- In security, AAA (Authentication, Authorization, and Accounting) is a model for access control.
- Authentication is the process of identifying an individual.
- After a user is authenticated, users can access network resources based on the user’s authorization. Authorization is the process of giving individuals access to system objects based on their identity.
- Accounting, also known as Auditing, is the process of keeping track of a user’s activity while accessing the network resources, including the amount of time spent on the network, the services accessed while there, and the amount of data transferred during the session.
- Nonrepudiation prevents one party from denying the actions they carried out.
- A user can authenticate using what they know, what they own or possess, and who they are.
- When two or more authentication methods are used to authenticate someone, a multifactor authentication system is being implemented.
- The most common method of authentication with computers and networks is the password.
- A password is a secret series of characters that enables a user to access a file, computer, or program.
- To hack a password, users will try obvious passwords, brute force attacks, and dictionary attacks.
- To make a password more secure, be sure to choose a password that nobody can guess. Therefore, it should be lengthy and should be considered a strong or complex password.
- A personal identification number (PIN) is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system.
- The digital certificate is an electronic document that contains an identity such as a user or organization and a corresponding public key.
- A smart card is a pocket-sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic.
- A smart card can contain digital certificates to prove the identity of someone carrying the card and may also contain permissions and access information.
- Biometrics is an authentication method that identifies and recognizes people based on voice recognition or physical traits such as a fingerprint, face recognition, iris recognition, and retina scan.
- Because administrators have full access to a computer or the network, it is recommended that a standard non-administrator user should perform most tasks.
- Active Directory is a technology created by Microsoft that provides a variety of network services, including LDAP, Kerberos-based and single sign-on authentication, DNS-based naming and other network information, and central location for network administration and delegation of authority.
- Kerberos is the default computer network authentication protocol, which allows hosts to prove their identity over a non-secure network in a secure manner.
- Single sign-on (SSO) allows a user to log on once and access multiple, related, but independent software systems without having to log on again.
- A user account enables a user to log on to a computer and domain.
- The local user account is stored in the Security Account Manager (SAM) database on the local computer.
- A group is much like it sounds; it is used to group users and computers together so that when rights and permissions are assigned, they are assigned to the group rather than to each user individually.
- A right authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up files and directories on a system.
- Permission defines the type of access that is granted to an object (an object can be identified with a security identifier) or object attribute.
- Explicit permissions are permissions granted directly to the file or folder.
- Inherited permissions are permissions that are granted to a folder (parent object or container) that flow into child objects (subfolders or files inside the parent folder).
- The owner of the object controls how permissions are set on the object and to whom permissions are granted.
- Encryption is the process of converting data into a format that cannot be read by another user. Once a user has encrypted a file, it automatically remains encrypted when the file is stored on a disk.
- Decryption is the process of converting data from encrypted format back to its original format.
- Encryption algorithms can be divided into three classes: Symmetric, Asymmetric, and Hash function.
- Symmetric encryption uses a single key to encrypt and decrypt data. Therefore, it is also referred to as secret-key, single-key, shared-key, and private-key encryption.
- Asymmetric encryption, also known as public-key cryptography, uses two mathematically related keys. One key is used to encrypt the data, while the second key is used to decrypt the data.
- Different from the symmetric and asymmetric algorithms, a hash function is meant as one-way encryption. This means that after it has been encrypted, it cannot be decrypted.
- A Public key infrastructure (PKI) is a system consisting of hardware, software, policies, and procedures that create, manage, distribute, use, store, and revoke digital certificates.
- The most common digital certificate is the X.509 version 3.
- The certificate chain, also known as the certification path, is a list of certificates used to authenticate an entity. It begins with the certificate of the entity and ends with the root CA certificate.
- A digital signature is a mathematical scheme that is used to demonstrate the authenticity of a digital message or document. It is also used to confirm that the message or document has not been modified.
- When surfing the internet and needing to transmit private data over the internet, use SSL over HTTPS (https) to encrypt the data sent over the internet. By convention, URLs that require an SSL connection start with https: instead of http:.
- IP Security, more commonly known as IPsec, is a suite of protocols that provide a mechanism for data integrity, authentication, and privacy for the Internet Protocol.
- A virtual private network (VPN) links two computers through a wide-area network, such as the internet.
- Windows Hello is a Windows 10 biometric authentication system that uses a user’s face, iris, or fingerprint to unlock devices.
- Syslog is a standard for logging program messages that can be accessed by devices that would not otherwise have a method for communications.
Select the correct answer(s) for each of the following questions.
1. Which of the following is not a method for authentication?
- Something the user knows
- Something the user owns or possesses
- Encryption
- Something a user is
(c)
2. Which of the following would not be a biometric device?
- Password reader
- Retina scanner
- Fingerprint scanner
- Face scanning
(a)
A biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognizing the identity of a living person based on a physiological or behavioral characteristic. These characteristics include fingerprints, facial images, iris, and voice recognition.
3. Which service is used for centralized authentication, authorization, and accounting?
- VPN
- PGP
- RADIUS
- PKI
(c)
In the realm of IT security, the AAA (Authentication, Authorization, and Accounting) acronym is a model for access control. Authentication is the process of identifying an individual, usually based on a user name and password. After a user is authenticated, the user can access network resources based on the user’s authorization. Authorization is the process of giving individuals access to system objects based on their identity. Accounting, also known as auditing, is the process of keeping track of a user’s activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during the session.
RADIUS is a mechanism that allows authentication of dial-in and other network connections including modem dial-up, wireless access points, VPNs, and web servers. As an Internet Engineering Task Force (IETF) standard, RADIUS has been implemented by most of the major operating system manufacturers, including Microsoft Windows.
4. Which of the following is the primary authentication used on Microsoft Active Directory?
- LDAP
- Kerberos
- NTLAN
- SSO
(b)
Active Directory uses Kerberos version 5 as authentication protocol in order to provide authentication between server and client. Kerberos v5 became the default authentication protocol for Windows servers from windows server 2003.
5. Which of the following are the master timekeeper and master for password changes in an Active Directory domain?
- PDC Emulator
- RID
- Infrastructure master
- Schema master
(a)
PDC Emulator: The DC with the Primary Domain Controller Emulator role is the authoritative DC in the domain. The PDC Emulator responds to authentication requests, changes passwords, and manages Group Policy Objects.
6. Local user accounts are found in which of the following?
- Active Directory
- Registry
- SAM
- LDAP
(c)
A user account allows a user to log on and gain access to the computer where the account was created. The local user account is stored in the Security Account Manager (SAM) database on the local computer. The only Windows computer that does not have a SAM database is the domain controller. The administrator local user account is the only account that is created and enabled by default in Windows. While the administrator's local user account cannot be deleted, it can be renamed.
7. Which of the following authorizes a user to perform certain actions on a computer?
- Permissions
- An encryption algorithm
- Authentication protocol
- A right
(d)
A right authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up a system's files and directories. User rights are assigned through local policies or Active Directory group policies.
8. Which file system offers the best security?
- FAT
- FAT32
- NTFS
- EFS
(c)
FAT16 sometimes referred to generically as File Allocation Table (FAT), is a simple file system that uses minimum memory and has been used with DOS. Originally, it supported the 8.3 naming scheme which allowed up to 8-character file names and 3-character filename extensions. Later, it was revised to support long file names. Unfortunately, FAT can only support volumes up to 2 GB.
FAT32 was introduced with the second major release of Windows 95. While the file system can support larger drives, today’s Windows versions typically support volumes up to 32 GB. FAT32 also supports long file names.
NTFS is the preferred file system because it supports large volumes up to 16 exabytes (EB) and long file names. In addition, it is more fault-tolerant than previous file systems used in Windows, because it is a journaling file system. A journaling file system ensures that a disk transaction is written to disk properly before being recognized. Lastly, NTFS offers better security through permissions and encryption.
9. Which NTFS permission is needed to change attributes and permissions?
- Full Control
- Modify
- Read & Execute
- Write
(a)
NTFS permissions allow you to control which users and groups can gain access to files and folders on an NTFS volume. The advantage of NTFS permissions is that they affect local users as well as network users.
10. Which permission is granted directly to the file or folder?
- Explicit
- Inherited
- Effective
- Share
(a)
There are basically six types of permissions in Windows: Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write. List Folder Contents is the only permission that is exclusive to folders. There are more advanced attributes, but you'll never need to worry about those.
11. When copying a file or folder to a new volume, which permissions are acquired?
- The same permissions that it had before.
- The same permissions as the target folder.
- The same permissions as the source folder.
- No permissions
(b)
When you copy or move an object to another volume, the object inherits the permissions of its new folder.
12. Which of the following uses an ACL? (Choose all that apply.)
- NTFS folder
- Active Directory user
- Registry key
- Logon rights
(a), (b), (c)
Permission defines the type of access that is granted to an object (an object can be identified with a security identifier) or object attribute. The most common objects assigned permissions are NTFS files and folders, printers, and Active Directory objects. To keep track of which user can access an object and what the user can do with that object, refer to the access control list (ACL). The ACL lists all users and groups that have access to the object.
13. Which type of key has one key for encryption and a different key for decryption?
- Symmetric
- Asymmetric
- Hash function
- PKI
(b)
Asymmetric encryption uses two keys for encryption. The asymmetric key, also known as public-key cryptography, uses two mathematically related keys. One key is used to encrypt the data, while the second key is used to decrypt the data. Unlike symmetric key algorithms, it does not require a secure initial exchange of one or more secret keys to both sender and receiver. Instead, you can make the public key known to anyone and use the other key to encrypt or decrypt the data. The public key could be sent to someone or could be published within a digital certificate via a Certificate Authority (CA). Secure Sockets Layer (SSL)/Transport Layer Security (TLS) and Pretty Good Privacy (PGP) use asymmetric keys. Two popular asymmetric encryption protocols are Diffie-Hellman and RSA.
For example, say you want a partner to send you data. Therefore, you send the partner the public key. The partner will then encrypt the data with the key and send you the encrypted message. Then, you use the private key to decrypt the message. If the public key falls into someone else’s hands, they still could not decrypt the message.
14. Which infrastructure is used to assign and validate digital certificates?
- Asymmetric algorithm
- Active Directory
- PKI
- VPN
(c)
A public key infrastructure (PKI) is a system consisting of hardware, software, policies, and procedures that create, manage, distribute, use, store, and revoke digital certificates. Within the PKI, the certificate authority (CA) binds a public key with respective user identities and issues digital certificates containing the public key. For this system to work, the CA must be trusted. Typically, within an organization, you may install a CA on a Windows server, specifically on a domain controller, and it would be trusted within the organization. If it is necessary to have a CA trusted outside of your organization, use a trusted third-party CA, such as VeriSign or Entrust. Established commercial CAs charge to issue certificates that will automatically be trusted by most web browsers.
15. Which technology is used to encrypt an individual file on an NTFS volume?
- BitLocker
- BitLocker To Go
- PPTP
- EFS
(d)
The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.
16. Which physical device is used to authenticate users based on what a user has?
- Smart card
- Windows Hello
- Universal Windows Platform
- Device Guard
(a)
Biometrics authentication devices rely on physical characteristics such as fingerprint, facial patterns, or iris or retinal patterns to verify user identity. Biometrics authentication is becoming popular for many purposes, including network logon.
17. Which of the following is two-factor authentication that uses an enrolled device and Windows Hello?
- Device Guard
- Credential Guard
- Virtual secure mode
- Microsoft Passport
(d)
Microsoft Passport is two-factor authentication that consists of an enrolled device (such as a smartphone) and a Windows Hello (biometric) or PIN. The two factors are an encrypted key stored on the device combined with Windows Hello or a PIN. Microsoft Passport lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or a non-Microsoft service that supports Fast ID Online (FIDO) authentication.
18. A(n) ______ is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. (answer choices)
- PIN
- retinal scanner
- id badge
- voice recognition
(a)
A personal identification number (PIN) is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system.
19. A pocket-sized card with embedded integrated circuits used for authentication is known as a(n)? (answer choices)
- smart card
- security token
- encryption key
- PKI
(a)
A smart card is a pocket-sized card with embedded integrated circuits consisting of non-volatile memory storage components, and perhaps, dedicated security logic. Non-volatile memory is a memory that does not forget its contents when power is discontinued. Smart cards can contain digital certificates to prove the identity of someone carrying the card and may also contain permissions and access information. Because a smart card can be stolen, some smart cards will not have any markings on them, so they cannot be easily identified as to what they can open. In addition, many organizations will use a password or PIN in combination with the smart card.
20. A device that may provide a second password to log on to a system is a(n) (answer choices)
- smart card
- security token
- encryption key
- PKI
(b)
A security token (or sometimes a hardware token, hard token, authentication token, USB token, cryptographic token, or key fob) is a physical device that an authorized user of computer services is given to ease authentication. Hardware tokens are typically small enough to be carried in a pocket and are often designed to attach to a user’s keychain. Some of these security tokens include a USB connector, RFID functions, or Bluetooth wireless interface to enable the transfer of a generated key number sequence to a client system. Some security tokens may also include additional technology such as a static password or digital certificate built into the security token, much like a smart card. Other security tokens may automatically generate a second code that will have to be entered to get authenticated.
21. The _____ holds a copy of the centralized database used in Active Directory. (answer choices)
- domain controller
- permissions folder
- authentication protocol
- SAM
(a)
In Active Directory, each user is assigned a SAM account name; therefore, each user name must be unique. Domain Controller A domain controller is a server that holds a copy of the Active Directory database that can be written to.
22. A(n) ______ defines the type of access over an object or the properties of an object such as an NTFS file or printer. (answer choices)
- registry
- ownership
- permission
- surface attack
(c)
Permissions define the type of access that is granted to a user or group for an object or object property. By using the access control user interface, you can set NTFS permissions for objects such as files, Active Directory objects, registry objects, or system objects such as processes.
23. The ______ permissions flow from the parent object to the child object. (answer choices)
- explicit
- encrypted
- inherited
- full
(c)
Explicit permissions are permissions granted directly to a file or folder while inherited permissions are permissions that are granted to a parent object and they flow down.
24. When a folder cannot be accessed because someone removed the permissions so that no one can access it, it is necessary to take ________ of the folder. (answer choices)
- registry
- ownership
- permission
- surface attack
(b)
The owner of a file or folder is the user who has complete and full control over that file or folder in terms of being able to grant access to the resource and also allow other users to take over the ownership of a file or folder.
25. The centralized database that holds most of the Windows configurations is known as the (answer choices)
- audit
- authorization
- registry
- domain controller
(c)
The Registry contains information that Windows continually references during operation, such as profiles for each user, the applications installed on the computer and the types of documents that each can create, property sheet settings for folders and application icons, what hardware exists on the system, and the ports.
26. To track a user’s activities in Windows, it is necessary to enable what? (answer choices)
- authorization
- encryption
- auditing
- permissions
(c)
Windows auditing is a mechanism for tracking events. Knowing when and where these events occurred and who triggered them can help when doing Windows network forensics. It can also be very helpful with detecting certain types of problems like improper rights assignments in the file system.