1. Which of the following best describes the principle of least privilege?

1. Providing the necessary access to carry out any task

2. Providing access to the least number of objects possible

3. Providing just the necessary access required to carry out a task

4. Providing access equivalent to the least populated security group

  2. Which type of user account is designed using the principle of least privilege?

1. LUA

2. SID

3. GUID

4. KDC

  3. What structure does the Windows operating system use to store collections of permissions for objects?

1. ACE

2. DACL

3. GUID

4. CLSID

  4. If a regular user is a member of four groups, how many SIDs will be stored in the user’s SAT?

1. 1

2. 4

3. 5

4. 6

  5. Which of the following best describes UAC?

1. Prompts users before escalating to administrator privileges

2. Prevents processes from escalating to administrator privileges

3. Terminates programs that attempt to escalate to administrator privileges

4. Alerts users that attempts to escalate to administrator privileges have been automatically denied

  6. Which protocol does the Windows operating system use by default to authenticate computers to exchange security information?

1. Kerberos

2. NTLM

3. SAML

4. TCP/IP

  7. When viewing an object’s DACL, which permission indicates that advanced permissions have been set?

1. Extended permissions

2. Advanced permissions

3. Special permissions

4. Level II permissions

  8. Which type of identifier was originally adopted by Windows to identify GUI controls?

1. SID

2. PID

3. CLSID

4. GUID

  9. Which type of identifier is used to identify user groups?

1. SID

2. PID

3. CLSID

4. GUID

10. If a user, userA, is a member of groupA and groupB, and groupB allows read access to helloWorld.c but groupA denies read access to helloWorld.c, can userA read helloWorld.c?

1. Yes, because groupA allows read access to helloWorld.c.

2. No, because groupB denies read access to helloWorld.c.

3. Yes, because userA is a member of groupB.

4. No, because users cannot belong to multiple groups.

11. Why should you carefully design an auditing strategy before turning auditing on?

1. Auditing incomplete information wastes analysis time.

2. Auditing too much information causes excessive overhead.

3. Ad hoc auditing rarely provides useful information.

4. Audit log files only retain limited information without extensive configuration.

12. Which of the following guidelines tends to provide the most useful auditing information?

1. Always audit event success and failures.

2. Never audit both event successes and failures.

3. Generally audit event failures.

4. Do not audit event failures unless you first audit event successes.

13. What tool is most commonly used to view and search audit logs?

1. Windows Event Viewer

2. Windows Log Viewer

3. Windows Audit Viewer

4. Windows ACL Viewer

14. Which of the following Windows tools replaces previous legacy tools and allows ACL modifications?

1. cacls

2. xcacls

3. icalcs

4. robocopy

15. When using AGULP, for which entity type are local object permissions defined?

1. User accounts

2. Global groups

3. Universal groups

4. Domain local groups