IS3340 CHAPTER 3 Flashcards Preview

IS3340 SEC. STRAT. IN WINDOWS PLATFORM & APPS. > IS3340 CHAPTER 3 > Flashcards

Flashcards in IS3340 CHAPTER 3 Deck (36):
1

An individual entry in a CACL is called ___?

ACCESS CONTROL ENTRY (ACE)

2

The list of access permissions for an object is called ___?

ACCESS CONTROL LIST (ACL)

3

Shared database of domain users, groups, computers, resources, and other information, along with network functionality to centralize and standardize network management and interoperation is called ___?

ACTIVE DIRECTORY

4

This is an access control approach that systematically nests individual user accounts in groups that make securing objects more general. It is an acronym for Accounts, Global groups, Universal groups, domain Local groups, and Permissions and is usually called ___?

AGULP

5

The process of collecting performance information on what actions were taken and storing that information for later analysis is called ___?

AUDITING

6

GUIDS used in the Windows registry to identity objects and record many of their attributes is called ___?

CLASS IDENTIFIERS (CLSIDs)

7

An international set of standards for functionality and assurance of computer security. This is supersedes the Orange Book as well as other standards and is called ___?

COMMON CRITERIA

8

The list of access permissions for an object, based on access granted by the object's owner is called ___?

DISCRETIONARY ACCESS CONTROL LIST (DACL)

9

A server computer designated to handle Active Directory requests is called ___?

DOMAIN CONTROLLER

10

Access permissions to an object calculated based on the requesting subjects' identification and group memberships is called ___?

EFFECTIVE PERMISSIONS

11

Identification value that is unique across all environments to keep track of an object across many computers is called ___?

GLOBALLY UNIQUE ID (GUID)

12

A set of named entities that define a group of users for the purposes of defining permissions that apply to multiple users is called ___?

GROUP

13

A computer network authentication protocol which allows computers to communicate in a secure manner across an insecure network, and the default authentication protocol for Windows. This is called ___?

KERBEROS

14

A computer designated to authenticate users and, upon authentication, issue Kerberos keys that will allow subjects to access objects is called ___?

KEY DISTRIBUTION CENTER (KDC)

15

User accounts that are defined using the principle of least privilege is called ___?

LEAST PRIVILEGE USER ACCOUNTS (LUAs)

16

Authentication protocol used in legacy Windows systems to support secure communication across an insecure network is called ___?

NETWORK TRANSLATION LAN MANAGER (NTLM)

17

This was one of the early formal standards for computer security. The United States Department of Defense Trusted Computer System Evaluation Criteria (DOD-5200.28-STD) is commonly called ___.

ORANGE BOOK

18

The practice of providing a user or process with only the necessary access required to carry out a task is called ___?

PRINCIPLE OF LEAST PRIVILEGE

19

An encryption key that can be shared and does not need to be kept private is called ___?

PUBLIC KEY

20

A document used by Windows to store all SIDs associated with a process is called ___?

SECURITY ACCESS TOKEN (SAT)

21

Windows feature that prompts users for a confirmation before escalating to administrator privileges is called ___?

USER ACCOUNT CONTROL

22

1. Which of the following best describes the principle of least privilege?

1. Providing the necessary access to carry out any task
2. Providing access to the least number of objects possible
3. Providing just the necessary access required to carry out a task
4. Providing access equivalent to the least populated security group

Providing just the necessary access required to carry out a task

23

2. Which type of user account is designed using the principle of least privilege?

1. LUA
2. SID
3. GUID
4. KDC

LUA

24

3. What structure does the Windows operating system use to store collections of permissions for objects?

1. ACE
2. DACL
3. GUID
4. CLSID

DACL

25

4. If a regular user is a member of four groups, how many SIDs will be stored in the user's SAT?

1. 1
2. 4
3. 5
4. 6

5

26

5. Which of the following best describes UAC?

1. Prompts users before escalating to administrator privileges
2. Prevents processes from escalation to administrator privileges
3. Terminates programs that attempt to escalate to administrator privileges
4. Alerts users that attempts to escalate to administrator privileges have been automatically denied

Prompts users before escalating to administrator privileges

27

6. Which protocol does the Windows operating system use by default to authenticate computers to exchange security information?

1. Kerberos
2. NTLM
3. SAML
4. TCP/IP

Kerberos

28

7. When viewing an object's DACL, which permission indicates that advanced permissions have been set?

1. Extended permissions
2. Advanced permissions
3. Special permissions
4. Level II permissions

Special permissions

29

8. Which type of identifier was originally developed to identify ActiveX controls?

1. SID
2. PID
3. CLSID
4. GUID

GUID

30

9. Which type of identifier is used to identify user groups?

1. SID
2. PID
3. CLSID
4. GUID

SID

31

10. If a user, user A

No, because group B denies read access to helloWorld.c

32

11. Why should you carefully design an auditing strategy before turning auditing on?

1. Auditing incomplete information wastes analysis time
2. Auditing too much information causes excessive overhead
3. Ad-hoc auditing rarely provides useful information
4. Audit log files only retain limited information without extensive configuration

Auditing too much information causes excessive overhead

33

12. Which of the following guidelines tend to provide the most useful auditing information?

1. Always audit event success and failures
2. Never audit both event successes and failures
3. Generally audit event failures
4. Do not audit event failures unless you first audit event successes

Generally audit event failures

34

13. What tool is most commonly used to view and search audit logs?

1. Windows Event Viewer
2. Windows Log Viewer
3. Windows Audit Viewer
4. Window ACL Viewer

Windows Event Viewer

35

14. Which of the following Windows tools replaces previous legacy tools and allows ACL modifications

1. Cacls
2. Xcacls
3. iCacls
4. SubInACL

iCacls

36

15. When using AGULP, for which entity type are local object permissions defined?

1. User accounts
2. Global groups
3. Universal groups
4. Domain local groups

Domain local groups