1212 Ch5.2.-5.5: Computer User Accounts Quiz
25 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the purpose of a user account on a computer?

  • To provide antivirus protection
  • To control internet speed
  • To identify a specific user and manage access rights (correct)
  • To store applications
  • Which type of user account has all rights and permissions on the computer?

  • Standard account
  • Guest account
  • Built-in administrator account (correct)
  • Microsoft account
  • What is a primary function of permissions in user accounts?

  • To control access to files, folders, and printers (correct)
  • To manage the installation of software
  • To increase internet connectivity
  • To define how a user can authenticate
  • What differentiates a standard account from a guest account?

    <p>Standard accounts have broader capabilities than guest accounts</p> Signup and view all the answers

    What is the role of a domain controller in user account management?

    <p>It stores user accounts and permissions in a central database</p> Signup and view all the answers

    What is one key feature of Azure Active Directory?

    <p>Provides cloud-based authentication</p> Signup and view all the answers

    Which authentication protocols does Azure AD support?

    <p>SAML, OpenID, and OAuth 2.0</p> Signup and view all the answers

    What does Azure AD DS provide?

    <p>Cloud-based managed domain service</p> Signup and view all the answers

    What is a primary benefit of using Azure Active Directory?

    <p>Centralization of user management</p> Signup and view all the answers

    What must organizations define for their privileged accounts?

    <p>What constitutes privileged data</p> Signup and view all the answers

    Which feature is limited in Azure AD DS?

    <p>Group Policy object replication on-premises</p> Signup and view all the answers

    What is a recommended practice for securing the built-in administrator account in Windows 10?

    <p>Set a strong, complex passphrase</p> Signup and view all the answers

    What is the primary function of a domain account in Windows sign-in?

    <p>To manage users and groups through Active Directory</p> Signup and view all the answers

    Which technology does Windows Defender Credential Guard use to enhance security?

    <p>Virtualization-based security</p> Signup and view all the answers

    What key hardware feature must be enabled to implement Windows Defender Credential Guard?

    <p>Hyper-V</p> Signup and view all the answers

    What is the purpose of Kerberos tickets in an Active Directory Domain Service?

    <p>To authenticate users and establish sessions with servers</p> Signup and view all the answers

    Which of the following is a requirement for implementing Azure Active Directory?

    <p>Windows 10 Enterprise or Education edition</p> Signup and view all the answers

    What is a critical security vulnerability associated with Kerberos tickets?

    <p>They can be exploited if malware accesses the Local Security Authority</p> Signup and view all the answers

    What is the main limitation of standard user accounts in Windows?

    <p>They cannot change system-wide settings.</p> Signup and view all the answers

    What does Azure Active Directory provide that on-premises Active Directory does not?

    <p>Cloud-based identity and access management</p> Signup and view all the answers

    What is required to create a local user account using Windows Settings app?

    <p>Three security questions must be set.</p> Signup and view all the answers

    What hardware feature is needed for a CPU to support Windows Defender Credential Guard?

    <p>Virtualization extensions</p> Signup and view all the answers

    Which group allows complete and unrestricted access to the computer?

    <p>Administrators</p> Signup and view all the answers

    What is the primary function of a workgroup in a Windows environment?

    <p>To share resources in a peer-to-peer manner.</p> Signup and view all the answers

    Which of the following is a feature of a Microsoft account in Windows 10?

    <p>Provides synchronized access to Microsoft services.</p> Signup and view all the answers

    Study Notes

    User Accounts Overview

    • User accounts control computer usage and identify specific users.
    • Logon involves authenticating with a user account name and password.
    • Windows rights dictate user actions (e.g., modifying settings), while permissions govern access to files, folders, and printers.

    Account Types

    • Built-in Administrator Account: Hidden account with full access to rights and permissions; doesn't appear on the login screen.
    • User Account with Administrative Privileges: Granted administrative rights but typically used by non-default accounts.
    • Standard Account: Basic account allowing internet browsing, software use, and file access, but lacking administrative powers.
    • Guest Account: Limited capabilities; mainly for viewing files and running programs. Automatically disabled in Windows XP and later for security.
    • Microsoft Account: Free account for accessing Microsoft services, requiring a valid email for setup and allowing sync across devices.

    User Groups

    • Users and groups are stored in three locations: Local accounts on individual computers, Domain accounts in Active Directory, and Online accounts by Microsoft.
    • Default groups created in Windows include:
      • Administrators: Unlimited access to the computer and all system rights.
      • Power Users: Legacy group with limited administrative capabilities; not recommended for current use.
      • Users: Can use the system but lack admin privileges; cannot install drivers without prior installation.
      • Guests: Limited rights but can shut down the system.

    Local User Accounts

    • Local accounts created for signing into and accessing Windows devices.
    • Administrator: Full system control, including installing applications and changing global settings.
    • Standard User: Can use applications but cannot install them; settings change is restricted.
    • Local accounts can be created via Windows Settings or Computer Management.

    Workgroup Membership

    • A workgroup allows resource sharing in peer-to-peer networking, suitable for small groups (2-8 computers).
    • Offers sign-in security; requires user account creation on each remote system.
    • Computers default to the "Workgroup" name unless changed in System Configuration.

    Microsoft Account Sign In

    • Preferred login method for Windows 10, enabling access to Microsoft services.
    • Allows syncing of user settings across multiple devices using various identifiers (email or phone).

    Domain Account Sign In

    • Domain accounts managed centrally via Active Directory, enabling streamlined user and group management.

    Azure Active Directory Account Sign In

    • Cloud-based identity and access management service.
    • Users can access both internal (corporate) and external (cloud applications) resources.

    Windows Credential System

    • Utilizes Kerberos tickets for user session validation, creating potential security vulnerabilities if malware accesses stored tickets.

    Windows Defender Credential Guard

    • Employs virtualization-based security (VBS) to protect sensitive user authentication credentials in the Local Security Authority (LSA).
    • Requires specific system configurations, including 64-bit Windows 10 versions and Hyper-V.

    Azure Active Directory Features

    • Provides cloud-based authentication and user management with increased security.
    • Supports single sign-on across multiple services and applications, minimizing credential management workloads.

    Privileged Accounts

    • Accounts with access to sensitive data (e.g., credit card info, health records).
    • Organizations must define what constitutes a privileged user, often including built-in administrators and uniquely named local admin accounts.
    • Securing privileged accounts involves practices like disabling or renaming accounts and setting strong passwords.### Privileged Accounts Management
    • Strong, complex passwords are essential for securing shared accounts among network administrators.
    • Close monitoring of privileged accounts includes tracking user access, access rights, and frequency of access requests.
    • Emergency accounts (firecall/breakglass accounts) can grant temporary administrative access; restoring original access rights post-emergency is critical.
    • Service accounts facilitate application or service interactions with Windows systems but cannot log in independently, holding high-level access.
    • Changing service account passwords can disrupt critical services due to their high-level permissions and static nature.
    • Application accounts are used for specific functions, often storing passwords in easily accessible configurations, posing a security risk.

    Consequences of Compromised Privileged Accounts

    • Data theft is a top threat, enabling attackers to sell or misuse sensitive information such as health data, login credentials, financial records, trade secrets, and personally identifiable information (PII).
    • Ransomware attacks can lock all data, with two types: commodity ransomware (often spread via phishing) and human-operated ransomware (targeted access to exploit vulnerabilities).
    • Maintained access attacks allow intruders to create legitimate accounts for continued network access, complicating detection.

    Securing Privileged Accounts

    • Traditional trust-by-default security is insufficient; a zero-trust model limits access based on strict, need-based protocols.
    • Key principles of zero-trust include explicit verification, least privileged access, and assuming breaches to enhance security.
    • Security policies should encompass six foundational elements, focusing on identity verification, endpoint security, application control, data protection, and network segmentation.

    Digital Certificates and Authentication

    • Digital certificates authenticate users and devices on local networks, utilizing asymmetric encryption and public key cryptography.
    • The certificate process begins with a certificate signing request (CSR), requiring detailed organizational information for validation.
    • A reputable Certificate Authority (CA) issues certificates, with the possibility of Third-Party Registration Authorities (RAs) aiding in validation.
    • Invalidated certificates are added to Certificate Revocation Lists (CRLs) or managed via the Online Certificate Status Protocol (OCSP) for real-time validity checks.

    Managing Certificates on Windows

    • Two primary methods for managing certificates in Windows 10 are using the Microsoft Management Console (MMC) for viewing and handling certificates, or the Certificate Manager tool for local or current user certificates.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on user accounts in computing! This quiz covers the purpose and types of user accounts, including standard and guest accounts, as well as the concept of permissions and the role of domain controllers in user account management.

    More Like This

    Use Quizgecko on...
    Browser
    Browser