28 terms

Security Fundamentals 98-367: Lesson 3


Terms in this set (...)

Maximum Password Length
Account Lockout Threshold
Which of the following are not valid password controls? (Choose all that apply)
-Minimum Password Age
-Maximum Password Age
-Maximum Password Length
-Account Lockout Threshold
-Password History
Which of the following would be an acceptable password on a Windows 7 Professional system with Password Complexity enabled and Minimum Password Length set to eight? (Choose all that apply)
What is the maximum setting for Minimum Password Age?
0, 24
You are setting up your first secure Windows 7 Professional workstation and you are setting the password history. What are the minimum and maximum settings you can use? (Choose the best answer)
-0, 14
-1, 14
-0, 24
-1, 24
-0, 998
Brute force
Which of the following are common types of password attacks? (Choose two answers)
-Man in the middle
-Brute force
Dictionary attack
One form of brute force password attack uses an extensive list of predefined passwords. What is this form of brute force attack called?
Account Lockout Threshold
As the Chief Security Officer for a small medical records processing company, you suspect that a competitor will be attacking your network soon. Having worked in the business for a while, you're pretty sure that this competitor will try to run a dictionary attack against one of your Windows application servers. You want to be sure your competitor can't get into the server using this attack method. Which setting should you adjust in order to ensure this attack has a limited chance at success?
Local Security Policy
You are the head of the corporate security department, and the Microsoft team has asked you for some assistance in setting the password controls on their new stand-alone server. Which Administrative Tool should you use to configure these settings?
Password Settings Container
Password Settings Object
What are the two new features introduced in Windows Server 2008 that permit the use of fine-grained password policies?
To make sure a user does not reset a password multiple times until he or she can reuse his or her original password.
Why would you use a minimum password age?
Global Policy Object (GPO)
A set of rules that allows an administrator granular control over the configuration of objects in Active Directory (AD), including user accounts, operating systems, applications, and other AD objects, is known as a(n) ______.
Account Lockout Threshold
The number of incorrect logon attempts permitted before a system will lock an account is known as the _____.
Password History
The setting that determines the number of unique passwords that must be used before a password can be re-used is the _____.
dictionary attack
The type of attack that uses an extensive list of potential passwords is known as a(n) _____.
When you use special software to read data as it is broadcast on a network, you are _____ the network.
Reset account lockout counter after
The ______ needs to be less than or equal to the Account Lockout Duration.
The highest setting that Account Lockout Duration can use is ______.
Default Domain Policy
In a Windows Server 2008 Active Directory, the _____ automatically applies in the event you have not set a fine-grained password policy.
Account lockout duration
Account lockout threshold
Reset Account lockout counter after
The three configuration settings for account lockout are _____, _____, and _____.
A _____ account is one type of account you can configure so that the password does not expire.
account lockout
Refers to the number of incorrect logon attempts permitted before a system locks an account. Each bad logon attempt is tracked by the bad logon counter, and when the counter exceeds the account lockout threshold, no further attempts are permitted.
cracked password
A password that gets access to an encrypted password file from a workstation or server. Once he or she has access, the attacker starts running password cracking tools against the file, with an eye toward breaking as many passwords as possible and leveraging them to further compromise the company's network and systems.
dictionary attack
An attack that uses a dictionary containing an extensive list of potential passwords that the attacker then tries in conjunction with a user ID in an attempt to guess the appropriate password.
Group Policy Object (GPO)
A set of rules that allow an administrator granular control over the configuration of objects in Active Directory (AD), including user accounts, operating systems, applications, and other AD objects.
A software or hardware device that captures passwords and other critical data directly from the keyboard
A secret series of characters that enables a user to a particular file, computer, or program.
A specially designed software (and in some cases hardware) applications that capture network packets as they traverse a network, displaying them for the attacker.
strong password
A password that is hard to guess because it is long and has a mix of different types of characters. It also is random enough where it could not be easily guessed.