Chapter 91 · Quiz

Operating System Security — Quiz

Six multiple-choice questions and four matching questions. Submit for instant scoring and explanations.

Question 1 of 6
A help desk technician needs to reset a user’s expired password, unlock their account after too many failed login attempts, and add them to the Finance security group. All three actions are performed from a single Windows console. Which technology is being used?
Question 2 of 6
A security administrator needs to enforce the following on all 800 domain-joined Windows workstations simultaneously: passwords must be at least 14 characters, screens must lock after 5 minutes of inactivity, and USB mass storage must be disabled. What is the MOST efficient way to implement all three requirements?
Question 3 of 6
Traditional Linux uses Discretionary Access Control (DAC). A web server process running under a dedicated service account is compromised through a remote code execution vulnerability. Under DAC, what access does the attacker now have?
Question 4 of 6
A web server process on a Linux system is fully compromised through an application vulnerability. The attacker attempts to read /etc/shadow and open an outbound connection to an external IP on port 4444. Both attempts are silently blocked by the operating system. The server’s Linux DAC file permissions would have allowed both actions. Which security feature is responsible?
Question 5 of 6
A security architect is designing a high-security Linux environment for a government agency. The requirement states that all access control decisions must be enforced by a central administrator and that no user — including file owners — should be able to grant permissions beyond what the security policy allows. Which access control model and technology satisfy this requirement?
Question 6 of 6
An organization uses Active Directory and Group Policy together. Which statement BEST describes the correct role of each technology?

Matching

Match each description to the correct operating system security technology or concept.

1. A centralized Windows directory service that stores user accounts, computer objects, security groups, and network resources; provides unified authentication and access control across the domain; used by the help desk for password resets, account creation, and group membership changes
2. A Windows feature managed from a central console that deploys hundreds of security and configuration settings — password policies, screen lock timeouts, USB restrictions, login scripts — to all domain-joined computers and users automatically
3. Open-source Linux kernel security patches that add mandatory access control, confining each process to only the resources its security policy permits and limiting the impact of compromised applications; included in RHEL, CentOS, and Fedora by default
4. The default Linux access model in which resource owners control who can access their files; flexible but can allow compromised users or processes to expose any resource the owner has permission to access
A. Active Directory
B. Group Policy
C. SELinux
D. Discretionary Access Control (DAC)