Questions and Answers
Which of the following Windows object permissions provides no restrictions on access to objects by users or groups?
Which of the following is used to represent a software application or hardware component?
What additional feature would be available in Windows Server 2016 as a result of the upgrade from Windows Server 2008 R2?
Capability to tag special types of data, such as Social Security numbers
Whenever Windows encounters an access control entry (ACE) conflict, deny always supersedes allow.
Signup and view all the answers
Which of the following is a legacy command-line tool used to display or modify access control lists (ACLs) for files and folders?
Signup and view all the answers
Which of the following is a fast and scalable protocol that allows for secure exchange of information?
Signup and view all the answers
What should Oscar's next step be to track contractors' access to project files?
Signup and view all the answers
Which term describes what a user can do to an object on a computer?
Signup and view all the answers
Which of the following describes a collection of features used to describe user and data attributes?
Signup and view all the answers
What must happen before Lorraine's email application will open?
Signup and view all the answers
Which security feature in Windows Server 2019 allows auditors to discover who accessed sensitive data?
Signup and view all the answers
Which of the following is used to uniquely identify objects such as computers and database records?
Signup and view all the answers
Starting with Windows 7 and Windows Server 2007 R2, User Account Control can be configured with which comfort levels?
Signup and view all the answers
Which Microsoft Windows access control method systematically nests user accounts in groups?
Signup and view all the answers
Which of the following describes the best balance between providing necessary access and denying unnecessary access?
Signup and view all the answers
Which default Active Directory security group can create and modify most account types?
Signup and view all the answers
The Common Criteria for Information Technology Security Evaluation replaced what previous international standard?
Signup and view all the answers
Which of the following stores all user and computer Kerberos master keys?
Signup and view all the answers
What is Kevin defining when detailing what tasks the organization's users can perform on their computers?
Signup and view all the answers
What is the minimum Microsoft Windows Server version that allows managing account passwords automatically at the domain level?
Signup and view all the answers
Study Notes
Windows Security Concepts
- Full Control: Provides unrestricted access to objects by users or groups.
- Class Identifier (CLSID): Represents software applications or hardware components in Windows.
- File Classification Infrastructure (FCI): Introduced in Windows Server 2008 R2; enables classification properties for files.
- Enhanced FCI in Windows Server 2016: Allows tagging of specific data types, such as Social Security numbers.
Access Control and Permissions
- ACE Conflict Resolution: In cases of access control entry conflicts, "Deny" always takes precedence over "Allow".
- Cacls.exe: A legacy command-line utility for displaying or modifying access control lists (ACLs), first available in Windows 2000.
- Kerberos Protocol: A fast and scalable authentication protocol for secure information exchange, established since Windows 2000.
Security Management and Monitoring
- Expression-Based Security Audit Policy: Suggested for tracking contractor access to prevent unauthorized file access among project contractors.
- Permissions: Define user capabilities regarding interactions with objects on a computer.
- Dynamic Access Control (DAC): A set of features that describe user and data attributes; applicable in auditing access to sensitive data.
User Authentication and Rights
- Security Identifier (SID): Lorraine’s credentials must be verified against her SID stored in the Security Access Token (SAT) for email access.
- AGULP Model: A systematic access control method that nests user accounts in groups for easier management, including Accounts, Global groups, Universal groups, Local groups, and Permissions.
- Principle of Least Privilege: Ensures necessary access for authorized users while denying unnecessary access.
Active Directory and Security Groups
- Dynamic Access Control (DAC): Provides audit capabilities to trace access to sensitive data, effective in Windows Server 2019.
- Account Operators Group: Default Active Directory group in Windows Server 2012, 2016, and 2019 with permissions to create and modify account types and local logins to domain controllers.
Security Standards and Authentication
- Common Criteria: Replaced the Orange Book as the international standard for Information Technology Security Evaluation.
- Key Distribution Center (KDC): Responsible for storing all user and computer Kerberos master keys.
- User Rights Policy: Kevin's initiative highlights the tasks permitted for users on their computers.
Service Account Management
- Service Account Password Management: Minimum version for automatic password management at the domain level is Windows Server 2012.
User Account Control (UAC)
- UAC Configuration Levels: Introduced with Windows 7 and Windows Server 2008 R2, ranging from "Never Notify" to "Always Notify".
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge on Windows Security concepts with these flashcards. Covering key permissions, application identifiers, and server capabilities, this quiz helps reinforce your understanding of Windows security features. Perfect for students and IT professionals alike.
