Pre-Assessment Answers-1 0Pre-Assessment Answers Lesson 1 Pre-Assessment Questions 1. What is the name of a statistically unique number assigned to all users on a Windows 2000 system? a. A User Access Token (AT). b. A Security Account Descriptor (SAD). c. An Access Control List (ACL). d. A Security Identifier (SID). 2. What is the function of the /etc/pam.d/ directory? a. It determines what console applications are allowed to be run by nonroot users. b. It holds the configuration files that determine how the system authenticates. c. It contains the Linux registry. d. It contains the password and shadow files. 3. What six broad elements, as defined by ISO, are available to help security professionals achieve an appropriate security implementation? Audit, administration, encryption, access control, user authentication and the corporate security policy.
Pre-Assessment Answers-2 Lesson 2 Pre-Assessment Questions 1. What Windows 2000 feature can you use to rename default accounts? a. The Computer Management snap-in. b. The Connection Manager Administration Kit. c. The passfile.dll file. d. The Local Security Policies snap-in. 2. What is password aging? a. The practice of requiring users to change their passwords after a specified interval. b. The length of time a system login manager will hold a password after a user logs on and changes his or her password. c. The practice of requiring an account to lockout after a certain number of invalid login attempts. 3. What fields do you have to change in order to configure a non-root account to become a root account? The user id (UID) and group id (GID) fields.
Pre-Assessment Answers-3 Lesson 3 Pre-Assessment Questions 1. Which rights are used when share and NTFS permissions are combined? a. The more granular set. b. The less restrictive set. c. The more restrictive set. d. The share permissions. 2. What UNIX command is used to set subsequent file creation mode bits? a. umask. b. chown. c. chmod. d. chattr. 3. Where is a Linux user s identification number (UID) located? In the /etc/passwd file.
Pre-Assessment Answers-4 Lesson 4 Pre-Assessment Questions 1. What kind of program can invisibly record every keystroke on a computer, store the keystrokes in a file, and send the file to a pre-defined e-mail address? a. A keylogger program. b. A system scanning program. c. The UNIX rlogin command. d. A Trojan horse. 2. A system has been configured so that the /etc/shadow file is worldreadable. What type of threat has this configuration created? a. Active threat b. Passive threat. c. Accidental threat. d. Bug-based threat. 3. In Windows 2000, what three sets of defaults should be changed to enhance security in an Internet-based system? The default directories, default account names and the default shares.
Pre-Assessment Answers-5 Lesson 5 Pre-Assessment Questions 1. Your Windows 2000 server is at its default Server Message Block (SMB) encryption setting. What will your Windows 2000 server do when another system connects to it and makes an SMB request? a. It will respond with an NTLMv2 encryption request. b. It will allow only NTLM encryption. c. It will allow only LM encryption. d. It will negotiate the appropriate encryption level. 2. You want to notify users on your Linux and Windows 2000 systems that the system is for authorized users only. What should you do? a. Place text inside the /etc/banners file. b. Modify the binaries for each daemon you want to secure. c. Create a banner for each service. 3. After setting your Windows 2000 system to use only NTLMv2 encryption, you find that your Linux Samba servers can no longer connect to it. Why? Because Samba uses LM-level encryption.