• Aucun résultat trouvé

Copyright Notice

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "Copyright Notice"

Copied!
8
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze

Unit OS7: Security

7.4. Quiz

2

Copyright Notice

© 2000-2005 David A. Solomon and Mark Russinovich

These materials are part of the Windows Operating System Internals Curriculum Development Kit, developed by David A. Solomon and Mark E.

Russinovich with Andreas Polze

Microsoft has licensed these materials from David Solomon Expert Seminars, Inc. for distribution to academic organizations solely for use in academic environments (and not for commercial use)

(2)

3

Security Ratings

Which of the following is not required for a C2 rating?

a)

Encrypted passwords

b)

Object reuse protection

c)

Secure logon

d)

Auditing

C2 Security

C2 trusted path is provided by:

a)

Secure logon

b)

Directory-level discretionary access control

c)

Secure attention sequence

d)

Administrator protection of audit logs

(3)

5

Security System Components

What is the heart of the object access protection in Windows?

a)

Local Security Authority

b)

Security Reference Monitor

c)

Active Directory

d)

Security Accounts Database

6

Security System Components

The Windows security system consists of a number of kernel- and user-mode components.

Which one is not among them?

a)

Transactional Object Monitor (TOM)

b)

Security Accounts Manager (SAM)

c)

Graphical Identification and Authentification (GINA)

(4)

7

Security Settings

Changing the security settings for a file in Windows affects:

a)

The next open-operation on the file (CreateFile)

b)

The next write-operation on the file (WriteFile)

c)

The next read-operation on the file (ReadFile)

Active Directory

The distributed authentication and authorization mechanism in Windows active directory relies on the following security protocol:

a)

Odin

b)

Zeus

c)

Kerberos

(5)

9

Kerberos

Kerberos relies on:

a)

Symmetric encryption

b)

Asymmetric (public/private key) encryption

c)

Secret oneway functions

10

Access Check

Which of the following are not referred to for a security access check?

a)

Token

b)

Discretionary Access Control List (DACL)

c)

System Access Control List (SACL)

d)

Desired Access

(6)

11

Security Token

Which of the following is not part of the Windows Security Token?

a)

Account SID

b)

Assigned Privileges

c)

Handle to Security Reference Monitor

d)

List of groups a user belongs to

Access Control Entries

Which of the following is a valid access control entry (ACE) type?

a)

Allow and Deny

b)

Deny all

c)

Deny

d)

DACL

(7)

13

Auditing

Auditing ACE’s are stored in an object’s:

a)

SACL

b)

DACL

c)

Token

d)

SID

14

Impersonation

In client/server applications, impersonation is used to let a:

a)

Client take on a security identity of a server

b)

Client access same objects as the server

c)

Server take on a security identity of a client

d)

Server access objects on the client system

(8)

15

Privileges

When a privilege is needed, the Security Reference Monitor checks this by:

a)

Querying the Local Security Authority process

b)

Checking privilege in the access token

c)

Checking privilege DACL for user access

d)

Writing auditing event to the Security event log

Acess Control Lists

If Alice is a member of the Manager's group and a file she wants to access has a DACL with three ACEs composed as follows, will Alice be able to read from the file?

1st ACE: Bob can't read from the file 2nd ACE: Manager's can't write the file 3rd ACE: Alice can write and delete the file

a)

yes

Références

Télécharger maintenant ( PDF - 8 Page - 51.68 KB )

Documents relatifs

FILE MANAGER

Generates a device status message for each device interfaced to the 4907 File Manager controller and stores them in the specified string variable.. Erases everything currently in

is file.

This means that a USES LONGINT statement must be included in any program using the LONG INTEGER procedures.. The operating system now uses the general vertical

FILE MANAGER VERSION 2

If the preceding GETS or READR request accessed the file by relative record number, the number of records stored by each UPDREC execution is the number of

• The FILE option which causes the output to be to a file instead of the terminal or printer.

The End-of-File control word causes input processing to revert to the file that invoked, the current imbed file.. If the current file was not imbedded,

Who Wants to be a Martyr?

President Bush, at last year's United Nations conference on poor nations in Monterrey, Mexico, said that "we fight against poverty because hope is an answer to terror."

If file"

AllocateFile: PROCEDURE [TableHandle] RETURNS [FileHandle] ~ LOOPHOLE[BootDefs.AllocateObject]i ValidateFile: PROCEDURE [TableHandle,FileHandle] ~

Protocol Manager Binding: NETBIND and the PROTOCOL.INI File

The following table shows (in alphabetical order), the possible entries and values for the EtherLink Plus adapter sectioN of the PROTOCOL.INI file. Etherlink Plus Adapter

Who wants to be a family physician?

As McWhinney has so profoundly said, family medicine is fundamentally different: it is the only discipline to define itself in terms of relationships, espe- cially