| < Day Day Up > |
|
Page
1-16
1. | Is showing your identification to prove that you are of age to purchase a product an example of authentication or authorization? |
|
2. | Is showing your identification to a cashier to verify that the credit card you are using belongs to you an example of authentication or authorization? |
|
3. | Which of the following passwords will not be stored in an LMHash?
|
|
Answers
1. | Authorization. In this example, your identity is not being validated—only whether you are old enough to be authorized to complete the purchase. |
2. | Authentication. In this example, the cashier needs to validate that you are who you claim to be—and your identification is sufficient proof of that. |
3. | c. While this is not a strong password, it is longer than 14 characters and therefore cannot be stored in an LMHash. |
Page
1-30
1. | Which of the following passwords is an example of a strong password?
|
|
2. | Which of the following are valid reasons to enable LM authentication? (Choose all that apply.)
|
|
3. | Enabling account lockout accomplishes which of the following goals?
|
|
Answers
1. | d. This is a strong password because it does not contain all or part of the user’s account name, it is at least six characters in length, and it contains lowercase characters, base 10 digits, and non-alphabetic characters. |
2. | a, b. Computers running Windows 95 and Windows 98 require LM authentication to connect to network resources. |
3. | b. Account lockout makes it more difficult for a malicious attacker to guess a user’s password. |
Page
1-39
1. | Which of the following authentication methods should be chosen for a Web site on a public Internet with minimal security requirements, where administrators have no control over which browser a client uses?
|
|
2. | Which of the following authentication methods should be chosen for a high-security, internal Web site in an Active Directory environment where single sign-on is a requirement?
|
|
3. | Which of the following scenarios requires delegated authentication?
|
|
Answers
1. | a. Basic Authentication is the oldest method for authenticating Web users and is supported by the widest range of clients. However, it does not encrypt the user’s password before transmitting it. |
2. | c. Integrated Windows Authentication provides single sign-on with the highest security possible. |
3. | d. Delegated authentication is only necessary when the Web server must use the user’s credentials to access back-end information. |
Page
1-53
1. | In which of the following situations should you use trusts? (Choose all that apply.)
|
|
2. | In which of the following scenarios should you raise the domain functional level to Windows Server 2003? (Choose all that apply.)
|
|
3. | Which type of trust should you create to enable users from a UNIX-based Kerberos realm to access resources in a Windows Server 2003 domain?
|
|
4. | Which type of trust is automatically created when a new domain joins an existing forest?
|
|
5. | Creating a two-way trust between DomainA and DomainB will have which of the following effects? (Choose all that apply.)
|
|
Answers
1. | c. Trusts should only be used to enable authentication between internal domains. Trusts should generally not be created between organizations that are not part of the same entity. |
2. | c, d. You should raise the domain functional level for domains that consist entirely of computers running Windows Server 2003. |
3. | d. Realm trusts are used only for connecting non-Windows Kerberos realms to Windows domains. |
4. | a. The parent/child trust is created automatically when a new domain is added to a forest. |
5. | c, d. Trusts enable authentication between domains but do not authorize users to access resources. However, to enable administrators to authorize users of the remote domain to access network resources, administrators can retrieve a list of users from the trusted domain. |
Page
1-56
1. | What should you do to improve the security of Computer3 while retaining backward compatibility? (Choose all that apply.)
|
|
2. | The presence of one of the following security principals in the ACL of a shared folder indicates that anonymous users have access to the shared folder. Which security principal would indicate this?
|
|
Answers
1. | a, b, c. Option d is not correct, because that option would enable anonymous access to shares throughout the domain, which would allow the virus to infect every system with a shared folder. Options a, b, and c collectively ensure that only those shares required by the legacy application allow anonymous access, and that those shares are hidden. |
2. | c. Unauthenticated users can be granted access to resources by assigning rights using the Anonymous Logon security principal. |
Page
1-57
1. | Since you provided the correct user name and password, why was Windows 98 unable to connect to the shared folder? |
|
2. | How could you resolve the problem without reducing authentication security? |
|
3. | How could you resolve the problem without upgrading the client computer? |
|
Answers
1. | Earlier in this chapter, we configured Computer1 to refuse LM authentication. Windows 98 is only capable of using LM authentication. |
2. | Upgrading the computer running Windows 98 to a newer operating system that supports NTLM or Kerberos authentication, such as Windows XP, would resolve the problem. |
3. | Setting the Network Security: LAN Manager Authentication Level security policy setting to anything other than Send NTLMv2 Response Only\Refuse LM or Send NTLMv2 Response Only\Refuse LM & NTLM would allow the Windows 98 computer to authenticate using LM. |
| < Day Day Up > |
|