Flashcards in Support Essentials 10.9 Deck (192)
How do you make OS X associate a new local user account with a manually migrated or restored user’s home folder?
Before the local user account is created on a system, you must first copy the restored user’s home folder to the /Users folder. Then after you create the new user in Users & Groups preferences with the same account name, the system will prompt you to associate the new account with the restored home folder.
What does the master password do?
The master password is used to reset local account passwords.
What methods can be used to reset a user’s lost account password?
Local account passwords can be reset by an administrator in Users & Groups, the master password at login, an Apple ID at login, a FileVault 2 recovery key at startup, and by the Reset Password application in OS X Recovery.
How does a user that changes his own account password affect his login keychain?
When a user changes his own account password, the system will keep his login keychain password in sync.
How does resetting a user’s account password affect that user’s login keychain?
Any account password reset process won’t change any keychain passwords. Therefore, the user’s keychains won’t automatically open when the user logs in with her new password. The user will have to manually change her keychain passwords using the Keychain Access utility.
How does resetting the master password affect existing Legacy FileVault user accounts?
If a master password is reset because it was lost, Legacy FileVault accounts can’t be reset by the new master password.
How can you limit the use of Location Services?
The Privacy pane of Security & Privacy preferences can be used to allow or disallow applications’ access to Location Services, Contacts, Calendars, Reminders, social network services, and Accessibility application access.
What can you enable to locate a lost Mac system?
iCloud Find My Mac allows you to remotely locate a lost Mac system. You enable this feature in iCloud preferences. To locate a lost Mac system, you can use the iCloud website or the Find My iPhone app on an iOS device.
How does the Firmware Password Utility help prevent users from making unauthorized password changes?
The Firmware Password Utility prevents users from starting up from another system disk. This in turn prevents them from using an OS X Recovery system to reset local passwords without authorization.
What type of items can be found in a keychain?
Keychains are used to store secrets such as resource passwords, digital certificates, and encryption keys. The keychain system can also securely store Safari AutoFill information, Internet Account settings, and secure text notes.
How does the keychain system help protect your information?
The keychain system manages encrypted files that are used to securely save your items. By default, every user has login and Local Items keychains that use the same password as his account. Not even other administrative users can access your keychain secrets without knowing the keychain’s password.
Where are the keychain files stored?
Each user starts with a login keychain saved at /Users/ /Library/Keychain/ login.keychain and a Local Items/iCloud keychain saved in the /Users// Library/Keychains/ folder. Administrative users can manage systemwide authentication assets with the /Library/ Keychain/System.keychain. Finally, Apple maintains several items in /System/Library/Keychains/ for OS X system use.
What application is used to manage keychain settings?
Keychains can be managed from the /Applications/Utilities/ Keychain Access application.
When and why would you set up an iCloud Security Code?
An iCloud Security Code can be set up the first time you enable the iCloud Keychain service for a specific Apple ID. The iCloud Security Code can be used to set up other devices for the iCloud Keychain service and can be used to regain access to the iCloud keychain should you lose all your Apple devices.
What’s required to set up the iCloud Keychain service on multiple Apple devices?
Additional Apple devices must be authorized to use the iCloud Keychain service using a combination of the Apple ID password and another method. One method involves using an iCloud Security Code; the other method is to authorize access from another Apple device that has already been configured for the iCloud Keychain service.
How are disks, partitions, and volumes different from one another?
Disks are the actual storage hardware; partitions are logical divisions of a disk used to define the storage space; and volumes, contained inside partitions, are used to define how the individual files and folders are saved to the storage.
What are the two primary partition schemes for Mac- formatted disks? What are their differences?
GUID Partition Table is the default partition scheme on Intel- based Mac computers, and Apple Partition Map is the default partition scheme on PowerPC-based Mac computers.
What two volume formats are supported for an OS X system volume?
The volume formats supported as system volumes for OS X are Mac OS Extended (Journaled) and Mac OS Extended (Journaled, Encrypted).
How does file system journaling work?
File system journaling records what file operations are in progress at any given moment. This way, if a power failure or system crash occurs, after the system restarts, it will be able to quickly verify the integrity of the volume by “replaying” the journal.
What are the four erase options available in Disk Utility? How are they all different?
Fastest, which simply replaces the volume’s directory structure
• A second choice, which provides good security by writing zeros on top of all the previous disk data
• A third choice, which provides even better security by writing three separate passes of information on top of the previous disk data
• Most Secure, which provides the best security by writing seven separate passes of information on top of the previous disk data
How does the Secure Empty Trash feature in Finder work?
Secure Empty Trash will perform a 7-pass erase on the contents of the Trash folder.
How can you ensure that previously deleted items are securely erased?
From the Erase tab in Disk Utility, you can choose to securely erase the free space of a disk or volume. This securely erases any previously deleted files on the selected disk or volume.
How can you encrypt a disk without losing its contents?
From the Finder, you can encrypt a disk without losing its contents by secondary (or Control-) clicking the disk and then choosing Encrypt from the shortcut menu.
What four methods can be used to eject a volume or disk from the Finder?
Drag the disk icon to the Trash in the Dock.
• Press and hold the Eject key for a few moments to unmount and eject optical media.
• Select the volume you want to eject and choose Eject from the File menu.
• In the Finder sidebar, click the small Eject button next to the volume you want to unmount and eject.
What’s the potential side effect of improperly unmounting or ejecting a disk or volume?
Improperly unmounting or ejecting a drive or volume may cause data corruption. The system automatically verifies and repairs an improperly unmounted or ejected volume the next time it becomes available to the Mac.
How does FileVault 2 protect a user’s data?
FileVault 2 protects the entire system volume and all its data by using strong XTS- AES 128 encryption. During system startup, a FileVault-enabled user must enter her password to decrypt the system volume.
What are the system requirements for using FileVault 2?
To enable FileVault 2, OS X systems must have the hidden
OS X Recovery HD volume on the system disk. Further, any Legacy FileVault accounts must be decrypted and returned to normal accounts before FileVault 2 can be enabled.
Which users are allowed to unlock a FileVault 2 protected system?
Any user that’s FileVault enabled is allowed to unlock a FileVault 2–protected system. This includes any local or cached network user account that was enabled when FileVault 2 was set up or created after FileVault 2 was enabled. Further, administrators may return to Security & Privacy preferences to enable additional accounts.
How can you unlock a FileVault 2–protected system when all user accounts have lost their passwords?
A FileVault 2–protected system can be unlocked using the recovery key that was generated during the FileVault 2 setup process. This key can be entered during system startup, and will allow you to reset the user’s account password.