Access Control Policies
Vocabulary
Linux Commands
Active Directory
Hardening Authentication
Remote Access
100

This type of access controls search for details about the attack or the attacker. These include intrusion detection systems.

What is a Detective Access Control Policy 

100

An error that occurs when a person who should be allowed access is denied access.

What is a False Negative

100

Assign or change a password for a user.

What is "passwd"

100

is a group of related domains that share the same contiguous DNS namespace.

What is a Tree

100

Similar in appearance to credit cards, have an embedded memory chip that contains encrypted authentication information.

What are Smart Cards

100

 

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)

Answer:

A) RADIUS

B) PKI

C) EAP

D) TACACS+

E) AAA

What is A) RADIUS and D) TACACS+

200

This type of access controls deter intrusion or attacks. These include separation of duties and dual-custody processes.

What is a Preventive Access Control Policiy

200

A method of confirming identity by using two or more pieces of evidence (or factors) to an authentication mechanism.

What is Multifactor Authorization

200

Used to modify an existing user account

What is "Usermod"

200
  • GPOs are applied in the following order:
    1. The Local Group Policy on the computer.
    2. GPOs linked to the site.
    3. GPOs linked to the domain that contains the User or Computer object.
    4. GPOs linked to the organizational unit(s) that contain(s) the User or Computer object (from the highest-level OU to the lowest-level OU).

True or False?

What is True

200

You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days.

What should you do?

Answer

A) Configure account lockout policies in Group Policy

B) Configure expiration settings in user accounts

C) Configure day/time settings in user accounts

D) Configure account policies in Group Policy

What is D)  Configure account policies in Group Policies

200

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Answer

A) Hashed shared secret

B) Mutual authentication

C) Certificate-based authentication

D) Three-way handshake

What is B) Mutual Authentication

300

This type of access controls discourage attack escalation.

What are Deterrent Access Control Policies


300

is an online service that manages identity information for other organizations.

What is an Identity Provider or IdP

300

displays the status of the user account. LK indicates that the user account is locked, and PS indicates that the user account has a password.

What is "-S username"

300

What should you do to a user account if the user goes on an extended vacation?

Answer:

A) Monitor the account more closely

B) Disable the account

C) Remove all rights from the account

D) Delete the account

What is B) Disable Account

300

The process of accessing a smart cards chip surface directly to observe, manipulate, and interfere with the circuit.

What is Microprobing 

300

RADIUS is primarily used for what purpose?

Answer

A) Controlling entry-gate access using proximity sensors

B) Managing RAID fault-tolerant drive configurations

C) Managing access to a network over a VPN

D) Authenticating remote clients before access to the network is granted

What is D) Authenticating remote clients before access to the network is granted

400

This type of access controls restore the system to normal operations after the attack and the short-term stabilization period.

What are Recovery Access Controls

400

is a centralized database that contains user accounts and security information. It is included in most Windows Server operating systems as a set of processes and services.

What is an Active Directory 

400

One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones with no other values changed. Which of the following commands would accomplish this?

Answer

A) usermod -u kscott kjones

B) usermod -u kjones kscott

C) usermod -l kjones kscott

D) usermod -l kscott kjones

What is C) usermod -l kjones kscott

400

What are the 6 Components of Active Directorys

What are Domain, Trees and Forests,Organizational Units (OU), Generic Containers, Objects, and Domain Controller

400

You are configuring the Local Security Policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again.

Which policies should you configure? (Select two.)

Answer:

A) Password must meet complexity requirements

B) Enforce password history

C) Minimum password age

D) Maximum password age

What is B and C Enforce password history and Minimum password age

400

Which of the following is a characteristic of TACACS+?

Answer

A) Encrypts the entire packet, not just authentication packets

B) Uses UDP ports 1812 and 1813

C) Requires that authentication and authorization are combined in a single server

D) Supports only TCP/IP

What is A) Encrypts the entire packet, not just authentication packets

500

These controls are computer mechanisms that restrict access. Examples include encryption, one-time passwords, access control lists, and firewall rules.

What are Technical Access Controls

500

is used for both authentication and authorization services. It is the default authentication method used by computers that are a part of an Active Directory domain.

What is Kerberos

500

You suspect that the gshant user account is locked.

Enter the command you would use in a shell to show the status of the user account.

______________

What is "passwd -S gshant"

500

You want to ensure that all users in the Development OU have a common set of network communication security settings applied.

Which action should you take?

Answer:

A) Create a GPO computer policy for the Computers container.

B) Create a GPO user policy for the Development OU.

C) Create a GPO computer policy for the computers in the Development OU.

D) Create a GPO folder policy for the folders containing the files.

What is C) Create a GPO Computer policy for the computers in the Development OU

500

You manage a single domain named widgets.com.

Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs.

You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users.

You need to make the change as easily as possible. Which of the following actions should you take?

Answer:

A) Create a GPO linked to the Directors OU. Configure the password policy in the new GPO.

B) Create a new domain. Move the contents of the Directors OU to the new domain and then configure the necessary password policy on the domain.

C) Implement a granular password policy for the users in the Directors OU.

D) Go to Active Directory Users and Computers. Select all user accounts in the Directors OU, and then edit the user account properties to require the longer password.

What C) Implement a granular password policy for the users in the directors OU

500

Which of the following ports are used with TACACS?

Answer

A) 22

B) 49

C) 50 and 51

D) 1812 and 1813

E) 3389

What is B) 49

M
e
n
u