True/False
Indicate whether the sentence or statement is true
or false.
|
|
|
1.
|
Implementing security always involves finding the right balance between both business
and technical factors.
|
|
|
2.
|
Trust
relationships require users in domain environments to authenticate themselves each time they wish to
access resources across other domains and forests.
|
|
|
3.
|
Users
should generally only be granted the lowest level of access to resources that they require to carry
out necessary functions.
|
|
|
4.
|
A
Windows Server 2003 environment does nothing to encrypt files or folders as they traverse a
network.
|
|
|
5.
|
Microsoft only sends critical updates to customers as e-mail
attachments.
|
|
|
6.
|
A
computer running Windows NT can take advantage of security template configurations and
deployments.
|
|
|
7.
|
Security templates can be applied to either the local machine or the
domain.
|
|
|
8.
|
Monitoring network events provides evidence of security breaches if or when they
occur.
|
|
|
9.
|
The
configuration of an audit policy is determined by the role of the computer on the
network.
|
|
|
10.
|
Auditing object access is always beneficial to system performance, and should be used
whenever possible.
|
Multiple Choice
Identify the
letter of the choice that best completes the statement or answers the question.
|
|
|
11.
|
Windows Server 2003 ____ processes require a user to submit a valid user name and
password combination to gain access to desktop systems or domain environments. a. | encryption | c. | authentication | b. | security | d. | access control | | | | |
|
|
|
12.
|
____
literally controls which users, groups, and computers can access resources, along with the level of
access granted. a. | Encryption | c. | Authentication | b. | Security | d. | Access control | | | | |
|
|
|
13.
|
If a
user only needs to be able to read a file and not make changes, they should be granted no more than
the ____ permission to that file. a. | Read | c. | Modify | b. | Write | d. | Execute | | | | |
|
|
|
14.
|
The
concept of only granting users the lowest level of resource access they require is known as
____. a. | access
restriction | c. | low level
access | b. | the principle of least
privilege | d. | the principle of
resource restriction | | | | |
|
|
|
15.
|
In
Windows Server 2003, the ability to encrypt confidential files is provided by ____. a. | the Encryption
Access | c. | Access
control | b. | the Encrypting File System | d. | the File Security System | | | | |
|
|
|
16.
|
____
is an open-standard security protocol used to encrypt the contents of packets sent across a TCP/IP
network. a. | NTFS | c. | IPSec | b. | EFS | d. | TCPIPSec | | | | |
|
|
|
17.
|
When
implemented between network clients and servers, IPSec is running in ____ mode, and can fully secure
communications sessions across a network. a. | open | c. | tunnel | b. | secure | d. | transport | | | | |
|
|
|
18.
|
____
mode is when IPSec is used in such a way that data is secured between two pre-defined endpoints
only. a. | Open | c. | Tunnel | b. | Secure | d. | Transport | | | | |
|
|
|
19.
|
An
administrator can analyze policy settings by using the ____ command line utility. a. | SECEDIT | c. | ANALPOL | b. | GPUPDATE | d. | SECPOL | | | | |
|
|
|
20.
|
In
the Microsoft world, updates are released as ____ as soon as a security flaw or other issue is
identified and corrected. a. | service packs | c. | hot fixes | b. | system
updates | d. | bug
fixes | | | | |
|
|
|
21.
|
Service packs and hot fixes can be downloaded and installed via ____. a. | email | c. | Microsoft
executables | b. | Windows Updates | d. | network proxy | | | | |
|
|
|
22.
|
The
Security Configuration Manager tools consist of ____ core components.
|
|
|
23.
|
____
help(s) ensure that a consistent security setting can be applied to multiple machines and be easily
maintained. a. | Security
templates | b. | The Security Configuration and Analysis
tool | c. | Security
settings in Group Policy objects | d. | The SECEDIT command-line tool | | |
|
|
|
24.
|
A
computer running ____ can take advantage of security template configurations and
deployments. a. | Windows ME
| c. | Windows
NT | b. | Windows
98 | d. | Windows
2000 | | | | |
|
|
|
25.
|
When
Windows Server 2003 is installed, the default security settings applied to the computer are stored in
a template called ____. a. | Security Install.exe | c. | Security Setup.inf | b. | Setup
Security.inf | d. | Default
Security.exe | | | | |
|
|
|
26.
|
The
purpose of the ____ template is to provide a single file in which all of the original computer
security settings are stored. a. | factory | c. | default | b. | incremental | d. | analysis | | | | |
|
|
|
27.
|
The
____ template weakens the default security to allow legacy applications to run under Windows Server
2003. a. | Securews.inf | c. | Hisecws.inf | b. | Compatws.inf | d. | Iesacls.inf | | | | |
|
|
|
28.
|
The
____ template contains settings to lock down Internet Explorer security settings. a. | Hisecws.inf | c. | Iesacls.inf | b. | Rootsec.inf | d. | Compatws.inf | | | | |
|
|
|
29.
|
The
____ template should only be incrementally applied to domain controllers, which must be running
Windows 2000 or Windows Server 2003. a. | Securews.inf | c. | Rootsec.inf | b. | Compatws.inf | d. | Hisecdc.inf | | | | |
|
|
|
30.
|
The
____ template is used in reapplying security permissions to resources on the system drive that have
been changed in one way or another. a. | Hisecws.inf | c. | Iesacls.inf | b. | Rootsec.inf | d. | Compatws.inf | | | | |
|
|
|
31.
|
To
apply a security template to a local machine, open the Local Security Settings MMC snap-in by running
____. a. | GPUPDATE.EXE | c. | SECTEMP.MMC | b. | SECPOL.MSC | d. | SECTEMP.EXE | | | | |
|
|
|
32.
|
____
security settings are refreshed any time the machine is rebooted. a. | Local
Policy | c. | Group
Policy | b. | Initial System | d. | Incremental | | | | |
|
|
|
33.
|
Even
if there have been no changes to Group Policy, the security settings are refreshed every
____. a. | 30
minutes | c. | 8
hours | b. | 90 minutes | d. | 16 hours | | | | |
|
|
|
34.
|
The
____ snap-in allows administrators to compare current system settings to a previously
configured security template. a. | Security Configuration and
Analysis | c. | Security
Templates | b. | Group Policy Object Editor MMC | d. | Local Security Policy | | | | |
|
|
|
35.
|
____,
along with the Task Scheduler, can ensure that every computer in the workgroup maintains consistent
security policy settings. a. | GPUPDATE | c. | SECSCHEDULE | b. | SECEDIT | d. | SECPOLICY | | | | |
|
|
|
36.
|
The
SECEDIT command uses ____ main switches.
|
|
|
37.
|
The
____ SECEDIT switch configures a system with database and template settings. a. | /analyze | c. | /dbsettings | b. | /configure | d. | /validate | | | | |
|
|
|
38.
|
The
____ SECEDIT switch examines database settings and compares them to a computer
configuration. a. | /configure | c. | /compare | b. | /validate | d. | /analyze | | | | |
|
|
|
39.
|
The
____ SECEDIT switch creates a template that can be used to return to previous security settings in
the event that settings are changed. a. | /InitialSettings | c. | /GenerateRollback | b. | /compare | d. | /validate | | | | |
|
|
|
40.
|
____
helps detect potential threats, increases user accountability, and provides evidence of security
breaches if or when they occur. a. | Monitoring | c. | Accounting | b. | Auditing | d. | Securing | | | | |
|
|
|
41.
|
____
specific resources, such as printer and file shares, can tell you how often users are accessing
them. a. | Monitoring | c. | Accounting | b. | Auditing | d. | Securing | | | | |
|
|
|
42.
|
Which
of the following is first in the order in which Group Policy settings are applied? a. | Organizational
Unit | c. | Domain | b. | Local | d. | Site | | | | |
|
|
|
43.
|
Which
of the following comes last in the order in which Group Policy settings are applied? a. | Organizational
Unit | c. | Domain | b. | Local | d. | Site | | | | |
|
|
|
44.
|
____
includes determining the computers for which auditing should be configured, what objects need to be
audited, the type of events to audit, and whether to audit the successes, failures, or
both. a. | Monitoring | c. | Planning | b. | Accounting | d. | Securing | | | | |
|
|
|
45.
|
By
default, the security log shows events that occurred on the ____. a. | remote
host | c. | domain
controller | b. | local computer | d. | monitored computer | | | | |
|
Matching
|
|
|
Match each term with the correct statement below. a. | Audit account
management | f. | Audit policy
change | b. | Audit object access | g. | Overwrite events older than X days | c. | Audit logon
events | h. | Audit directory
service access | d. | Audit account logon events | i. | Maximum log size | e. | Overwrite events
as needed | j. | Audit process
tracking | | | | |
|
|
|
46.
|
activated when a user logs on or off a local computer or Active
Directory
|
|
|
47.
|
activated when a policy that affects security, user rights, or auditing is
changed
|
|
|
48.
|
activated when an Active Directory object is accessed
|
|
|
49.
|
activated when a user logs onto a computer, and generated where the user account is
located
|
|
|
50.
|
activated when an object such as a folder or printer is accessed
|
|
|
51.
|
activated whenever a user or group is created, deleted, or modified
|
|
|
52.
|
sets
the number of days before a security log is overwritten
|
|
|
53.
|
specifies that all new events overwrite the oldest events when the security log file
becomes full
|
|
|
54.
|
activated any time an application process takes place
|
|
|
55.
|
specifies the size of the security log file
|