Download CIST 1601 Chapter 10 Practice Questions: Security and Password Policies and more Exams Information Security and Markup Languages in PDF only on Docsity!
CIST 1601 Chapter 10 with 6.6.
Practice Questions Combination Exams
with Answers.
You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days.What should you do? - Answer:::✔✔Configure account policies in Group Policy Configure account (password) policies in Group Policy to enforce rules about the composition of passwords, such as minimum length, complexity, and history requirements. Use account expiration in a user account to disable an account after a specific day. Use day/time restrictions to prevent login during certain days or hours. Account lockout disables a user account after a specified number of incorrect login attempts. You are teaching new users about security and passwords.Which of the following is the BEST example of a secure password? - Answer:::✔✔T1a73gZ9! The most secure password is T1a73gZ9! because it is eight or more characters in length and combines uppercase and lowercase characters, special symbols, and numbers.
The least secure password is 8181952 because it appears to be a birthday. JoHnSmITh is not secure because it is still a name. Stiles_ is more secure but not as secure as random numbers and letters. You are configuring the Local Security Policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again.Which policies should you configure? (Select two.) - Answer:::✔✔Enforce password history Minimum password age Set the Enforce password history policy to prevent users from reusing old passwords. Set the Minimum password age policy to prevent users from changing passwords too soon. Passwords must remain the same for at least the time period specified. Use the Maximum password age policy to force periodic changes to the password. After the maximum password age has been reached, the user must change the password. Use the Password must meet complexity requirements policy to require that passwords include letters, numbers, and symbols. This makes it harder for hackers to guess or crack passwords.
The minimum password age setting prevents users from changing the password too frequently. After the password is changed, it cannot be changed again for at least 10 days. The maximum password age setting determines how frequently a password must be changed. The minimum password length setting controls the minimum number of characters that must be in the password. Password history is used to prevent previous passwords from being reused. Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company's customer database.Which action should you take? (Select two. Each response is part of a complete solution.) - Answer:::✔✔Train sales employees to use their own user accounts to update the customer database. Delete the account that the sales employees are currently using. You should prohibit the use of shared user accounts. Allowing multiple users to share an account increases the likelihood of the account being compromised. Because the account is shared, users tend to take security for the account less seriously. In the scenario, the following tasks need to be completed:
The existing shared user account needs to be deleted. Until you delete the account, users can continue to use it for authentication. You could just change the password on the account, but there is a high chance that the new password would be shared again. Train sales employees to use their own user accounts to update the customer database. Ensure that these accounts have the level of access required for users to access the database. Applying time-of-day login restrictions in a Group Policy object does not address the issue in this scenario. You have hired ten new temporary employees to be with the company for three months.How can you make sure that these users can only log on during regular business hours? - Answer:::✔✔Configure day/time restrictions in user accounts Use day/time restrictions to limit the days and hours when users can log on. Configure account expiration to disable an account after a specific date. Use account policies in Group Policy to configure requirements for passwords. Use account lockout settings in Group Policy to automatically lock accounts when a specific number of incorrect passwords are entered.
You manage a single domain named widgets.com.Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs.Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs.You need to make the change as easily as possible. Which of the following actions should you take? - Answer:::✔✔Implement a granular password policy for the users in the Directors OU. Use granular password policies to force different password policy requirements for different users. Password and account lockout policies are enforced only in GPOs linked to the domain, not to individual OUs. Prior to Windows Server 2008, the only way to configure different password policies was to create a different domain. You manage a single domain named widgets.com.Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users.You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, which is a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer, and he would like his account to have even more strict password policies than are required
for other members in the Directors OU.What should you do? - Answer:::✔✔Create a granular password policy for Matt. Apply the new policy directly to Matt's user account. To use a different set of policies for a specific user, create a Password Settings Object (PSO) for the user and apply it directly to the user account. If a PSO has been applied directly to a user, that PSO is in effect regardless of the precedence value. You could create a second group only for Matt's account and password policy. However, this policy must have a lower precedence value than the value set for the policy applied to the DirectorsGG group. Removing Matt's account from the DirectorsGG group is unnecessary and would probably affect his permissions to network resources. Effective planning for information security involves: a. collecting information about an organization's objectives. b. collecting information about an organization's information security environment. c. collecting information about an organization's technical architecture. d. All of the above - Answer:::✔✔All of the above The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables.
a. wrap-up b. turnover c. governance d. changeover - Answer:::✔✔governance A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan. a. SDLC b. WBS c. RFP d. CBA - Answer:::✔✔CBA In project planning, the tasks or action steps that come before the specific task at hand are commonly referred to as prerequisites.
True False - Answer:::✔✔False A(n) __________ is a simple project management planning tool. a. WBS
b. SDLC c. ISO 17799 d. RFP - Answer:::✔✔WBS By managing the __________, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce. a. wrap-up b. conversion process c. process of change d. governance - Answer:::✔✔process of change The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. a. direct changeover b. bull's-eye c. parallel d. wrap-up - Answer:::✔✔bull's-eye
a. direct changeover b. phased implementation c. pilot implementation d. wrap-up - Answer:::✔✔direct changeover The budgets of public organizations are usually the product of legislation or public meetings. True False - Answer:::✔✔True
