79 terms

Security Fundamentals 98-367: Lesson 2


Terms in this set (...)

Which of the following is not a method for authentication?
-Something the user knows
-Something the user owns or possesses
-Something the user is
Password reader
Which of the following is not a biometric device?
-Password reader
-Retinal scanner
-Fingerprint scanner
-Face scanner
Which of the following services is used for centralized authentication, authorization, and accounting?
What is the primary authentication method used on Microsoft Active Directory?
PDC Emulator
The master time keeper and master for password changes in an Active Directory domain is:
Local user accounts are found in:
A(n) _____ authorizes a user to perform certain actions on a computer.
Which of the following file systems offers the best security?
Full Control
Which NTFS permission is needed to change attributes and permissions?
Which type of permission is granted directly to a file or folder?
The same permissions as the target folder
If you copy a file or folder to a new volume, what permissions will that file or folder have?
NTFS folder
Active Directory user
Registry key
Which of the following uses an ACL?
-NTFS folder
-Active Directory user
-Registry key
-Login rights
Which type of key has one key for encryption and a different key for decryption?
Which infrastructure is used to assign and validate digital certificates?
Which technology is used to encrypt an individual file on an NTFS volume?
security token
A device that may give you a second password to log in to a system is a(n) _____.
domain controller
The _____ holds a copy of the centralized database used in Active Directory
By default, your computer clock should not be off more than ____ minutes or you might have problems with Kerberos authentication.
A(n) _____ defines the type of access over an object or the properties of an object such as an NTFS file or printer.
_____ permissions flow from a parent object to a child object.
When you cannot access a folder because someone removed the permissions so that no one can access it, you must take _____ of the folder.
The centralized database that holds most of the Windows configuration is known as the _____.
To track a user's activities in Windows, you need to enable _____.
access control list (ACL)
A list of all users and groups that have access to an object.
Also known as auditing, is the process of keeping track of a user's activity while accessing network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during each session.
Active Directory
A directory service technology created by Microsoft that provides a variety of network services, including Lightweight Directory Access Protocol (LDAP), Kerberos-based and single sign-on (SSO) authentication, DNS-based naming and other network information and a central location for network administration and delegation of authority.
administrative share
A shared folder typically used for administrative purposes.
asymmetric encryption
Also known as public key cryptography, uses two mathematically related keys for encryption. One key is used to encrypt the data, while the second is used to decrypt it.
Also known as accounting, is the process of keeping track of a user's activity while accessing network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during each session.
The process of identifying an individual, usually based on a username and a password.
The process of giving individuals access to system objects based on their identity.
An authentication method that identifies and recognizes people based on physical traits, such as fingerprints, face recognition, iris recognition, retinal scans, and voice recognition.
BitLocker To Go
A new feature in Windows 7 that enables users to encrypt removable USB devices, such as flash drives and external hard disks.
brute force attack
A type of attack that tries as many possible combinations of characters as time and money permits.
built-in groups
The default groups that are included within Windows or Active Directory
certificate chain
Also known as the certification path, is a list of certificates used to authenticate an entity. It begins with the certificate of the entity and ends with the root CA certificate.
certificate revocation list (CRL)
A list of certificates (or more specifically, a list of serial number for certificates) that have been revoked or are no longer valid and therefore should not be relied on.
computer account
A logical object that provides a means for authentication and auditing a computer's access to a Windows network, as well as its access to domain resources.
The process of converting data from encrypted format back to its original form.
dictionary attack
A form of attack which attempts all words in one or more dictionaries. Lists of common passwords are also typically tested.
digital certificate
An electronic document that contains an identity, such as a user or organization name, along with a corresponding public key. Because a _____ is used to prove a person's identity, it can also be used for authentication.
digital signature
A mathematical scheme that is used to demonstrate the authenticity of a digital message or document. It is also used to prove that the message or document has not been modified.
domain controller
A Windows server that stores a replica of the account and security information of a domain and defines the domain boundaries.
domain user
A user account stored on the domain controller and allows you to gain access to resources within the domain, assuming you have been granted permissions to access those objects.
effective permission
Actual permissions when logging in and accessing a file or folder. They consist of explicit permissions plus any inherited permissions
The process of converting data into a format that cannot be read by another user. Once a user has ______ a file, that file automatically remains _____ when it is stored on disk.
explicit permission
Permissions granted directly to a file or folder
A collection or list of user accounts or computer accounts
hash function
Has a one-way encryption, which means that after something has been encrypted with this method, it cannot be decrypted.
inherited permission
Permissions granted to a folder (parent object or container) that flows into child objects (subfolders or files) inside that folder.
IP Security (IPsec)
A suite of protocols that provides a mechanism for data integrity, authentication, and privacy for the Internet Protocol. It is used to protect data that is sent between hosts on a network by creating secure electronic tunnels between two machines or devices. ____ can be used for remote access, VPN, server connections, LAN connections, or WAN connections.
The default domain computer network authentication protocol, which allows hosts to prove their identity over a non-secure network in a secure manner.
Can be thought of as a password, is applied mathematically to plain text to provide cipher or encrypted text. Different _____ produce different encrypted output.
local user account
A user account that is stored in the Security Account Manager (SAM) database on the local computer.
member server
A server that is not running as a domain controller
multifactor authentication
When two or more authentication methods are used to authenticate someone.
Prevents one party from denying the actions it has carried out.
The preferred file system for today's Windows operating system
NTFS Permission
Permissions that allow you to control which users and groups can gain access to files and folders on an NTFS volume
The default authentication protocol for Windows NT, stand-alone computers that are not part of a domain, and situations in which you are authenticating to a server using an IP address.
organizational units (OU)
A container used in Active Directory to help organize objects within a domain and minimize the number of domains
An identity that controls an object including what permissions are set on the object and to whom permissions are granted.
A secret series of characters that enables a user to access a particular file, computer, or program
Defines the type of access that is granted to an object (an object can be identified with a security identifier) or object attribute
personal identification number (PIN)
A secret numeric password shared between a user and a system that can be used to authenticate the user to the system.
public key infrastructure (PKI)
A system consisting of hardware, software, policies, and procedures that create, manage, distribute, use, store, and revoke digital certificates. Within the ____, the certificate authority (CA) binds a public key with respective user identities and issues digital certificates containing the public key.
A central, secure database in which Windows stores all hardware configuration information, software configuration information, and system security policies. Components that use the ____ include the Windows kernel, device drivers, setup programs, hardware profiles, and user profiles.
Authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up files and directories on a system. User _____ are assigned through local policies or Active Directory group policies.
Secure Sockets Layer (SSL)
A cryptographic system that uses two keys to encrypt data, a public key known to everyone and a private key known only to the recipient of the message. The public key is published in a digital certificate, which also confirms the identity of the web server.
Security Account Manager (SAM)
A local security database found on most Windows computers.
security token
A physical device that an authorized computer services user is given to ease authentication.
share permissions
permissions assigned to shared folders or drives
shared folder
Technology that allows access of data files over the network.
single sign-on (SSO)
Technology that allows you to log on once and access multiple related but independent software systems without having to log in again.
smart card
A pocket-sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic.
symmetric encryption
Uses a single key to encrypt and decrypt data.
A standard for logging program messages that can be accessed by devices that would not otherwise have a method for communications.
user account
A logical object that enables a user to log on to a computer and domain.
virtual private network (VPN)
Technology that links two computers through a wide-area network such as the Internet. To keep the connection secure, the data sent between the two computers is encapsulated and encrypted.