Cybersecurity Authentication Methods

Questions and Answers

Which of the following authentication methods provides access to network resources without sharing user credentials?

Public key infrastructure (PKI)

OAuth (correct)

Windows Authentication (NTLM)

Multi-factor authentication (MFA)

What is the primary purpose of user accounts in network environments?

To determine user access to network resources (correct)

To manage software installations

To authenticate devices on the network

To enhance the performance of network hardware

Which type of user account is automatically created when the operating system or Active Directory is loaded?

Local account

Custom account

Domain account

Built-in account (correct)

What is a key reason for renaming and disabling built-in accounts such as Administrator and Guest?

To enhance security practices

Which command is used to add a new local user in Windows via PowerShell?

'New-LocalUser –Name “username” –Password (ConvertTo-SecureString “Password12345!” –AsPlainText – Force)'

In which scenario would you most likely use Windows Authentication (NTLM)?

In environments relying on domain accounts

Which of the following is NOT a type of user account mentioned in the content?

Temporary account

What is the main benefit of using groups in user management?

Simplifies permission management for multiple users

What is the primary purpose of a Discretionary Access Control List (DACL) in a Windows operating system?

To assign file and directory permissions

Which command in the Windows Command Line is used to change the current directory?

cd

What should you type after a command to determine its proper syntax in the Windows Command Line?

/? or /help

Which feature of NTFS helps in ensuring data integrity in file systems?

File System Journaling

What is an effect of using the 'del' command in the Windows Command Line?

It permanently deletes one or more files

Which Windows Command Line command lists the contents of a directory?

dir

In a Windows file system, what defines the structure in which files are named, stored, and organized?

File System Type

Which command would you use to remove a directory from the Windows Command Line?

rmdir

Which command displays all current TCP/IP network configuration values in the Command Line?

ipconfig

What utility might you use in the command line to clear your terminal screen?

cls

What is the primary function of device drivers in an operating system?

To enable communication between the OS and hardware.

Which command is used to clear the terminal screen in a command prompt environment?

cls

Which command would you use to copy files from one location to another in Windows Command Line Interface?

copy

What is the purpose of the Get-Process cmdlet in PowerShell?

To display all active processes running on a system.

Which command is used to remove a directory in a command prompt?

rmdir

What is the role of bootmgr during the Windows boot process?

It reads the BCD and starts winload.exe.

Which file is NOT loaded by the Windows OS Loader during the boot process?

smss.exe

Which of the following statements is true about the Ntoskrnl.exe during the Kernel Initialization Phase?

It maps ntdll.dll into the address space.

What are the two modes in Windows OS?

Kernel Mode and User Mode

What is the primary responsibility of wininit.exe during the boot process?

It initializes user services and starts explorer.exe.

During what phase is the firmware loaded in the Windows boot process?

Pre-Boot Phase

What is the correct order of operations for smss.exe during the boot process?

Starts smss.exe (1), then winlogon.exe, then exits.

What is NOT a responsibility of the kernel in an operating system?

Performing user-level application tasks.

Which sequence correctly describes the functions of smss.exe (0)?

Starts wininit.exe, then exits, and csrss.exe initializes.

What type of kernel design is characterized by minimal functionality in the kernel space?

Microkernel

What is the role of a driver in a computing system?

It allows the operating system and device to communicate.

Which type of account is NOT primarily considered in user/group management?

Hardware Account

What enables a system to effectively manage many processes concurrently?

Concurrency

Which of the following is NOT a common type of authentication method?

Public relation strategies

Which is a characteristic of a process baseline?

It establishes standard performance metrics for processes.

What is the primary function of interrupts in computing?

To disrupt the normal flow of execution due to events.

What is the purpose of a file system?

To enable the storage and retrieval of data.

Which of the following best describes the types of user accounts in a Windows environment?

Local, Domain, and Built-in Accounts

Which tool is NOT typically associated with file permissions management?

Windows Registry Editor

What are traps in computer processes?

They handle exceptions and errors.

Study Notes

Security Mechanisms

• Multi-factor authentication (MFA) enhances security by requiring multiple verification factors (e.g., password, SMS code, biometrics).
• Public key infrastructure (PKI) utilizes digital certificates and private keys for secure communications between entities.
• OAuth enables third-party applications to access user resources without sharing sensitive credentials.
• Windows Authentication (NTLM) is specific to Windows environments, using domain accounts and challenge-response methods, moving towards Kerberos models.

User Accounts

• User accounts are profiles determining network access, existing in the Security Accounts Manager (SAM) or Domain Controller (DC).
• Account types include:
  • Local accounts: limited to workgroup access, authenticated by SAM.
  • Domain accounts: access network resources, authenticated by DC and listed in Active Directory (AD).
  • Built-in accounts: automatically generated by OS or AD, including:
    • Standard accounts: typical user access.
    • Administrator accounts: full system access, varying by network scope.
    • Guest accounts: limited, temporary access without network permissions.

User/Group Management

• Involves creating, modifying, and deleting user accounts and groups to manage permissions and access.
• Management tools include:
  • GUI: Control Panel for easy management.
  • Command Line Interface (CLI): commands like ‘net user’ and ‘net localgroup’ to manipulate user accounts and groups.
  • PowerShell: commands such as ‘New-LocalUser’ for user creation and ‘New-LocalGroup’ for group management.

Windows Command Line

• Known as cmd.exe, it provides a text-based interface to execute commands.
• Basic command functions include:
  • dir: Lists directory contents.
  • cd: Changes directories.
  • copy: Copies files between locations.
  • move: Moves files.
  • del: Deletes files.
  • mkdir: Creates a new directory.
  • ipconfig: Displays network configuration details.
  • exit: Closes Command Prompt.

Windows Boot Process

• The booting sequence involves loading system firmware and the operating system:
  • WinLoad.exe initiates core drivers necessary for the Windows Kernel.
  • The kernel initializes hardware and reads registry settings.
• User Mode Startup leads to processes like:
  • Starting subsystem processes (smss.exe) and services (services.exe), culminating in the display of the Windows login screen.

Kernel Designs

• The kernel acts as a mediator between hardware (Hardware Abstraction Layer - HAL) and system resources, critical for process management.
• Driver software enables communication between devices and the operating system, acting as translators.
• Kernel designs can be monolithic (single large block of code) or microkernel (smaller, more modular components).

File Systems and Permissions

• The file system organizes how data is named, stored, and accessed.
• Windows uses Discretionary Access Control Lists (DACL) for file permissions, determining user access levels post-authentication.

Concurrency and Interrupts

• Concurrency allows a system to manage multiple tasks simultaneously, optimizing CPU resource utilization.
• Interrupts are events occurring out of the normal program execution, often due to errors that signal the OS to take action.

PowerShell Commands (PS Demonstration)

• Commands include:
  • Get-Help: Displays help for cmdlets.
  • Get-Process: Retrieves running processes.
  • New-Item: Creates new files or directories.
  • Copy-Item: Copies items between locations.
  • Remove-Item: Deletes specified files or directories.

Description

This quiz explores various authentication methods such as Multi-factor Authentication (MFA), Public Key Infrastructure (PKI), OAuth, and Windows Authentication (NTLM). Test your knowledge on how these methods enhance security in digital communications and environments.