: Easy
Section Ref: Planning and Implementing Account Security
A strong password can be simply defined as a password that follows guidelines that make it
difficult for a potential hacker to determine the user’s password. Configuring strong passwords
on a Windows Server 2008 network is a combination of creating a minimum required password
length, a password history, requiring multiple types of characters within a password, and setting
a minimum password age.
3. Password-__________ is an attempt to discover a user’s password.
a) recovery
b) tracing
c) sniffing
d) cracking

Ans: d
Difficulty: Easy
Section Ref: Planning and Implementing Account Security
Password-cracking is an attempt to discover a users password. Password-cracking tools are
widely available on the Internet for download by even the least skilled attacker, and their ability
to crack user passwords improves on almost a daily basis.

4. Which of the following is not a characteristic of a strong password?
a) at least eight characters in length
b) contains uppercase and lowercase letters, numbers, and nonalphabetic characters
c) contains your birth date
d) differs significantly from other previously used passwords

Ans: c
Difficulty: Easy
Section Ref: Planning and Implementing Account Security
A strong password has the following characteristics: at least eight characters in length; contains
uppercase and lowercase letters, numbers, and nonalphabetic characters; at least one character
from each of the previous character types; and differs significantly from other previously used
passwords.

5. What is a credit card–sized or token-style device, such as a USB device, that is used with a
PIN to enable logon to the enterprise?
a) RSA SecureID
b) password token
c) smart chip
d) smart card

Ans: d
Difficulty: Easy
Section Ref: Planning and Implementing Account Security
A smart card is a credit cardsized device or a token-style device, such as a USB device, that is
used with a PIN to enable logon to the enterprise.

6. What is a system of digital certificates, certification authorities (CAs), and other registration
authorities (RAs) that verify and authenticate the validity of each party involved in an electronic
transaction through the use of public key cryptography?
a) CKI
b) PKI
c) DKI
d) PCI

Ans: b
Difficulty: Medium
Section Ref: Planning and Implementing Account Security
Smart cards contain a chip that stores user information such as the user’s private key for
certificate-related services; user credentials, such as the username; and a public key certificate.
This requires the implementation of a public key infrastructure (PKI). PKI is a system of digital
certificates, certification authorities (CAs), and other registration authorities (RAs) that verify
and authenticate the validity of each party involved in an electronic transaction through the use
of public key cryptography.

7. Which of the following is a benefit of implementing a public key infrastructure (PKI)?
a) Users no longer need to remember passwords.
b) All information is stored on the smart card, making it difficult for anyone except the intended
user to use or access it.
c) Smart cards can be used from remote locations, such as a home office, to provide
authentication services.
d) All of the above

Ans: d
Difficulty: Easy
Section Ref: Planning and Implementing Account Security
The benefits of implementing a PKI include: users no longer need to remember passwords; all
information is stored on the smart card, making it difficult for anyone except the intended user to
use or access it; security operations, such as cryptographic functions, are performed on the smart
card itself rather than on the network server or local computer; smart cards can be used from
remote locations, such as a home office, to provide authentication services; and the risk of
remote attacks using a username and password is significantly reduced by smart cards.

8. What command-line tool can be used with a standard user account to reduce the risks
associated with the Administrator account?
a) runas
b) su
c) runadmin
d) launchas

Ans: a
Difficulty: Medium
Section Ref: Planning and Implementing Account Security
The recommended solution for reducing the risks associated with the Administrator account is to
use a standard user account and use the Run as administrator option in the GUI or the runas
command-line tool when it is necessary to perform an administrative task.

9. Which OU is created by default when Active Directory is installed?
a) Domain Controllers
b) Users
c) Computers
d) Member Servers

Ans: a
Difficulty: Medium
Section Ref: Planning an Organizational Unit Strategy
When Active Directory is installed, only one OU is created by default: the Domain Controllers
OU.

10. What tool allows you to utilize a simple interface to delegate permissions for domains, OUs,
or containers?
a) Delegation Wizard
b) Delegation of Control Wizard
c) Delegation of Administration Wizard
d) Administration Wizard

Ans: b
Difficulty: Easy
Section Ref: Planning an Organizational Unit Strategy
Using the Delegation of Control Wizard, you utilize a simple interface to delegate permissions
for domains, OUs, or containers. The interface allows you to specify to which users or groups
you want to delegate management permissions and the specific tasks you wish them to be able to
perform.

11. What typically consists of at least four characters or digits that are entered while presenting a
physical access token, such as an ATM card or smart card?
a) password
b) PIN
c) smart card
d) RSA SmartID

Ans: b
Difficulty: Easy
Section Ref: Planning and Implementing Account Security
Passwords and personal identification numbers (PINs) are becoming common in many areas of
life including banking, email, voice mail, and keyless entry systems, such as garage door
openers. A PIN typically consists of at least four characters or digits that are entered while
presenting a physical access token, such as an ATM card or a smart card.

12. Password-cracking can be accomplished by intelligent guessing on the part of the hacker or
through the use of an automated __________ attack
a) brute force
b) dictionary
c) cracking
d) work

Ans: b
Difficulty: Hard
Section Ref: Planning and Implementing Account Security
Password-cracking can be accomplished by intelligent guessing on the part of the hacker or
through the use of an automated dictionary attack. Automated password-cracking tools will try
every possible combination of characters until the correct sequence of characters is finally
discovered.

13. A password should be __________ characters in length to be considered a strong password.
a) 6
b) 10
c) 12
d) 8

Ans: d
Difficulty: Hard
Section Ref: Planning and Implementing Account Security
A strong password has the following characteristics: at least eight characters in length; contains
uppercase and lowercase letters, numbers, and nonalphabetic characters; at least one character
from each of the previous character types; and differs significantly from other previously used
passwords.

14. Passwords for Windows Server 2008, Windows Vista, Windows Server 2003, and Microsoft
Windows XP clients can be __________ characters in length.
a) 97
b) 68
c) 127
d) 142

Ans: c
Difficulty: Hard
Section Ref: Planning and Implementing Account Security
Windows passwords for Windows Server 2008, Windows Vista, Windows Server 2003, and
Microsoft Windows XP clients can be up to 127 characters in length.

15. What method of authentication requires a smart card and a PIN to provide more secure
access to company resources?
a) two-factor authentication
b) dual authentication
c) complex authentication
d) strong authentication

Ans: a
Difficulty: Easy
Section Ref: Planning and Implementing Account Security
A smart card is a credit cardsized device or a token-style device, such as a USB device, that is
used with a PIN to enable logon to the enterprise. This two-factor authentication method requires
a smart card and a PIN to provide more secure access to company resources. It has been
implemented by many high-security organizations.

16. To implement PKI, what must be installed on your Windows 2008 Server?
a) Active Directory Users and Computers
b) Microsoft AdminPak
c) Active Directory Certificate Services
d) Microsoft Advanced Security Pack

Ans: c
Difficulty: Hard
Section Ref: Planning and Implementing Account Security
PKI requires you to install Active Directory Certificate Services in your Windows Server 2008
environment. Active Directory Certificate Services is a server role available in Windows Server
2008 that allows you to create and administer PKI certificates for your users, computers, and
applications.

17. What dedicated workstation allows an administrator or another authorized user to
preconfigure certificates and smart cards on behalf of a user or workstation?
a) PKI server
b) smart card enrollment station
c) smart card verification station
d) Certification Authority (CA)

Ans: b
Difficulty: Medium
Section Ref: Planning and Implementing Account Security
Prior to deploying smart cards, you must set up at least one computer as a smart card enrollment
station, which is a dedicated workstation that allows an administrator or another authorized user
to preconfigure certificates and smart cards on behalf of a user or workstation.

18. What types of certificates are generated by the enterprise CA and used to generate a smart
card logon certificate for users in the organization?
a) enrollment agent
b) enrollment credential
c) enrollment verification
d) enrollment authority

Ans: a
Difficulty: Hard
Section Ref: Planning and Implementing Account Security
Enrollment agent certificates are generated by the enterprise CA and are used to generate a smart
card logon certificate for users in the organization. Because these enrollment agent certificates
can generate smart cards with authentication credentials for anyone in the organization, you
should make sure strong security policies are in place for issuing enrollment agent certificates.

19. What component issues and manages certificates for individuals, computers, and
organizations?
a) enrollment agent
b) PKI server
c) certificate server
d) Certification Authority

Ans: d
Difficulty: Easy
Section Ref: Planning and Implementing Account Security
The CA issues and manages certificates for individuals, computers, and organizations. Multiple
CAs can be linked to form a public key infrastructure.

20. Where is the certificate database located on a Certification Authority?
a) C:\Windows\system\CertLog
b) C:\Windows\system32\CertLog
c) C:\Windows\CertLog
d) C:\Windows\system32\CertLog32

Ans: b
Difficulty: Hard
Section Ref: Planning and Implementing Account Security
When configuring certificate services, you can can specify a location for the certification
database. This defaults to C:\Windows\system32\CertLog.



True/False



21. A strong password can be similar to a previously used password.

Ans: False
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

22. A password is a credit card–sized or token-style device, such as a USB device, that is used
with a PIN to enable logon to the enterprise.

Ans: False
Difficulty: Easy
Section Ref: Planning and Implementing Account Security
23. When configuring Certificate Services, you must install your CAs as enterprise CAs.

Ans: True
Difficulty: Medium
Section Ref: Planning and Implementing Account Security

24. Enrollment agent certificates are generated by the enterprise CA and used to generate a smart
card logon certificate for users in the organization.

Ans: True
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

25. OUs represent the functional or geographical model of your company so that resources can
be placed according to the users who need them.

Ans: True
Difficulty: Easy
Section Ref: Planning an Organizational Unit Strategy



Fill-in-the-Blank



26. A(n) __________ is an alphanumeric sequence of characters that you enter with a username
to access a server, workstation, or shared resource.

Ans: password
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

27. In Windows Server 2008, __________ passwords are required when Active Directory is
installed.

Ans: strong
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

28. A strong password contains uppercase and lowercase letters, __________, and nonalphabetic
characters.

Ans: numbers
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

29. A Public Key __________ is a system of digital certificates, certification authorities (CAs),
and other registration authorities (RAs) that verify and authenticate the validity of each party
involved in an electronic transaction through the use of public key cryptography.

Ans: Infrastructure
Difficulty: Medium
Section Ref: Planning and Implementing Account Security

30. The use of PKI requires you to install Active Directory __________ Services in your
Windows Server 2008 environment.

Ans: Certificate
Difficulty: Medium
Section Ref: Planning and Implementing Account Security

31. You must set up at least one computer as a smart card __________ station, which is a
dedicated workstation that allows an administrator or another authorized user to preconfigure
certificates and smart cards on behalf of a user or workstation.

Ans: enrollment
Difficulty: Hard
Section Ref: Planning and Implementing Account Security

32. After determining the cost of implementing smart cards, you need to define a(n) __________
process.

Ans: support
Difficulty: Hard
Section Ref: Planning and Implementing Account Security

33. The recommended solution for reducing the risks associated with the Administrator account
is to use a standard user account and use the Run as __________ option.

Ans: administrator
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

34. By allowing administrative authority over an OU structure as opposed to an entire domain or
site, you minimize the number of administrators with __________ privileges.

Ans: global
Difficulty: Hard
Section Ref: Planning an Organizational Unit Strategy
35. The __________ option in Active Directory Users and Computers offers a safer method than
the drag-and-drop feature, but has the same results.

Ans: Move
Difficulty: Medium
Section Ref: Planning an Organizational Unit Strategy



Short Answer



36. What is an attempt to discover a user’s password?

Ans: password-cracking
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

37. Password-cracking can be accomplished by intelligent guessing on the part of the hacker or
through the use of what automated attack?

Ans: dictionary attack
Difficulty: Medium
Section Ref: Planning and Implementing Account Security

38. What is a system of digital certificates, certification authorities (CAs), and other registration
authorities (RAs) that verify and authenticate the validity of each party involved in an electronic
transaction through the use of public key cryptography?

Ans: public key infrastructure, PKI
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

39. What type of CA can issue certificates only to users and computers in its own forest?

Ans: enterprise CA
Difficulty: Hard
Section Ref: Planning and Implementing Account Security

40. What types of certificates are generated by the enterprise CA and used to generate a smart
card logon certificate for users in the organization?

Ans: enrollment agent
Difficulty: Medium
Section Ref: Planning and Implementing Account Security
41. What allows you to connect to a CA via a Web browser to perform such common tasks as
requesting certificates, retrieving the CA’s Certificate Revocation List (CRL), or performing
smart card certificate enrollment?

Ans: Certification Web Enrollment
Difficulty: Hard
Section Ref: Planning and Implementing Account Security

42. Run as administrator and runas require what service to be running?

Ans: Secondary Logon
Difficulty: Medium
Section Ref: Planning and Implementing Account Security

43. What wizard allows you to utilize a simple interface to delegate permissions for domains,
OUs, or containers?

Ans: Delegation of Control Wizard
Difficulty: Easy
Section Ref: Planning an Organizational Unit Strategy



Essay



44. What are the characteristics of a strong password?

Ans: It is at least eight characters in length; contains uppercase and lowercase letters, numbers,
and nonalphabetic characters (one of each); and differs significantly from other previously used
passwords.
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

45. What is two-factor authentication?

Ans: The two-factor authentication method requires a smart card and a PIN to provide more
secure access to company resources. It has been implemented by many high-security
organizations.
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

46. What is a public key infrastructure?
Ans: PKI is a system of digital certificates, certification authorities (CAs), and other registration
authorities (RAs) that verify and authenticate the validity of each party involved in an electronic
transaction through the use of public key cryptography.
Difficulty: Medium
Section Ref: Planning and Implementing Account Security

47. What is a certification authority?

Ans: A Certification Authority (CA) issues and manages certificates for individuals, computers,
and organizations.
Difficulty: Easy
Section Ref: Planning and Implementing Account Security

48. What is the recommended solution for reducing the risks associated with the Administrator
account?

Ans: The recommended solution is to use a standard user account and use the Run as
administrator option in the GUI or the runas command-line tool when it is necessary to perform
an administrative task.
Difficulty: Medium
Section Ref: Planning and Implementing Account Security

49. What does the Delegation of Control Wizard allow you to do?

Ans: The interface allows you to specify to which users or groups you want to delegate
management permissions and the specific tasks you wish them to be able to perform. You can
delegate predefined tasks, or you can create custom tasks that allow you to be more specific.
Difficulty: Easy
Section Ref: Planning an Organizational Unit Strategy

50. What two methods can be used to move objects in Active Directory?

Ans: drag-and-drop and the Move menu option
Difficulty: Medium
Section Ref: Planning an Organizational Unit Strategy

								
To top