1. Which of the following best describes the principle of least privilege?
Providing the necessary access to carry out any task
Providing access to the least number of objects possible
Providing just the necessary access required to carry out a task
Providing access equivalent to the least populated security group
2. Which type of user account is designed using the principle of least privilege?
LUA
SID
GUID
KDC
3. What structure does the Windows operating system use to store collections of permissions for objects?
ACE
DACL
GUID
CLSID
4. If a regular user is a member of four groups, how many SIDs will be stored in the user’s SAT?
1
4
5
6
5. Which of the following best describes UAC?
Prompts users before escalating to administrator privileges
Prevents processes from escalating to administrator privileges
Terminates programs that attempt to escalate to administrator privileges
Alerts users that attempts to escalate to administrator privileges have been automatically denied
6. Which protocol does the Windows operating system use by default to authenticate computers to exchange security information?
Kerberos
NTLM
SAML
TCP/IP
7. When viewing an object’s DACL, which permission indicates that advanced permissions have been set?
Extended permissions
Advanced permissions
Special permissions
Level II permissions
8. Which type of identifier was originally adopted by Windows to identify GUI controls?
SID
PID
CLSID
GUID
9. Which type of identifier is used to identify user groups?
SID
PID
CLSID
GUID
10. If a user, userA, is a member of groupA and groupB, and groupB allows read access to helloWorld.c but groupA denies read access to helloWorld.c, can userA read helloWorld.c?
Yes, because groupA allows read access to helloWorld.c.
No, because groupB denies read access to helloWorld.c.
Yes, because userA is a member of groupB.
No, because users cannot belong to multiple groups.
11. Why should you carefully design an auditing strategy before turning auditing on?
Auditing incomplete information wastes analysis time.
Auditing too much information causes excessive overhead.
Ad hoc auditing rarely provides useful information.
Audit log files only retain limited information without extensive configuration.
12. Which of the following guidelines tends to provide the most useful auditing information?
Always audit event success and failures.
Never audit both event successes and failures.
Generally audit event failures.
Do not audit event failures unless you first audit event successes.
13. What tool is most commonly used to view and search audit logs?
Windows Event Viewer
Windows Log Viewer
Windows Audit Viewer
Windows ACL Viewer
14. Which of the following Windows tools replaces previous legacy tools and allows ACL modifications?
cacls
xcacls
icalcs
robocopy
15. When using AGULP, for which entity type are local object permissions defined?
User accounts
Global groups
Universal groups
Domain local groups
3.137.216.175