Download (direct link):
What else do you delete when you delete Cindy's account? (Choose all that apply.)
A. Cindy's SID
B. Cindy's ACLs
C. Cindy's access tokens
D. Cindy's user profile
7. Which of the following statements is true about Power Users? (Choose all that apply.)
A. They cannot delete user accounts that they did not originally create.
B. They cannot install applications.
C. They cannot remove users from the Backup Operators group.
D. They can take ownership of files.
E. They can make folders and printers available for sharing.
8. You set Heather's account lockout threshold to 3, and her account lockout duration to 0. Heather is a terrible typist and one day she misspells her password three times in a row. What must she do next? (Choose the best answer.)
A. Try again. The account lockout duration of 0 means that she can retype her password immediately.
B. Wait five minutes and try again. The account lockout duration of 0 means that Windows uses the default value of five minutes.
C. Find an administrator. The account lockout duration of 0 means that Heather can't attempt additional logons until her account is cleared.
D. Quit Acme Cognac and go to work in TV.
1. A. Windows XP doesn't implement primary and backup domain controllers; all domain controllers are peers. Review 'Windows XP Networking Models.'
2. A. Because you suspect someone of trying to access a domain account, you should specify 'account logon events' as plain old 'logon events' to audit logons to the local PC's security database only. You must choose Success or Failure or both. Typically, if you suspect that someone doesn't already have a valid username, or password and is trying to guess one or the other or both, you audit failed logon attempts. Review 'Auditing User Activities.'
3. A. The Users group conveys all the necessary rights. If Vendela needed to run applications written for NT Workstation 4.0, you would consider making her a Power User. As for choice E, no predefined group named New Users exists. Review 'User rights and built-in local groups.'
4. C. The Users and Passwords control panel is intended for adding local user accounts, so choice A is out. Ditto for choice B, hence the word 'local' in the program's name. Choices D and E don't exist, and choice F harks back to Windows NT Server 4.0. Review 'Creating Local Users.'
5. D. Choices A, B, and C don't exist, nor does choice E (although a policy does exist to enforce a minimum password length). Choice F is not a valid policy, and furthermore, the use of special characters, such as the exclamation point, is encouraged as it makes passwords harder to guess. The complexity requirement means that Tyra can't include her user name or any part of her full name in her password. Review 'Sorry, it's company policy.'
6. A and C. You delete Cindy's Security ID and, with it, all of her access tokens for accessing shared resources. Access Control Lists, or ACLs, are associated with objects rather than users. As for choice D, deleting an account doesn't automatically delete a user profile, so you may want to run Windows Explorer to remove C:\Documents and Settings\Cindy. Review "Deleting user accounts."
7. A, C, and E. Power Users can install applications, as long as the applications don't install system services or modify operating system files. Power Users cannot take ownership of files; only Administrators can do that. Review 'User rights and built-in local groups.'
8. C. Maybe Heather could also trim her fingernails a bit. Review 'Sorry, it's company policy.'
Chapter 11: Access Permissions
* Control access to files and folders by using permissions
* Optimize access to files and folders
* Create and remove shared folders
* Control access to shared folders by using permissions
* Configure, manage, and implement Internet Information Services (IIS)
* Manage and troubleshoot Web server resources
* Configure, manage, and troubleshoot a security configuration
* Configure, manage, and troubleshoot Internet Explorer security settings
* Configure, manage, and troubleshoot local security policy
Following on the discussion of users and groups in Chapter 10 (which I strongly suggest you read before this one), this chapter looks at securing Windows XP systems by posting virtual 'Authorized Personnel Only' signs all around the operating system. Share permissions, file-and-folder (NTFS) permissions, computer accounts, Web server permissions, and Local Group Policy are the topics of the day here. This chapter also looks briefly at auditing object access in the file system and the Registry.
You can expect three or more exam questions on the material in this chapter, as access permissions are always a prime concern of corporate network managers (and, therefore, exam question authors).
Control access to files and folders by using permissions
1. You can control local or network access to specific files on a Windows XP Professional machine by using ______.