|
Which of the ff. is the single best rule to enforce when designing complex passwords? |
longer passwords |
|
For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do? |
configure account lockout policies in group policy |
|
You want to make sure that all users have passwords over 8 character and that passwords must be changed every 30 days. What should you do? |
Configure account policies in Group policy |
|
You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do? |
configure time and day restrictions |
|
You are configuring the local security policy of a Windows 7 system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (Select two.) |
enforce password history; minimum password age |
|
You are configuring the local security policy of a Windows 7 system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attemps. Which policies should you configure? (Select two.) |
minimum password length; account lockout threshold |
|
You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration? |
User cannot change the password for 10 days |
|
You have implemented lockout with a clipping level of 4. What will be the effect of this setting? |
the account will be locked for 4 incorrect attempts |
|
Which of the ff. is not important aspect of password management? |
enable account lockout |
|
You are teaching new users about security and passwords. Which example of the passwords would be the most secure password? |
T1a73gZ9! |
|
Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company’s customer database. Which action should you take? (2) |
Delete the account that the sales employees are currently using. Train some employees to use their own accounts to update the customer database |
|
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do??????? |
implement a granular password policy for the users in the Directors OU |
|
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You would like to define a granular password policy for these users. Which tool should you use? |
ADSI edit |
|
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do? |
create a granular password policy. apply the policy to all users in the director’s OU |
|
Yo manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer. He would like his account to have even more strict password policies than is required for other members of the Directors OU. What should you do? |
create a granular password policy for Matt. apply the new policy directly to Matt’s user account. |
|
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? |
TACACKS+, Radius |
|
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. |
configure the remote access servers as RADIUS clients |
|
Which of the following are characteristics of TACACS +? |
allows for a possible of three different servers, one for each authentication, authorization, and account; uses TCP |
|
Which of the following are differences between RADIUS and TACACS+? |
Radius combines authentication and authorization into a single function. TACAS+ allows these services to be split between different servers. |
|
Which of the ff. protocols can be used to centralize remote access authentication? |
TCACS |
|
RADIUS is primarily used for what purpose? |
authenticating remote clients before access to the network is granted |
|
Which of the ff. is a characteristic of TACACS+? |
it encrypts the entire packet, not just authentication packets |
|
Which of the ff. ports are used with TACACS? |
49 |
|
What does a remote access server use for authorization? |
Remote access policies |
|
Which of the ff. is the best example of remote access authentication? |
user establishes a dialup connection to a server to gain access to shared resources |
|
Which of the following is a feature of MS-CHAP v2 that is not included in CHAP |
Mutual authentication |
|
CHAP performs which of the following security functions? |
periodically verifies the identity of a peer using a three-way handshake |
|
Which of the following authentication protocols transmits passwords in clear text, and is therefore considered too insecure for modern networks |
PAP |
|
Which remote access authentication protocol periodically and transparently re-authenticates during logon session by default |
CHAP |
|
which of the following authentication protocols uses a three-way handshake to authenticate users to the network? (choose 2) |
MS-CHAP & CHAP |
|
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system? |
ticket |
|
Which of the following are used when implementing Kerberos for authentication and authorization? (Select Two) |
ticket granting server; time synchronization |
|
Which of the ff. are requirements to deploy Kerberos on a network? (Select two.) |
A centralized database of users and password, Time synchronization between devices |
|
Which ports does LDAP use by default? (Select two.) |
389 & 636 |
|
You want to deploy SSL to protect authentication traffic with you LDAP-based directory service. Which port would this use? |
636 |
|
Your LDAP directory service solution uses simple authentication. What should you always do when using simple authentication? |
Use SSL |
|
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose? |
SASL |
|
A user has just authenticated using Kerberos. What object is issued to the user immediately following logon? |
ticket granting ticket |
|
What protocol uses port 88? |
kerberos |
|
Which of the ff. authentication mechanisms is designed to protect a 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash? |
LANMAN |
|
what is mutual authentication? |
A process by which each party in an online communication verifies the identity of the other party |
|
A manage has told you she is concerned about her employees writing their passwords for Web sites, network files, and databases resources on sticky notes. Your office runs exclusively in a Windows environment. |
credential manager |
|
KWalletManger is a Linux based credential management system that stores encrypted account credentials for network resources. |
blowfish & GPG |
|
You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive. |
back up credentials |
|
In an identity Management System, what is the function of the Authoritative Source? |
specify the owner of a data item |
|
In an identity Management System, what is the function of the Identity Vault? |
ensure that each employee has the appropriate level of access in each system |
|
You are the network administrator for a small company. Your organization currently uses the following server systems: Because each of these systems uses its own unique set of authentication credentials, you must spend a considerable amount of time each week keeping user account information updated on each system.In addition, if a user changes his or her password on one system, it is not updated for the user’s accounts on the other two systems. |
implement an identity vault. implement password synchronization |
Share This
Flashcard
