Lesson 9 - Chapter 2: Authorization

Question 1

What is authorization?

Answer 1

giving permission to access certain resources

Question 2

Which happens first, authorization or authentication?

Answer 2

authentication, authorization relies upon on the accuracy of authentication methods used

Question 3

What’s another name for authorization?

Answer 3

access control

(because you’re controlling who can access a resource)

Question 4

The primary consideration in access control is the principle of least privilege. What does that mean?

Answer 4

The permissions and rights assigned to a user account should be the minimum they need to perform their tasks

Question 5

How do you make sure you keep user access permissions tight? (2)

Answer 5

1. Disable any unused user accounts
2. Remove all other permissions, and assign only the access required

Question 6

What happens when a user is a member of more than one group? What permissions do they have?

Answer 6

their permissions are combined from each group

Question 7

When you combine all the permissions a user has across multiple groups, what is that called?

Answer 7

effective permissions

Question 8

What are some ways you can use directory permissions? (3)

limit
protect
protect

Answer 8

1. limit access to sensitive information on a shared file server
2. protect others from snooping your user-specific files on a multi-user system
3. protect a system’s software from being compromised by any scripts/programs that are run by a user

Question 9

Using strict directory permissions won’t work if a bad actor has access to what?

Answer 9

if someone has physical access to the hard drive

Question 10

What do you use to protect (hard drive) data while it is at rest (not moving around the network)?

Answer 10

full-disk data encryption (like BitLocker)

Question 11

What’s one thing to pay attention to when it comes to default accounts and groups?

Answer 11

the default groups (Everyone, Guest, Users) are a broad group, so never use them unless you want to permit ALL of those people access

(you can use them but remember to configure them with the proper permissions)

Question 12

What does ACL stand for?

Answer 12

Access Control List

Question 13

What is an ACL?

Answer 13

Access Control List,
A list that determines who or what can have access to a certain resource

Question 14

What are the 2 basic types of ACLs?

Answer 14

1. A list stored in the boot drive of a file system; provides the basis for user/group permissions
2. A list of allowed MAC addresses from a wireless network that is stored on a WAP

Question 15

What are the differences and similarities between the 2 basic ACL types?

Answer 15

they work differently, but both share an ability to permit or block access to a resource

Question 16

Permissions control how users….

Answer 16

access resources

Question 17

What are policies?

Answer 17

permissions for activities (access command prompt, install software, log-on times, etc)

(different from an ACL which are true permissions that control access to a certain resource)

Question 18

What type of policies can you find in the Local Security Policy? (secpol.msc)

Answer 18

More than password policies, many policies for managing security

Question 19

Where would you find the setting that prevents a Guest account from signing into the computer from the network?

Answer 19

Local Policies > User Rights Assignment

Question 20

Local Policies work great for individual systems, but a pain to apply the same settings to more than 1 PC on your network. What’s the next step up you can use to apply policy settings to a whole group at once?

Answer 20

Windows Active Directory’s domain-based Group Policy utility

Question 21

What would you use to set a default wallpaper for every PC in your domain?

Answer 21

Group Policy

Question 22

What is data at rest?

Answer 22

Data that is not in use (in memory) or is being transmitted

Question 23

How is data at rest best protected in its helpless state?

Answer 23

encryption

Question 24

What is encryption?

Answer 24

the conversion of plain text into cipher text

Question 25

What is the most common encryption method used on data at rest?

Answer 25

symmetric encryption

Question 26

What is symmetric encryption?

Answer 26

uses the same encryption key to encode and decode the data

Question 27

What are the 4 types of encryption that can be applied to data at rest?

Answer 27

1. Application-level
2. File system
3. Database
4. Full-disk Encryption (FDE)

Question 28

What is application-level encryption?

Answer 28

Data is encrypted by the same application that generates or modifies the data on the client, workstation, or server. This method allows it to include rules for user logon levels.

Question 29

What is File System encryption? Access to data can target what?

Answer 29

this type can target specific data, files, and folders. Access to data can be tied to user accounts and may require password/PIN.

Question 30

What’s an example of File System encryption that we have seen in previous lessons?

Answer 30

NTFS’s Encrypting File System (EFS) is an example of file and folder encryption

Question 31

What is database (data at rest) encryption?

Answer 31

database data is included when all or parts of a database are encrypted

Question 32

What is full-disk encryption?

Answer 32

the entire content of a storage device are encrypted and access typically requires authentication (BitLocker)

Question 33

What is the most secure protection for data at rest?

Answer 33

full-disk encryption

Question 34

What are the 2 main tools for encrypting data at rest in Windows? What Windows editions are they available in?

Answer 34

1. Encrypting File System
2. BitLocker

available in all editions except Home

Question 35

How do you enable EFS encryption?

Answer 35

Right click file or folder > Properties > Advanced > Check ‘Encrypt Contents to Secure Data’

Question 36

If User A uses EFS to encrypt a folder on their system drive, can Admin B read the folder?

Answer 36

No, not unless User A provides the EFS certificate to Admin B

Question 37

What’s the primary purpose of BitLocker?

Answer 37

To prevent the data on a disk from being read if it’s removed from the PC by encrypting the entire disk

Question 38

What’s the difference between BitLocker and EFS?

Answer 38

EFS encrypts folders/files and BitLocker encrypts the entire disk

Question 39

An Admin account is required to change the settings for which: BitLocker or EFS?

Answer 39

BitLocker because it affects all users (EFS is for own user files)

Question 40

Where do you go to find the BitLocker setting to enable it? in Win 10(3)/11(4)

Answer 40

Win10: Control Panel > System and Security > BitLocker

Win11: Settings > Privacy & Security > Device Encryption > Bitlocker

Question 41

T or F: You can edit group policies at a command prompt using the gpresult command.

Answer 41

False