Lab 3 Questions and Answers

In: Computers and Technology

Submitted By gibsotia
Words 350
Pages 2
Lab #3: Worksheet
Configure Windows File System Permissions
Student Name: _____________________________________________________________
Lab Due Date: April 10, 2015

If you may work in groups to complete this lab.
Folder Structure Drawing
You are asked to draw a folder structure that meets the scenario’s requirements. You may draw the structure on paper, use Visio or another drawing program. If you draw the structure on a separate sheet of paper, turn this in to your instructor. If you use Visio or another drawing program, paste your diagram here:

Screenshots
The lab requires the student to provide several screen captures at specific points in the process. Place your screen captures here in the appropriate order.

Assessment Questions
Overview
In this lab, you reviewed a scenario requiring you to design a Windows folder structure, and you implemented your design. Next, you used the Microsoft® Active Directory Users and Computers utility to create security groups that suited the requirements in the scenario. Finally, you applied those security groups to the folder structure you designed.
Questions
1. When you designed a file system in the first section of this lab, why did you choose the structure that you selected? a. What I learned how to do in the associates program

2. As you look back on the file structure that you created, what changes would you want to make if you were to use it for a real college environment? b. Make sure OU stay together

3. In this lab, you assigned members of the Faculty group full control of the Assignments folder. What risk does this pose? c. Faculty can go in and read, write, or execute anything in the Assignments folder

4. What could you do to correct the situation described in question 3? d. Only give them read, and execute permissions

5. What Windows file security attribute allows a user…...

Similar Documents

Lab #3 Assessment Questions & Answers

...1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization 2. What two access controls can be setup for a Windows Server 2003 folders and authentication? Authentication and Access control. 3. lf you can browse a file on a Windows network share but are not able to copy it or modify it what type of access controls and permissions are probably configured? What type of Access Control would best describe this access control situation? List Folder Contents – Security Policy based control. 4. What is the mechanism on a Windows Server where you can administer granular policies and permissions on a Windows network using role-based access? Group Policy Editor 5. What is two-factor authentication and why is it an effective access control technique? Two Factor uses two of the three characteristics in Authentication types (Knowledge, Ownership, Characteristics) 6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve C-1-A for departmental LANs, departmental folders, and data. creates security principals in the Active Directory domain partition 7. Is it a good practice to include the account or user name in the password? Why or why not? It is not a good idea to have a user name in the password, because it easy for people can try to hack or decode the password. 8. Can a user who is defined in the Active Directory......

Words: 340 - Pages: 2

Lab #2 Questions and Answers

...Lab 2 1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application. It’s used for port scanning. It can be used to see what hosts are on the network and to see what services they are running. 2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? Threats and vulnerabilities lead risks, if you don’t have then then you don’t have any risk of anyone getting into your network 3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan? That would be Nessus is the application used. 4. Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? You must get written permission 5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? A CVE (Common Vulnerabilities and Exposures) are known vulnerabilities and also show you how to patch them. They are from the Mitre Corporation but are under contract for Homeland Security and NCSD. 6. Can ZenMap GUI detect what operating systems are present on IP servers and workstations? What would that option look like in the command line if running a scan on 172.30.0.10? Yes it can detect what OS are being used. The command would be –o.......

Words: 401 - Pages: 2

Toolwire Lab 2 Question and Answers

...use while providing advanced features for experienced Nmap users. 2. What is the relationship between risks, threats, and vulnerabilities as it pertains to information systems security throughout the seven domains of a typical IT infrastructure? The seven domains of an infrastructure are user, workstation, LAN, LAN to WAN, components, remote access, and system/application. The user is the weakest link in security which are vulnerable to threats and may cause risk in the future. Risk is the likelihood that something bad will happen. Threat is the action that could damage an asset, and vulnerability is the weakness that allows a threat to be realized. Risk mitigation must include finding and eliminating vulnerabilities and exploits. 3. Which application is used for Step 2 in the hacking process to perform a vulnerability assessment scan? Nessus vulnerability assessment scanning software. 4. Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance, probing, and scanning procedures? Written permission. You must obtain written authorization to perform an intrusive Penetration test or vulnerability assessment scan on a live production network. 5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? CVE is a publicly available and free to use list and dictionary of standardized identifiers for common computer vulnerabilities and exposures.......

Words: 465 - Pages: 2

Reflecting Light Off a Plane Mirror Lab Questions and Answers

...Questions A. How did the angle of incidence compare with the angle of reflection? B. In trial 5, you aimed the incident ray directly along the normal. Describe the path of the incident and reflected rays for this special case. C. Where might errors occur in this activity? D. How would these errors affect your conclusion? E. Billiards is a game that makes use of reflection (Figure 2). How could the results of this activity help you in such a game? F. What other sports or activities make use of the reflection rule that you discovered in this activity? Answers a. The angle of incidence (the angle between the light emitted from a source and the normal) and the angle of reflection (the angle between the light that bounces from the surface and the normal) have the same angle. This is because a reflection coming from a plane mirror is usually equivalent to the object it is reflecting; this means that the angle in which the incident ray hits the mirror will be the same angle as the reflected ray. b. When the light was directed to the mirror at the same angle as the normal, the incident ray travelled straight along the normal line towards the mirror and as it hit the mirror it made the reflected ray travel straight along the normal line away from the mirror and towards the light source. c. There are places where errors could've occurred in this activity; first, when the light was aimed at the plane mirror the spot in which the incident ray had to hit was the normal end of......

Words: 603 - Pages: 3

Lab 3

...Lab #3 Assessment Questions & Answers 1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization 2. What two access controls can be setup for a Windows Server 2003 folders and authentication? Authentication and Access control. 3. lf you can browse a file on a Windows network share but are not able to copy it or modify it what type of access controls and permissions are probably configured? What type of Access Control would best describe this access control situation? List Folder Contents – Security Policy based control. 4. What is the mechanism on a Windows Server where you can administer granular policies and permissions on a Windows network using role-based access? Group Policy Editor 5. What is two-factor authentication and why is it an effective access control technique? Two Factor uses two of the three characteristics in Authentication types (Knowledge, Ownership, Characteristics) 6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve C-1-A for departmental LANs, departmental folders, and data. creates security principals in the Active Directory domain partition 7. Is it a good practice to include the account or user name in the password? Why or why not? It is not a good idea to have a user name in the password, because it easy for people can try to hack or decode the password. 8. Can a user...

Words: 324 - Pages: 2

Lab 3 Questions for Fundamentals of Information Systems Security

...1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization. 2. What two access controls can be setup for a Windows Server 2003 folders and authentication? Discretionary access control lists (DACLs that we configure for privileges Security association between client and server that is a process to verify someone who they claim they are. 3. If you can browse a file on a Windows network share but are not able to copy it or modify it what type of access controls and permissions are probably configured? What type of Access Control would best describe this access control situation? List Folder Contents and Security Policy based control. 4. What is the mechanism on a Windows Server where you can administer granular policies and permissions on a Windows network using role-based access? Group Policy Editor. 5. What is two-factor authentication and why is it an effective access control technique? Two Factors sometimes uses three characteristics in Authentication types Knowledge, Ownership, Characteristics. 6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve C-I-A for departmental LANs, departmental folders, and data. The security principals in the active directory domain partition. 7. Is it a good practice to include the account or user name in the password? Why or why not? It is not a good idea to......

Words: 354 - Pages: 2

Lab 3

...Lab 3 Assessment Questions & Answers 1. What two access controls can be set up for Windows Server 2003 folders and authentication? Authentication & Access Control 2. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? Security Policy 3. What is the Windows tool that allows you to administer granular policies and permissions on a Windows network using role-based access? Group Policy Editor 4. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve CIA for departmental LANs, departmental folders, and data. Creates security principals in the Active Directory partition 5. Would it be a good practice to include the account or user name in the password? Why or why not? No- it is not a good idea, because most password cracking programs will insert the account. 6. Can a user who is defined in the Active Directory access a shared drive if that user is not part of the domain? Non domain machines cannot access shared folders 7. Does Windows Server 2003 require a user’s logon/password credentials prior to accessing shared drives? Yes- Credentials are required 8. Using what you know about access controls, what security controls would you recommend when granting access to LAN systems for guests (i.e., auditors, consultants, third-party individuals, etc.) that will maintain CIA of......

Words: 252 - Pages: 2

Is-3120 Lab 6 Question and Answer

...connected to the LAN •ALL devices connected within a LAN can hear ALL the packets irrespective of whether the packet is meant for that device or not. It is possible for some unscrupulous node listening to data packets not meant for that. •Suppose, your organization has different departments. Using a traditional LAN, when any changes take place within the organization, physical cables and devices need to be moved to reorganize the LAN infrastructure. •A LAN cannot extend beyond its physical boundary across a WAN as in VLANs. Management is complex Possible problems in interoperability A VLAN cannot forward traffic to another VLAN (need a router to communicate 802.1D Spanning Tree Protocol (STP) has a drawback of slow convergence. 3. What mode must VTP is set on a switch in order to extend a VLAN definition? The mode is VTP Transparent Mode. The VTP Transparent mode is something between a VTP Server and a VTP Client but does not participate in the VTP Domain. In Transparent mode, you are able to create, modify and delete VLANs on the local switch, without affecting any other switches regardless of the mode they might be in. Most importantly, if the transparently configured switch receives advertisement containing VLAN information, it will ignore it but at the same time forward it out its trunk ports to any other switches it might be connected to. 4. Define the term “Trunking”. In telecommunications it refers to the grouping of connection switches and circuits......

Words: 848 - Pages: 4

Lab 3

...Lab #3 – Assessment Worksheet Data Gathering and Footprinting on a Targeted Web Site Student Name: ___Westley Mixon________________________________________________ Lab Due Date: __________January 28, 2015________________________________________ Overview The first phase of hacking is the footprinting phase, which is designed to passively gain information about a target. In this lab, you performed technical research against three Web domains using Internet search tools. You collected public domain information about an organization using the Google search engine to uncover information available on the Internet. Finally, you recorded the information you uncovered in a research paper, describing how this information can make an organization vulnerable to hackers. Lab Assessment Questions & Answers 1 What information can you obtain by using the WHOIS tool contained within Sam Spade? Domain owner, including contact names, numbers, addresses, and the names of associated servers. 2 Besides the WHOIS utility covered in this lab, what other functions did you discover are possible with the Sam Spade utility? That you can Ping, nslookup, Whois, IP Block, Dig, Traceroute, Finger SMTP Verify, Time, Blacklist, and Abuse Lookup. 3 What is the purpose of the tracert command? What useful information does the trace route tool provide? How can this information be used to attack the targeted website? It identify the network path that must be followed to reach......

Words: 521 - Pages: 3

Lab Assessment Questions & Answers

...1. Relate how Windows Server 2012 Active Directory and the configuration of access controls achieve CIA for departmental LANs, departmental folders, and data. 2. Is it a good practice to include the account or user name in the password? Why or why not? 3. To enhance the strength of user passwords, what are some of the best practices to implement for user password definitions to maximize confidentiality? 4. Can a user who is defined in Active Directory access a shared drive on a computer if the server with the shared drive is not part of the domain? 5. Does Windows Server 2012 R2 require a user's logon/password credentials prior to accessing shared drives? 6. When granting access to network systems for guests (i.e., auditors, consultants, third-party individuals, etc.), what security controls do you recommend implementing to maximize CIA of production systems and data? 7. In the Access Controls Criteria table, what sharing changes were made to the MGRfiles folder on TargetWindows01-DC server? 8. In the Access Controls Criteria table, what sharing changes were made on the TargetWindows01-DC server to allow Shopfloor users to read/write files in the C:\LabDocuments\SFfiles folder? 9. In the Access Controls Criteria table, what sharing changes were made on the TargetWindows01-DC server to allow HumanResources users to read/write files in the C:\LabDocuments\HRfiles folder? 10. Explain how CIA can be achieved down to the folder and data...

Words: 277 - Pages: 2

Lab 3 Assessment Questions Is3350

...CardSystems Solutions break any federal or state laws? • Federal Trade Commission presented a decision order on CardSystems Solutions and its predecessors as a result of negligence and violation of FTC Act 15, U.S.C. 41-58. 2. CardSystems Solutions claim to have a hired an auditor to assess compliance with PCI DSS and other best practices for ensuring the C-I-A of privacy data for credit card transaction processing. Assuming the auditor did indeed perform a PCI DSS security compliance assessment, what is your assessment of the auditor’s findings? • If compliant they would have implemented proper IP s firewalls or maintained their anti-virus program definitions. Also they were required to encrypt all stored sensitive privacy data for research. 3. Can CardSystems sue the auditor for not performing his or her tasks and deliverables with accuracy? Do you recommend that CardSystems Solutions pursue this avenue? • No because they were PCI DSS compliant in 2004 but was not certifiably compliant at the time of attack in June of 2005. 4. Who do you think is negligent in this case study and why? • CardSystems. Given their high profile, they were expected to be in compliance for properly storing and protecting all privacy data including gathered transactions and credit card information of their cliental in an encrypted manner. 5. Do the actions of the CardSystems warrant an “unfair trade practice” designation as stated by the Federal Trade Commission (FTC)? • Yes,......

Words: 649 - Pages: 3

Lab 3

...Name_______________________________ My Solar System Lab Worksheet 1. Go to: http://phet.colorado.edu/en/simulation/my-solar-system 2. Select RUN 3. Move the slider all the way to accurate, click on the tape measure and the grid. 4. Click the radio button for 4 objects and run the simulation until the purple planet (body 2) has made one complete orbit (one year). 5. After the first orbit (year), turn off the traces (show traces box) and watch another orbit (year) of the purple planet (body 2). Question One: Is blue moon (body 3) circling the yellow sun (body 1) or the purple planet (body 2)? Explain your answer. ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ 6. Increase the mass of the sun (body 1) to 400 and allow the simulation to run for one complete orbit of the purple planet (body 2). 7. Decrease the mass of the sun (body 1) to 175 and allow the simulation to run for one complete orbit of the purple planet (body 2). (~90 seconds) Question Two: How do the orbits of the planets change when the mass of the sun is increased or decreased? Why? Explain your......

Words: 578 - Pages: 3

Lab 5 Assessment Questions & Answers

...and vulnerabilities? Security awareness training is a formal process for educating employees about computer security. A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT).  Employees should receive information about who to contact if they discover a security threat and be taught that data as a valuable corporate asset. 2. Why do you need a security awareness & training policy if you have new hires attend or participate in the organization’s security awareness training program during new hire orientation? An employee security awareness program can alleviate the problem of employee security breaches by clarifying why security is important. 3. What is the relationship between an Acceptable Use Policy (AUP) and a Security Awareness & Training Policy? An acceptable use policy (AUP) is a document that outlines a set of rules to be followed by users or customers of a set of computing resources, which could be a computer network, website or large computer system. Security awareness training is a formal process for educating employees about corporate policies and procedures for working with information technology. 4. Why is it important to prevent users from engaging in downloading or installing applications and software found on the Internet? There are hundreds of malicious programs that can cause damage to computers and information on the computers. They can also slow......

Words: 717 - Pages: 3

Short Answer Question/Week 3

...Short answer Question/Week 3 Debra Thompson, R.N. Nur 478/week 3 September 1, 2015 Marjorie Jessen, DNP, FNP Short Answer Question As nursing has become an advanced, specialized and independent field, her role is changing. Every action made, by the nurse, she must maintain accountability and take responsibility for all decision made. Ensure that efficient and effective care is provided to protect the hospital and the patient within her care. Within this realm of her responsibility, she must also function under the law and her nursing code of ethics. To practice within the law, and the code of ethics, decisions are more difficult with the evolving medical technology and expanding autonomy scope of practice. As the role of nursing changes, there have also been an increasing number of implications in medical malpractice cases, concerning nurses, when in the past most of these cases are, referred to physicians. Some of the causes for the nurses’ implication is because they work long hours, the stressful work environment, and the decreased staffing. With all of these added stressors related to the profession, an indicator that have been a factor and prominent problems for some of the nurses’ malpractice suits is impairment on duty. With this dilemma, what would you do if you discovered a co-worker or very close friend that was impaired by drugs or alcohol? A moral turmoil presents, as what to do with the situation, once you suspected. What would be even......

Words: 472 - Pages: 2

Acct 567 Week 3 Test All Questions and Answers

...ACCT 567 WEEK 3 TEST ALL QUESTIONS AND ANSWERS TO purchase this tutorial visit following link: http://wiseamerican.us/product/acct-567-week-3-test-questions-answers/ Contact us at: SUPPORT@WISEAMERICAN.US ACCT 567 WEEK 3 TEST ALL QUESTIONS AND ANSWERS 1. Question : (TCO A) Which of the following items are considered Required Supplementary Information (RSI)? Management’s Discussion and Analysis Budgetary Comparison Schedule Schedule of Risk Management Activities All of the above 2. Question : (TCO B) In addition to the government-wide statements, governmental entities are required to prepare fund financial statements for which of the following category of funds? Governmental type funds Proprietary funds Fiduciary funds All of the above 3. Question : (TCO C) The County Commission of Hunter County adopted its General Fund budget for the year ending June 30, comprising of estimated revenues of $3,750,000 and appropriations of $3,150,000. Hunter County utilizes the budgetary accounts required by GASB standards. The budgeted excess of estimated revenues over appropriations will be recorded as : a credit to Surplus Revenues, $600,000. a debit to Estimated Excess Revenues, $600,000. a credit to Budgetary Fund Balance, $600,000. a memorandum entry only. 4. Question : (TCO D) Which of the following is a true statement regarding the use of a Special Revenue Fund? Special Revenue Funds may be used when a government wishes to segregate income for specific......

Words: 705 - Pages: 3