Windows 10 Chapter_14
Terms in this set (51)
Contains a security identifier (SID) for the user, all of the SIDs for the groups to which the user belongs, and the user's privileges.
Account Lockout Policy
Specifies the number of unsuccessful logon attempts that, if made within a predefined amount of time, might indicate that an unauthorized person is trying to access a computer or the network.
Domain-level policies that define the security-related attributes assigned to user objects.
Represents the way that security principals (users, computers, and processes) prove their identity before they are allowed to connect to your network.
The combination of something you know (a password or PIN); something you have (a smart card); or something that is unique to you (a biometric), such as your fingerprint or an iris scan.
After security principals prove their identity, this determines what they can do. This is determined through the use of Access Control Lists (ACLs) that are attached to each resource.
A security method that takes advantage of the uniqueness of every individual. By using a person's fingerprint, face, voice, or retina, biometrics offers advantages over other methods.
Technology that can encrypt a volume, which is meant to protect the content if a system is stolen.
Bring Your Own Device (BYOD)
A policy that helps administrators manage users who use their personal devices to access organizational resources.
certificate authority (CA)
The computer that creates and manages the distribution and revocation of certificates.
Also known as the certification path, is a list of certificates used to authenticate an entity.
Provides a means for authenticating and auditing the computer's access to a Windows network and its access to domain resources.
This process is about preventing people from reading information they are not authorized to read. Confidentiality is handled through the use of encryption technologies.
Caching the user's domain credentials.
Isolates and hardens key system and user security information (LSA credentials).
Allows you to store credentials (such as user names and passwords) that you use to log on to websites or other computers on a network.
A group of key features that hardens a computer system against malware by only running trusted applications, preventing malicious code from running.
Device Health Attestation (DHA)
Used to access device security health and verify that the device is using Secure Boot, BitLocker, or Early Launch Antimalware (ELAM). Device Health Attestation is aimed at malware that starts on a system before Windows defenses and antimalware load, which allow the malware to remain hidden.
Previously called Workplace Join, allows users to join their devices to the organization's network without joining the device to the Active Directory domain.
Device Registration Service (DRS)
Registers a non-domain-joined device in Active Directory and installs a certificate on the device.
A collection of data that binds an identity to a key pair.
A collection of user and computer accounts that are grouped together to enable centralized management and to apply security.
Early Launch Antimalware (ELAM)
A security technology that evaluates non-Microsoft Windows boot time device/application drivers for malicious code.
fine-grained password policies
Allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain.
Used to find users, computers, and resources throughout the other domains.
This is the ability to guarantee that the information has not been arbitrarily changed from the time it was sent from the original source and received by the other party.
A protocol that defines how clients interact with a network authentication service.
Key Distribution Center (KDC)
The network authentication service that supplies ticket-granting tickets (TGTs) used by the Kerberos v5 protocol.
Local Security Authority (LSA)
Queries the SAM database to determine whether an account with the user name and password you used exists.
A two-factor authentication that consists of an enrolled device (such as a smartphone) and a Windows Hello (biometric) or PIN.
An authentication method that uses two or more authentication factors.
This is a method used to provide proof that a security principal (user, computer, or process) is the source of data, an action, or a communication. This is usually provided through the use of public key/private key technologies.
A family of authentication protocols first introduced with Windows NT. It is based on a challenge/response mechanism used to authenticate users and computers.
A word or string of characters used for user authentication.
Determines settings for passwords, such as enforcement and lifetimes.
Password Settings Object (PSO)
Gives you granular control of password and account settings.
personal identification number (PIN)
A short numeric password used to authenticate a user to a system.
Consists of two components: a picture and a gesture that you draw on it.
public key infrastructure (PKI)
Includes digital certificates, CAs, and other components that are used to create, distribute, validate, and revoke certificates.
A security standard that makes sure that your PC boots only software that is trusted by the PC manufacturer.
Security Accounts Manager (SAM)
Contains user accounts and their associated passwords.
Used with a smart card reader attached to a computer, contain an embedded processor that is used to communicate with the host computer and the card reader.
Trusted Platform Module (TPM) chip
Used to encrypt information, which is then stored on the computer's hard drive.
Requires the use of two of the three authentication factors.
Used by Windows to determine what changes you can make on the computer, to determine which files and folders you can have access to, and to track personal preferences such as your choice of desktop wallpaper, color schemes, drive mappings, and/or screen savers.
A special folder on your computer in which credentials are saved.
virtual secure mode (VSM)
A mode that uses the processor's virtualization to protect the PC, including data and credential tokens on the system's disks.
virtual smart cards (VSCs)
Make additional hardware (smart card readers and smart cards) unnecessary. These cards emulate the functionality of regular smart cards but require a Trusted Platform Module (TPM) chip to protect the private keys.
A Windows 10 biometric authentication system that uses a user's face, iris, or fingerprint to unlock devices.
Logical subgroups into which computers and devices on a peer-to-peer network are organized into.
Specifies the format for the public key certificate, certificate revocation lists, attribute certificates, and a certificate path validation algorithm.
YOU MIGHT ALSO LIKE...
Introduction to Business | Gaspar, Bierman, Kolari, Hise, Smith, Arreola-Risa
MOAC 70-697 Lesson 2 Supporting Authentication and Authorization
Windows 10 - Lesson 14
OTHER SETS BY THIS CREATOR
New Semester Group
Server Chap 12
Server Chap 06
Server Chap 06