14-C

Question 1

What do logical access controls ensure?

Answer 1

Each user is identified and authenticated before being allowed to use a host or network services.

Question 2

What is a security control?

Answer 2

A safeguard or prevention method to avoid, counteract, or minimize risks relating to personal or company property.

Question 3

Name the three types of security controls.

Answer 3

• Physical controls
• Procedural controls
• Logical controls

Question 4

What are physical controls?

Answer 4

Controls that work in the built environment to control access to sites. Examples include fences, doors, and locks.

Question 5

What are procedural controls?

Answer 5

Controls applied and enforced by people. Examples include incident response processes, management oversight, and security awareness training programs.

Question 6

What are logical controls?

Answer 6

Controls applied and enforced by digital or cyber systems and software. Examples include user authentication, antivirus software, and firewalls.

Question 7

What does the AAA triad stand for?

Answer 7

• Authentication
• Authorization
• Accounting

Question 8

Define authentication in the context of access control.

Answer 8

The process of identifying an account and ensuring that it can only be operated by someone who can supply the correct credentials.

Question 9

What is authorization?

Answer 9

Access to resources is allowed only to accounts with defined permissions.

Question 10

What does accounting refer to in an access control system?

Answer 10

Logging when and by whom a resource was accessed.

Question 11

What is a permission in security settings?

Answer 11

A security setting that determines the level of access an account has to a particular resource.

Question 12

What is an access control list (ACL)?

Answer 12

A list attached to each resource that specifies the permissions for each subject.

Question 13

What does implicit deny mean?

Answer 13

Unless there is a rule specifying that access should be granted, any request for access is denied.

Question 14

What is the principle of least privilege?

Answer 14

A user should be granted the minimum possible rights necessary to perform their job.

Question 15

What is a local account in Windows?

Answer 15

An account defined on a specific computer only, stored in the Security Account Manager (SAM).

Question 16

What is a Microsoft account?

Answer 16

An account managed via an online portal, identified by an email address, and can synchronize profile settings between devices.

Question 17

What is a security group?

Answer 17

A collection of user accounts used to assign permissions and rights more efficiently.

Question 18

What is the primary function of the Administrators group?

Answer 18

Members have very high access to all files and system tasks.

Question 19

What happens when the Guest user account is enabled?

Answer 19

It allows file sharing without passwords but is disabled by default.

Question 20

What does User Account Control (UAC) do?

Answer 20

Protects the system against malicious scripts and requires user consent for performing privileged tasks.

Question 21

What is multifactor authentication (MFA)?

Answer 21

A security process that requires the user to provide at least two different kinds of credentials.

Question 22

What is 2-step verification?

Answer 22

A method where a soft token is generated and sent to a registered method to verify a sign-in request.

Question 23

What is an authenticator application?

Answer 23

An application that can be used for passwordless access or as a two-factor authentication mechanism.

Question 24

What is hard token authentication?

Answer 24

Authentication using a physical device like a smart card or USB drive to transmit credentials.

Question 25

What are the three Windows authentication scenarios?

Answer 25

* Windows local sign-in * Windows network sign-in * Remote sign-in

Question 26

What is Windows Hello?

Answer 26

A subsystem allowing the user to authenticate using alternative methods, such as a PIN or biometric recognition.

Question 27

What is required to set up Windows Hello?

Answer 27

A PIN must be configured ## Footnote The PIN acts as a backup mechanism if other methods become unavailable.

Question 28

What does fingerprint authentication use to verify identity?

Answer 28

A sensor to scan the unique features of the user’s fingerprint

Question 29

How does facial recognition work in Windows Hello?

Answer 29

Uses a webcam to scan the user’s face and records a 3-D image with infrared (IR) sensor

Question 30

What is a security key in the context of Windows Hello?

Answer 30

A removable USB token or smart card, or a trusted smartphone with an NFC sensor

Question 31

What does Single Sign-On (SSO) allow users to do?

Answer 31

Authenticate once to gain access to multiple applications or services

Question 32

What are the advantages of Single Sign-On (SSO)?

Answer 32

Users do not manage multiple digital identities and passwords

Question 33

What is a disadvantage of Single Sign-On (SSO)?

Answer 33

Compromising one account compromises multiple services

Question 34

What does Windows Hello for Business aim to achieve?

Answer 34

Transition to passwordless SSO

Question 35

What is the role of the Domain Controller (DC) in a Windows domain?

Answer 35

Stores Active Directory and provides authentication services

Question 36

What is an Organizational Unit (OU) in Active Directory?

Answer 36

A way of dividing a domain into different administrative realms

Question 37

What is the purpose of Group Policy in a domain?

Answer 37

Configures computer settings and user profile settings

Question 38

What command is used to apply new or changed policies to a computer immediately?

Answer 38

gpupdate

Question 39

What does the gpresult command do?

Answer 39

Displays the Resultant Set of Policies (RSoP) for a computer and user account

Question 40

What is Mobile Device Management (MDM)?

Answer 40

Software to apply security policies to mobile devices in the enterprise

Question 41

Fill in the blank: A _______ is a server-based system joined to the domain that does not maintain a copy of the Active Directory database.

Answer 41

member server

Question 42

True or False: A local account can be used to access multiple computers.

Answer 42

False

Question 43

What happens when a user attempts to access a network with an unregistered device?

Answer 43

Access is denied based on administrator-set parameters

Question 44

What are the three principal user security groups created when Windows is installed?

Answer 44

* Administrators * Users * Guests

Question 45

What tool is used to add a user to a local security group?

Answer 45

Computer Management

Question 46

What is the function of a login script?

Answer 46

Performs configuration or process activity when the user signs in

Question 47

What is the main function of Active Directory?

Answer 47

To manage user, group, and computer objects in a network

Question 48

True or False: Group Policy Objects (GPOs) can be linked to multiple OUs.

Answer 48

True

Question 49

What is the purpose of security groups in Active Directory?

Answer 49

To assign permissions more easily and robustly

Question 50

What is the significance of the TPM in Windows Hello?

Answer 50

Stores the private key securely within the user device