IS3340 Unit 1 Lab 1 Questions

1) Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve CIA for departmental LANs, departmental folders, and data.
a. By having domains and access rights and permissions, an administrator can achieve confidentiality, integrity, and accountability by controlling what files and resources a user can access.
2) Is it good practice to include the account or user name in the password? Why or why not?
a. No it is not good practice because it makes it easier to guess from an attacker’s standpoint.
3) In order to enhance the strength of user passwords, what are some of the best practices to implement for user password definitions in order to maximize confidentiality?
a. To maximize confidentiality and to make passwords harder to crack, passwords should be of a minimum length (8 characters or more), complex (upper/lower case, numbers, and special characters), have a minimum password age (change periodically), and password history must be enforced (cannot use the last 10 passwords).
4) Can a user defined in Active Directory access a shared drive if that user is not part of the domain?
a. No a user needs to be part of the domain in order to access shared drives.

5) Does Windows Server 2008 R2 require a user’s login/password credentials prior to accessing shared drives?
a. Yes a username and password are required.
6) When looking at the Active Directory structure for Users and Computers, which group has the least amount of implied privileges?
a. The guest account have the least amount of implied privileges.
7) When granting access to LAN systems for GUESTS (i.e. auditors, consultants, third-party individuals, etc.), what security controls do you recommend be implemented in order to maximize CIA of production systems and data?
a. It is best practice to allow the least privilege that still allows what the guests need to do for their job. For example, an auditor should only be allowed to view files and folders but not write, delete, or modify them.
8) When granting access for the Show Floor group to the SFFiles within the SFFiles folder, what must be configured in the Active Directory?
a. The permissions need to be configured so that the Show Floor group can read, write, modify, and/or delete files in the SFFiles folder.
9) When granting access for Human Resources group to access the HRfiles within the HRfiles folder, what must be configured within Active Directory?
a. The permissions need to be configured so that the HR Group can read, write, modify, and/or delete files in the HRFiles folder.

10) Explain how CIA can be achieved down to the folder and data file access level for departments and its user’s using Active Directory and Windows Server 2008 R2 access control configurations. Configuring unique access controls for different user types is an example of what kind of access controls?
a. CIA can be achieved down to the folder and data file access level for departments and users by controlling what files each group can access and what it can do to it (read, write, modify, delete).