Security+ Guide to Network Security, Second Edition Lab Manual Solutions 8- 1 Chapter 8 Lab Manual Review Questions and Answers Lab 8.1 1. What file systems are compatible with Windows NT Server 4.0? (Choose all that apply.) a. b. c. d. FAT FAT32 OSPF NTFS 2. Which of the following are features of NTFS version 5 that are not available with FAT partitions? (Choose all that apply.) a. b. c. d. share-level security file-level security compression encryption 3. Which of the following commands converts a FAT partition to NTFS? a. b. c. d. update C: /FS:NTFS upgrade C: /FS:NTFS convert C: /FS:NTFS convert C: /NTFS 4. What permissions are available for Windows folder shares? (Choose all that apply.) a. b. c. d. Read Modify Change Full Control 5. Once a FAT partition has been converted to NTFS, the only way to change it back to FAT is to rebuild the drive and restore it from a backup. True or False? Answers: (a, d), (b, c, d), c, (a, c, d), True Security+ Guide to Network Security, Second Edition Lab Manual Solutions 8- 2 Lab 8.2 1. Data confidentiality is best defined as __________. a. data that has not been tampered with intentionally or accidentally b. data that has been scrambled for remote transmission c. data that is secured so only intended users have access d. data that can be accessed when it is needed 2. When comparing the Full Control and Modify NTFS permissions, what differentiates the two? a. Full Control is exactly the same as Modify. b. Full Control allows you to change permissions and ownership. c. Modify only allows changes, while Full Control allows changes as well as deletions. d. Modify allows you to change permissions and ownership. 3. A safeguard in Windows NT/2000/2003 allows administrators to access data even if they have been explicitly denied. How is this possible? a. b. c. d. Administrators can take ownership and change the permissions to allow access. Administrators can log on as a user with permissions and grant themselves access. Administrators cannot be denied access to data. This safeguard does not exist; administrators can be denied access to data. 4. When NTFS permissions are combined with other NTFS permissions, what are the effective permissions? a. b. most restrictive least restrictive 5. When NTFS permissions are combined with share permissions, what are the effective permissions? a. b. Answers: c, b, a, b, a most restrictive least restrictive Security+ Guide to Network Security, Second Edition Lab Manual Solutions 8- 3 Lab 8.3 1. Data availability is best defined as __________. a. b. c. d. data that has not been tampered with intentionally or accidentally data that has been scrambled for remote transmission data that is secured so only intended users have access data that can be accessed when it is needed 2. What technologies can be used to help reduce downtime and increase the time that data is readily available? (Choose all that apply.) a. b. c. d. backups clustering load balancing RAID 3. A user took a leave of absence from your company for personal reasons. A junior administrator deleted the user’s account from Active Directory. To fix the problem, the junior administrator re-created the account. When the user returned to work, he could not access any of his files. What is the cause? a. Accounts with the same name should work; that is not the cause of the problem. b. The user’s account had expired. c. The user’s password did not comply with the domain security policy. d. Even though the two accounts have the same name, the SIDs are different. 4. How can data confidentiality affect data availability? a. b. c. d. They are two independent areas that do not affect each other. For data to be available, it cannot be confidential. Data that is secured too strongly might conflict with the availability. Data that is secured too weakly might conflict with the availability. 5. What percentage of downtime would be acceptable for an e-commerce business? a. b. c. d. 95% 100% 0% 50% Answers: d, (a, b, c, d), d, c, c Security+ Guide to Network Security, Second Edition Lab Manual Solutions 8- 4 Lab 8.4 1. Data integrity is best defined as ________. a. data that has not been tampered with intentionally or accidentally b. data that has been scrambled for remote transmission c. data that is secured so only intended users have access d. data that can be accessed when it is needed 2. Data integrity can be damaged by which of the following? (Choose all that apply.) a. b. c. d. viruses worms hackers Trojan horses 3. An administrator restores a folder of files at the request of the folder’s owner. Two days later the user calls the Help desk to complain that some data is missing from files that were updated two weeks ago. What could have happened? a. b. c. d. The restore failed and corrupted the data. The restore was successful but restored some files that should not have been restored. The original backup was corrupt. The user’s files were infected with a virus. 4. Data integrity can be threatened by environmental hazards such as dust, surges, and excessive heat. True or False? 5. Which of the following helps maintain data integrity? (Choose all that apply.) a. b. c. d. disaster recovery plans an equipment standards policy system documentation preventive maintenance Answers: a, (a, b, c, d), b, True, (a, b, c, d) Security+ Guide to Network Security, Second Edition Lab Manual Solutions 8- 5 Lab 8.5 1. Encryption is best defined as __________. a. data that has not been tampered with intentionally or accidentally b. data that has been scrambled c. data that is secured so only intended users have access d. data that can be accessed when it is needed 2. In Windows Server 2003, who can access encrypted files? (Choose all that apply.) a. b. c. d. the owner of the files the administrator the recovery agent all users 3. If data that is encrypted with NTFS encryption is copied to a FAT partition, the data is decrypted. True or False? 4. What is the Windows Server 2003 command-line utility that can be used to encrypt data? a. b. c. d. Crypto EncryptIt Encrypt Cipher 5. You have decided to use NTFS encryption to enhance security on your network of six servers. Five of the six servers have compressed drives, and a new administrator says that it would not be a good idea to implement an encryption policy now. Why is or isn’t the administrator correct? a. b. c. d. The administrator is not correct; encryption helps secure your network. The administrator is not correct; encryption decreases the performance of the servers, but is not noticeable to the users. The administrator is correct; encryption adds too much overhead to the servers. The administrator is correct; encryption and compression cannot be used at the same time. Answers: b, (a, b, c), True, d, d