2.11 ; 2.15 Practice Questions – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which of the ff. is the single best rule to enforce when designing complex passwords?
answer
longer passwords
question
For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do?
answer
configure account lockout policies in group policy
question
You want to make sure that all users have passwords over 8 character and that passwords must be changed every 30 days. What should you do?
answer
Configure account policies in Group policy
question
You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do?
answer
configure time and day restrictions
question
You are configuring the local security policy of a Windows 7 system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (Select two.)
answer
enforce password history; minimum password age
question
You are configuring the local security policy of a Windows 7 system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attemps. Which policies should you configure? (Select two.)
answer
minimum password length; account lockout threshold
question
You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration?
answer
User cannot change the password for 10 days
question
You have implemented lockout with a clipping level of 4. What will be the effect of this setting?
answer
the account will be locked for 4 incorrect attempts
question
Which of the ff. is not important aspect of password management?
answer
enable account lockout
question
You are teaching new users about security and passwords. Which example of the passwords would be the most secure password?
answer
T1a73gZ9!
question
Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company's customer database. Which action should you take? (2)
answer
Delete the account that the sales employees are currently using. Train some employees to use their own accounts to update the customer database
question
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do???????
answer
implement a granular password policy for the users in the Directors OU
question
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You would like to define a granular password policy for these users. Which tool should you use?
answer
ADSI edit
question
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do?
answer
create a granular password policy. apply the policy to all users in the director's OU
question
Yo manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer. He would like his account to have even more strict password policies than is required for other members of the Directors OU. What should you do?
answer
create a granular password policy for Matt. apply the new policy directly to Matt's user account.
question
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access?
answer
TACACKS+, Radius
question
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the following would be a required part of your configuration?
answer
configure the remote access servers as RADIUS clients
question
Which of the following are characteristics of TACACS +?
answer
allows for a possible of three different servers, one for each authentication, authorization, and account; uses TCP
question
Which of the following are differences between RADIUS and TACACS+?
answer
Radius combines authentication and authorization into a single function. TACAS+ allows these services to be split between different servers.
question
Which of the ff. protocols can be used to centralize remote access authentication?
answer
TCACS
question
RADIUS is primarily used for what purpose?
answer
authenticating remote clients before access to the network is granted
question
Which of the ff. is a characteristic of TACACS+?
answer
it encrypts the entire packet, not just authentication packets
question
Which of the ff. ports are used with TACACS?
answer
49
question
What does a remote access server use for authorization?
answer
Remote access policies
question
Which of the ff. is the best example of remote access authentication?
answer
user establishes a dialup connection to a server to gain access to shared resources
question
Which of the following is a feature of MS-CHAP v2 that is not included in CHAP
answer
Mutual authentication
question
CHAP performs which of the following security functions?
answer
periodically verifies the identity of a peer using a three-way handshake
question
Which of the following authentication protocols transmits passwords in clear text, and is therefore considered too insecure for modern networks
answer
PAP
question
Which remote access authentication protocol periodically and transparently re-authenticates during logon session by default
answer
CHAP
question
which of the following authentication protocols uses a three-way handshake to authenticate users to the network? (choose 2)
answer
MS-CHAP & CHAP
question
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?
answer
ticket
question
Which of the following are used when implementing Kerberos for authentication and authorization? (Select Two)
answer
ticket granting server; time synchronization
question
Which of the ff. are requirements to deploy Kerberos on a network? (Select two.)
answer
A centralized database of users and password, Time synchronization between devices
question
Which ports does LDAP use by default? (Select two.)
answer
389 & 636
question
You want to deploy SSL to protect authentication traffic with you LDAP-based directory service. Which port would this use?
answer
636
question
Your LDAP directory service solution uses simple authentication. What should you always do when using simple authentication?
answer
Use SSL
question
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?
answer
SASL
question
A user has just authenticated using Kerberos. What object is issued to the user immediately following logon?
answer
ticket granting ticket
question
What protocol uses port 88?
answer
kerberos
question
Which of the ff. authentication mechanisms is designed to protect a 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?
answer
LANMAN
question
what is mutual authentication?
answer
A process by which each party in an online communication verifies the identity of the other party
question
A manage has told you she is concerned about her employees writing their passwords for Web sites, network files, and databases resources on sticky notes. Your office runs exclusively in a Windows environment. Which tool could be used to prevent this?
answer
credential manager
question
KWalletManger is a Linux based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials?(Two)
answer
blowfish & GPG
question
You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive. What option would you hit?
answer
back up credentials
question
In an identity Management System, what is the function of the Authoritative Source?
answer
specify the owner of a data item
question
In an identity Management System, what is the function of the Identity Vault?
answer
ensure that each employee has the appropriate level of access in each system
question
You are the network administrator for a small company. Your organization currently uses the following server systems: • A Windows server that functions as a domain controller and a file server. • A Novell Open Enterprise Server that functions as a GroupWise e-mail server. • A Linux server that hosts your organization's NoSQL database server that is used for big data analysis. Because each of these systems uses its own unique set of authentication credentials, you must spend a considerable amount of time each week keeping user account information updated on each system.In addition, if a user changes his or her password on one system, it is not updated for the user's accounts on the other two systems.
answer
implement an identity vault. implement password synchronization