Questions and Answers

 < Day Day Up > 



Lesson 1 Review

Page
1-16

1. 

Is showing your identification to prove that you are of age to purchase a product an example of authentication or authorization?

authorization. in this example, your identity is not being validated-only whether you are old enough to be authorized to complete the purchase.

2. 

Is showing your identification to a cashier to verify that the credit card you are using belongs to you an example of authentication or authorization?

authentication. in this example, the cashier needs to validate that you are who you claim to be-and your identification is sufficient proof of that.

3. 

Which of the following passwords will not be stored in an LMHash?

  1. tyia

  2. imsitrjs5itr

  3. passwordpassword

  4. l%@3tty7&

c. while this is not a strong password, it is longer than 14 characters and therefore cannot be stored in an lmhash.

Answers

1. 

Authorization. In this example, your identity is not being validated—only whether you are old enough to be authorized to complete the purchase.

2. 

Authentication. In this example, the cashier needs to validate that you are who you claim to be—and your identification is sufficient proof of that.

3. 

c. While this is not a strong password, it is longer than 14 characters and therefore cannot be stored in an LMHash.

Lesson 2 Review

Page
1-30

1. 

Which of the following passwords is an example of a strong password?

  1. tyia

  2. imsitrjs5itr

  3. passwordpassword

  4. l%@3tty7&

d. this is a strong password because it does not contain all or part of the user s account name, it is at least six characters in length, and it contains lowercase characters, base 10 digits, and non-alphabetic characters.

2. 

Which of the following are valid reasons to enable LM authentication? (Choose all that apply.)

  1. Users will access network resources using computers running Windows 95.

  2. Users will access network resources using computers running Windows 98.

  3. Users will access network resources using computers running Windows NT.

  4. Users will access network resources using computers running Windows Me.

  5. Users will access network resources using computers running Windows 2000.

  6. Users will access network resources using computers running Windows XP.

a, b. computers running windows 95 and windows 98 require lm authentication to connect to network resources.

3. 

Enabling account lockout accomplishes which of the following goals?

  1. Makes it impossible to steal a user’s password.

  2. Reduces the likelihood that a malicious attacker will use brute force techniques to discover a user’s password.

  3. Eliminates the need for strong passwords.

  4. Reduces Help desk costs.

b. account lockout makes it more difficult for a malicious attacker to guess a user s password.

Answers

1. 

d. This is a strong password because it does not contain all or part of the user’s account name, it is at least six characters in length, and it contains lowercase characters, base 10 digits, and non-alphabetic characters.

2. 

a, b. Computers running Windows 95 and Windows 98 require LM authentication to connect to network resources.

3. 

b. Account lockout makes it more difficult for a malicious attacker to guess a user’s password.

Lesson 3 Review

Page
1-39

1. 

Which of the following authentication methods should be chosen for a Web site on a public Internet with minimal security requirements, where administrators have no control over which browser a client uses?

  1. Basic Authentication

  2. Digest Authentication For Windows Domain Servers

  3. Integrated Windows Authentication

  4. .NET Passport Authentication

a. basic authentication is the oldest method for authenticating web users and is supported by the widest range of clients. however, it does not encrypt the user s password before transmitting it.

2. 

Which of the following authentication methods should be chosen for a high-security, internal Web site in an Active Directory environment where single sign-on is a requirement?

  1. Basic Authentication

  2. Digest Authentication For Windows Domain Servers

  3. Integrated Windows Authentication

  4. .NET Passport Authentication

c. integrated windows authentication provides single sign-on with the highest security possible.

3. 

Which of the following scenarios requires delegated authentication?

  1. A public Web site from which all content should be anonymously accessed.

  2. An internal Web site from which all content should be anonymously accessed.

  3. An internal Web site containing simple Hypertext Markup Language (HTML) documents that only managers should be able to access.

  4. An internal Web site that accesses a back-end server containing data that only specific users should be able to access.

d. delegated authentication is only necessary when the web server must use the user s credentials to access back-end information.

Answers

1. 

a. Basic Authentication is the oldest method for authenticating Web users and is supported by the widest range of clients. However, it does not encrypt the user’s password before transmitting it.

2. 

c. Integrated Windows Authentication provides single sign-on with the highest security possible.

3. 

d. Delegated authentication is only necessary when the Web server must use the user’s credentials to access back-end information.

Lesson 4 Review

Page
1-53

1. 

In which of the following situations should you use trusts? (Choose all that apply.)

  1. To enable access to an external Web site by customers from dozens of different companies.

  2. To enable access to shared folders by employees of a recently acquired company who have accounts in a different domain.

  3. To enable all employees within an enterprise that uses multiple domains to print to a printer.

  4. To enable employees of a consulting firm to send e-mail messages to internal employees with whom they are working closely.

c. trusts should only be used to enable authentication between internal domains. trusts should generally not be created between organizations that are not part of the same entity.

2. 

In which of the following scenarios should you raise the domain functional level to Windows Server 2003? (Choose all that apply.)

  1. An environment with domain controllers running Windows NT, Windows 2000, and Windows Server 2003 that has only client computers that run Windows XP.

  2. An environment with domain controllers running Windows 2000 and Windows Server 2003 that has only client computers that run Windows NT and Windows 98.

  3. An environment with only domain controllers that run Windows Server 2003 and with only client computers that run Windows 98 and Windows XP.

  4. An environment with only domain controllers that run Windows Server 2003 and with only client computers that run Windows XP and Windows Server 2003.

c, d. you should raise the domain functional level for domains that consist entirely of computers running windows server 2003.

3. 

Which type of trust should you create to enable users from a UNIX-based Kerberos realm to access resources in a Windows Server 2003 domain?

  1. Parent/child trust

  2. Tree/root trust

  3. External

  4. Realm

  5. Forest

  6. Shortcut

d. realm trusts are used only for connecting non-windows kerberos realms to windows domains.

4. 

Which type of trust is automatically created when a new domain joins an existing forest?

  1. Parent/child trust

  2. Tree/root trust

  3. External

  4. Realm

  5. Forest

  6. Shortcut

a. the parent/child trust is created automatically when a new domain is added to a forest.

5. 

Creating a two-way trust between DomainA and DomainB will have which of the following effects? (Choose all that apply.)

  1. Enable all users in DomainA to access all shared folders in DomainB.

  2. Enable members of the Domain Admins group in DomainA to access all shared folders in DomainB.

  3. Enable administrators of DomainA to grant access to shared folders to users in DomainB.

  4. Enable administrators of DomainA to view a list of users and groups in DomainB.

c, d. trusts enable authentication between domains but do not authorize users to access resources. however, to enable administrators to authorize users of the remote domain to access network resources, administrators can retrieve a list of users from the trusted domain.

Answers

1. 

c. Trusts should only be used to enable authentication between internal domains. Trusts should generally not be created between organizations that are not part of the same entity.

2. 

c, d. You should raise the domain functional level for domains that consist entirely of computers running Windows Server 2003.

3. 

d. Realm trusts are used only for connecting non-Windows Kerberos realms to Windows domains.

4. 

a. The parent/child trust is created automatically when a new domain is added to a forest.

5. 

c, d. Trusts enable authentication between domains but do not authorize users to access resources. However, to enable administrators to authorize users of the remote domain to access network resources, administrators can retrieve a list of users from the trusted domain.

Design Activity: Case Scenario Exercise

Page
1-56

1. 

What should you do to improve the security of Computer3 while retaining backward compatibility? (Choose all that apply.)

  1. Evaluate which shares require anonymous access, and configure those shares as hidden by appending a $ to the share name.

  2. Disable the Network Access: Let Everyone Permissions Apply To Anonymous Users setting.

  3. Enable the Network Access: Shares That Can Be Accessed Anonymously setting for those shares required by the legacy application.

  4. Enable the Network Access: Let Everyone Permissions Apply To Anonymous Users setting for all computers in the domain.

a, b, c. option d is not correct, because that option would enable anonymous access to shares throughout the domain, which would allow the virus to infect every system with a shared folder. options a, b, and c collectively ensure that only those shares required by the legacy application allow anonymous access, and that those shares are hidden.

2. 

The presence of one of the following security principals in the ACL of a shared folder indicates that anonymous users have access to the shared folder. Which security principal would indicate this?

  1. Everyone

  2. Anonymous

  3. Anonymous Logon

  4. Unauthenticated Users

c. unauthenticated users can be granted access to resources by assigning rights using the anonymous logon security principal.

Answers

1. 

a, b, c. Option d is not correct, because that option would enable anonymous access to shares throughout the domain, which would allow the virus to infect every system with a shared folder. Options a, b, and c collectively ensure that only those shares required by the legacy application allow anonymous access, and that those shares are hidden.

2. 

c. Unauthenticated users can be granted access to resources by assigning rights using the Anonymous Logon security principal.

Design Activity: Troubleshooting Lab

Page
1-57

1. 

Since you provided the correct user name and password, why was Windows 98 unable to connect to the shared folder?

earlier in this chapter, we configured computer1 to refuse lm authentication. windows 98 is only capable of using lm authentication.

2. 

How could you resolve the problem without reducing authentication security?

upgrading the computer running windows 98 to a newer operating system that supports ntlm or kerberos authentication, such as windows xp, would resolve the problem.

3. 

How could you resolve the problem without upgrading the client computer?

setting the network security: lan manager authentication level security policy setting to anything other than send ntlmv2 response only\refuse lm or send ntlmv2 response only\refuse lm & ntlm would allow the windows 98 computer to authenticate using lm.

Answers

1. 

Earlier in this chapter, we configured Computer1 to refuse LM authentication. Windows 98 is only capable of using LM authentication.

2. 

Upgrading the computer running Windows 98 to a newer operating system that supports NTLM or Kerberos authentication, such as Windows XP, would resolve the problem.

3. 

Setting the Network Security: LAN Manager Authentication Level security policy setting to anything other than Send NTLMv2 Response Only\Refuse LM or Send NTLMv2 Response Only\Refuse LM & NTLM would allow the Windows 98 computer to authenticate using LM.



 < Day Day Up > 



MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net