What is the process of controlling access to resources such as computers files or printers called quizlet?
is an access control policy determined by a computer system, not by a user or owner. Permissions are predefined in the MAC model. Show
The MAC model defines sensitivity labels that are assigned to subjects (users) and objects (files, folders, hardware devices, network connections, and so on). An object's label dictates what level of clearance is needed to access it, also known as a trust level (this is also known as data labeling). Smart card Photo ID Something You Have authentication controls include physical items that you have on your possession, such as a smart card, photo ID, token device, or swipe card. Something You Know authentication requires you to provide a password, PIN, pass phrase, or the answer to a cognitive question (such as your mother's maiden name). Something You Are authentication uses a biometric system, such as a fingerprint, retina scan, voice recognition, keyboard, or writing recognition. Authorization is the process of controlling access to resources such as computers, files, or printers. When managing access to resources, be aware of the following: In the client-server model, each host has a specific role in the network. Servers provide services such as file storage, user management, security configuration, and printing. Clients request services from servers. The client-server model is known as domain networking in a Windows environment. Some key domain networking facts include the following: > Domain networking uses the concept of security principals. These are entities such as users, computers, and resources. Some drawbacks of the client-server network model include increases in the following areas: With Windows 10, Microsoft's preferred method of signing onto a system is to use a Microsoft account. Microsoft accounts use a single sign-on system. This means that you can sign into different systems while maintaining the same user settings and password. You can even access your favorites websites. Microsoft accounts also provide synchronized access to other Microsoft services such as Office 365, Outlook, Skype, OneDrive, Xbox Live, Bing, and Microsoft Store. Microsoft accounts can be created using an existing email address or by signing up for a Microsoft email address. You can also use a phone number instead of an email address. If your Windows system was originally configured to sign in using a local account, you can switch to a Microsoft account by doing the following: 1. Select the Start menu and go to Settings > Accounts > Your info. To switch from a Microsoft account back to a local account, right-click Start and go to Settings > Accounts > Your info. Then select Sign in with a local account instead and follow the prompts. In addition to local and Microsoft account sign-ins, you can also sign into a Windows system using a domain account. Domain accounts are created and stored in Active Directory on a domain controller server. This provides central management of users and group. When using a domain user account to sign into your system, the username and password entered are sent to the domain controller. The domain controller then checks to see if the username and password submitted match the credentials it has for that particular user. If they do match, it sends a message back to the local system verifying the credentials, and the user is allowed to sign into the system. Before a user can sign in using a domain account, the domain user account must have already been created in Active Directory and the computer must have been joined to the desired domain. To sign in using a domain account, you need to specify the domain to which you want to sign into. If this is the first time you are signing into the domain, or you want to make sure you are signing into the correct domain, select Other user from the sign-in screen. From this dialog, a known domain will be shown. If the domain shown is the one you want to use, enter the username and password in the applicable fields. However, if the domain listed is not correct, you can change domains by specifying the correct domain in the username field using the syntax of domain\username. For example, to sign into the ACME domain using the Admin account, in the username field you would type AMCE\Admin. As soon as you type the backslash, the name of the domain is shown in the Sign in to area. You are the IT
administrator for a corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. You have created an Active Directory structure based on the company's departmental structure. While creating the structure, you added a Workstations OU in each of the departmental OUs. After further thought, you decide to use one Workstations OU for the entire company. As a result, you need to delete the departmental Workstations OUs. Complete this lab as follows: 1. Access the CorpDC server. 2. Delete the applicable OUs. 3. From the Active Directory Users and Computers menu bar, select View > Advanced Features to turn off the Advanced Features view. You are the IT administrator for a small corporate network. You recently added an Active Directory domain to the CorpDC server to manage network resources centrally. You now need to add user accounts in the domain. In this lab, your task is to create
the following user accounts on CorpDC: Use the following user account naming standards and specifications as you create each account: Complete this lab as follows: 1. Access Active Directory Users and Computers on the CorpDC server. 2. Create the domain user accounts. 3. Modify user account restrictions for the temporary sales employee. You are the IT administrator for a small corporate network. You recently added an Active Directory domain on the
CorpDC server to manage network resources centrally. Organizational units in the domain represent departments. User and computer accounts are in their respective departmental OUs. Complete this lab as follows: 1. Access Active Directory Users and Computers on the CorpDC server. 2. From the left pane, expand CorpNet.local. 3.Unlock the Mary Barnes account. 4. Disable the Mark Woods account. 5. Enable Pat Benton's account. 6. Rename the Andrea Simmons account. 7. Configure user account restrictions. You are the IT administrator for the CorpNet domain. You have decided to use groups to simplify the administration of access control lists. Specifically,
you want to create a group containing the department managers. Complete this lab as follows: 1. Access Active
Directory Users and Computers on the CorpDC server. 2. In the Users container, create a group named Managers. 3. Add user accounts to the Managers group. You have been asked to perform administrative tasks for a computer that is not a member of a domain. To increase security and prevent unauthorized access to the computer, you need to configure specific password and account lockout policies. Complete this lab as follows: 1. Using Windows Administrative Tools, access the Local Security Policy. 2. Configure the password policies. 3. Configure the account lockout policies. > Disable and/or remove unnecessary accounts installed on the operating system by default, or disable specific user accounts that are no longer needed. You work as the IT administrator for a growing corporate network. The Research and Development Department is working on product enhancements. Last year, some secret product plans were compromised. As a result, the company decided to implement smart cards for logon to every computer in the Research and Development Department. No user should be able to log onto the workstation without using a smart card. In this lab, your task is to perform the following on CorpDC: Complete this lab as follows: 1. Access the CorpDC server. 2. Enforce the existing Research-DevGPO. 3. Edit Research-DevGPO polices. TACACS+ was originally developed by Cisco for centralized remote access administration. TACACS+: TACACS was originally developed in 1984 by BBN Technologies. The current version of the protocol standard, TACACS+, was developed by Cisco Systems but is supported by many vendors, such as BlueCat Networks, IBM, Netgear, and more. TACACS and Extended Terminal Access Controller Access-Control System (XTACACS) are older protocols developed before TACACS+. While they sound similar, they are different and less-secure protocols. An authentication protocol identifies how credentials are submitted, protected during transmission, and validated. Instead of a simple username and password, some authentication protocols require certificates and digital signatures for proof of identity. > A certificate is a digital document that identifies a user or a computer. The certificate includes a subject name, which is the name of a user or a computer. The following table describes various authentication methods used for network authentication. Many of these use some form of challenge/response mechanism. What is the process of controlling access to resources such as computer files or printers called?The process by which access to those resources is restricted to a certain number of users is called access control. The authentication process always comes before the authorization process.
Which of the following identifies the type of access that is allowed or denied for an object quizlet?identifies the type of access that is allowed or denied for the object. A discretionary access control list (DACL) is an implementation of discretionary access control (DAC). A system access control list (SACL) is used by Microsoft for auditing to identify past actions performed by users on an object.
Which of the following is an example of rule based access control?Which of the following is an example of rule-based access control? Router access control lists that allow or deny traffic based on the characteristics of an IP packet. A router access control list that allows or denies traffic based on the characteristics of an IP packet is an example of rule-based access control.
Which of the following commands is used to change the current group ID during a login session?The newgrp command is used to change the current GID (group ID) during a login session.
|