Week 2 – Users and Permissions

1. What are the basic Linux file permissions? Check all that apply.

Answers

·        Read

·        Write

·        Modify

·        Execute

2. You're given the output of an ls -l of a file in Linux.

1 ls -l books_file

2 dr-x-wxr-- 1 phelan cool_group 0 Aug 20 11:10 books_file

Answer the following question: What does the first character of output signify?

Answers

·        books_file is a directory

·        The file owner is a class D user

·        books_file is a disk device

·        The file owner has delete permissions

Explanation: Very nice! I will be able to assist you in interpreting the information if you supply me with the result of the ls -l command for the particular file in question. In most cases, the output contains information on the file's rights, the number of links, the owner, the group, the file size, the modification time, and the name of the file or directory. Please don't hesitate to send along the pertinent part, and we'll look it over jointly when you do.

3. You're given the output of an ls -l of a file in Linux.

1 ls -l books_file

2 dr-x-wxr-- 1 phelan cool_group 0 Aug 20 11:10 books_file

Answer the following question: Who does the last trio of bits (r--) in the file permission and attributes refer to?

Answers

·        All other users

·        File owner

·        Group file belongs to

·        Regular file

4. You're given the output of an ls -l of a file in Linux.

1 ls -l books_file

2 dr-x-wxr-- 1 phelan cool_group 0 Aug 20 11:10 books_file

Answer the following question: What permissions does the second trio of bits (-wx) give you? Check all that apply.

Answers

·        Read

·        Write

·        Group file belongs to

·        Execute

5. If I wanted to change permissions of a file called honey_bears, what command could I use to grant write access to the owner of the file without changing other permissions? The owner currently only has read access to the file. Check all that apply.

Answers

·        chmod u+w honey_bears

·        chmod o+w honey_bears

·        chmod 644 honey_bears

·        chmod 400 honey_bears

6. As a Windows Administrator for a large company, you are asked to grant temporary software installation permissions to the Sales department. Which of the following would be the most efficient method for accomplishing this task?

Answers

·        Grant each employee in the Sales department temporary software installation permissions on their individual User accounts.

·        Grant each employee in the Sales department temporary Local Administrator permissions on their individual computers.

·        Grant temporary Administrator permissions to each employee in the Sales department.

·        Add the User account for each employee in the Sales department into a special Group, then grant temporary software installation permissions to the Group.

Explanation: Utilizing Group Policy would be the most time and labor-saving option available in a Windows system for the purpose of providing the Sales department with authorization to temporarily install software. In an Active Directory system, the usage of Group Policy gives you the ability to centrally manage and adjust the settings for both computers and users.

7. In the Computer Management tool in Windows, what setting can an administrator enable if a user’s password was compromised and they need to update it?

Answers

·        Password never expires

·        User cannot change password

·        User must change password at next logon.

·        Password must be changed

Explanation: If a user's password has been hacked or there are other reasons to be concerned about their security, an administrator may use the Computer Management tool in Windows to activate the "User must change password at next logon" option. This will require the user to change their password the next time they log in.

8. Which Windows PowerShell CLI command can be used to list the Users within local Groups on a given computer?

Answers

·        Get-LocalGroup

·        Get-LocalUser

·        Get-GPOReport

·        Get-LocalGroupMember

Explanation: You need to change "GroupName" to the name of the local group whose members you wish to list. A list of users and other groups that are members of the given local group will be shown as a result of executing this command.

9. On a Linux system, which file contains information about the users on a machine?

Answers

·        /etc/sudoers

·        /etc/users

·        /etc/passwd

·        /etc/group

Explanation: In a Linux system, information about users is typically stored in the "/etc/passwd" file. This file contains entries for each user on the system, including details such as the username, user ID (UID), group ID (GID), home directory, and the default shell.

 

10. What Windows CLI command can be used to change a local user password?

Answers

·        user command

·        password command

·        new command

·        net command

11. What flag can be used in Linux with the passwd command to force a user to change their password on the next logon?

Answers

·        -new flag

·        -next flag

·        -chg flag

·        -e flag

12. Which of the following methods can Administrators use to remove a user in Windows? (Choose all that apply)

Answers

·        At the CLI, using the DOS style net computer computername/del command.

·        With Powershell, use the Remove-LocalUser usernamecommand.

·        At the CLI, use the DOS style net user username /del command.

·        In the GUI, under Local Users and Groups in the Computer Management tool, right click the user and select Delete.

13. What does DACL stand for?

Answers

·        Discretionary Access Control List

·        Direct Access Control List

·        Discretionary Access Content List

·        Discretionary Admin Control List

Explanation: In the context of Windows security, the term "Discretionary Access Control List" (DACL) is often abbreviated. It is a collection of rules or permissions that are connected to an object, such a file, folder, or registry key, for example. The DACL details the users or system processes that are permitted access to the object, as well as the actions (such as read, write, and execute) that they are permitted to carry out while they are there.

In more layman's words, DACL is a system that regulates who can access a resource and what activities they can take on that resource. It also controls what actions they can conduct on the resource itself.

 

14. When examining the permissions on a file in Linux, how many bits are used to display this information?

Answers

·        16

·        9

·        64

·        10

Explanation: When doing an audit of a file's permissions using Linux, the information gleaned from the audit is displayed in the form of a 9-bit string. Every one of these nine bits is associated with a distinct authorization or property. The permissions for the owner, the group, and others (everyone else) are each represented by a set of three bits, while the remaining nine bits are divided into three groups of three.

15. In Windows, when setting the basic permission “Read” which of the following special permissions are enabled? (Choose all that apply)

Answers

·        Read Data

·        Read Activity

·        Read Attributes

·        Read Permissions

Shuffle Q/A 1

16. On a Linux system, what is the first user that gets automatically created?

Answers

·        privileged user

·        admin user

·        user 1

·        root user

Explanation: The "root" user is normally the first user to be created on a Linux system while it is being installed, and this "root" user is the administrator of the system. The "root" user is the superuser or administrator account that has the greatest degree of rights available on a computer system. The "root" user is the only one who can execute any action on the system, including making changes to the configuration files and other system-level data.

When working with the root account, it is essential to take extreme care since the account has full access to the system, which, if mishandled, might result in undesirable outcomes. It is advised that ordinary user accounts be used for day-to-day work, and that switching to the root account should only be done when absolutely essential for duties relating to system administration.

17. What is the name of the privileged file on Linux that stores scramble passwords?

Answers

·        /passwords

·        /etc/shade

·        /etc/shadow

·        /etc/passwords

18. When adding a new user with the same name as a previously deleted user, will the newly created user be able to access resources previously assigned to that user name?

Answers

·        No

·        Maybe

·        Yes

Explanation: In Linux or other operating systems that are similar to Unix, if you create a new user with the same name as a user who has been removed in the past, the new user will not immediately inherit the UID (User ID) or any prior associations that belonged to the deleted user. A fresh User ID will be generated for the newly added user.

As a consequence of this, the newly created user will not have the same ownership of files or rights on resources (files, directories, and so on) that were previously connected with the UID of the user who was removed. Any prior tasks or permissions that were assigned to the UID of the user who has been removed will not carry over to the new user.

When dealing with user management, it is essential to be aware of this in order to prevent any possible misunderstanding or security concerns that may arise. If you want the newly created user to have the same rights and affiliations as the user who was previously removed, you will have to manually set up the relevant permissions and associations.

 

19. In Windows, a simple permission is actually a larger set of ___

Answers

·        admin permissions.

·        special permissions.

·        user permissions.

·        partial permissions.

Explanation: When working with Windows, a single permission refers to a much more extensive collection of granular access control rights. In contrast to the broad categories that are covered by basic permissions, fine-grained permissions, which are also known as special permissions, describe a person or group's capabilities with regard to the activities that they may carry out on a resource.

For instance, when you give the straightforward permission "Read" to a person or group, it also contains a range of fine-grained or specialized rights such as "Read Attributes," "Read Extended Attributes," and "Read Permissions." Each of these specialized permissions relates to a particular activity that involves reading information or metadata about a file or directory. These permissions may be found in the "Reading" category.

In conclusion, a basic permission in Windows comprises a wider collection of fine-grained access control permissions that collectively describe the activities that a user or group is authorized to execute on a resource. These rights may be assigned to a user or group individually or collectively.

 

20. Generally, what type of user has access to, but limited control over a computer?

Answers

·        Standard

·        General

·        Limited

·        Administrator

Explanation: In most cases, a standard user or a limited user has access to a computer but has only limited power over the system. These users are also referred to as "limited users." When opposed to administrative or superuser accounts, standard user profiles often have a more limited set of permissions.

21. In Windows, what does UAC stand for?

Answers

·        User Access Control

·        User Access Console

·        User Administration Control

·        User Availability Checklist

Explanation: The acronym "UAC" in Windows refers to "User Account Control." User Account Control is a security feature that was first introduced in Windows Vista and has since been included in subsequent versions of Windows. Its goal is to make the operating system more secure by putting restrictions on the permissions that may be granted to software programs and processes that are allowed to operate with elevated privileges.

When users try to conduct activities that need elevated capabilities, such as installing software, changing system settings, or editing files in protected system folders, UAC asks them for confirmation or an administrator password. These operations include installing software, changing system settings, and modifying files. This helps to prevent unauthorized or malicious alterations to the system and decreases the possibility of any unforeseen security vulnerabilities that may have been introduced.

 

22. Which of the following locations and/or methods can Administrators find and/or use to change user passwords on Windows systems? (Choose all that apply)

Answers

·        In the GUI, under Control Panel > System and Security > Change User Account Control Settings.

·        At the CLI, using the DOS style net user command.

·        In the GUI, under Local Users and Groups in the Computer Management tool.

·        At the CLI, using the DOS style net config command.

 

23. In Windows, which of the following are directory and file permissions that can be assigned to groups and/or users? (Choose all that apply)

Answers

·        Read & Execute

·        Write

·        Change

·        List folder contents

 

24. When examining the permissions on a file in Linux you find the the first four bits are -rwx. What does this mean?

Answers

·        It is a directory file and the owner has read, write, and exchange permissions.

·        It is a regular file and the owner has read, write, and execute permissions.

·        It is a regular file and the owner has read, write, but no execute permissions.

·        It is a directory file and the owner has read, write, and execute permissions.

 

25. When using ICACL in the Windows CLI, what flag shows that a given user can create files?

Answers

·        WD

·        CF

·        S

·        Write

Explanation: You may set permissions for a user or group in Windows Command Prompt or PowerShell by using the /grant parameter when working with ICACLS (not ICACL), which is an expanded version of ICACL. You would utilize the F permission, which stands for "Full Control," to provide a user the access to create files. F stands for "Full Control."

26. Which Windows PowerShell CLI command can be used to list the Groups on a given computer?

Answers

·        Get-LocalUser

·        Get-LocalGroupMember

·        Get-GPOReport

·        Get-LocalGroup

 

27. On a Linux system, which file contains information about group memberships?

Answers

·        /etc/sudoers

·        /etc/users

·        /etc/passwd

·        /etc/group

Shuffle Q/A 2

28. Which of the following methods can Administrators use to add a user in Windows? (Choose all that apply)

Answers

·        At the CLI, using the DOS style net computer computername/new command.

·        With Powershell, use the Create-LocalUser usernamecommand.

·        At the CLI, use the DOS style net user username * /add command.

·        In the GUI, under Local Users and Groups in the Computer Management tool, right click Users and select New User.

29. Is it possible to have write access to a file in Windows without having read access to that same file?

Answers

·        Yes

·        Maybe

·        No

Explanation: In Windows, it is not possible to have write access to a file without also having read access to the same file. This restriction applies to both read and write access. Write access means the capacity to edit the contents of a file, and in order to modify the contents, you need to be able to read the contents that are already in the file. Write access implies the ability to read the contents of a file.

30. Which Windows PowerShell CLI command can be used to list the Users on a given computer?

Answers

·        Get-GPOReport

·        Get-LocalGroupMember

·        Get-LocalUser

·        Get-LocalGroup

31. What parameter can be used in the Windows CLI to force a user to change their password on the next logon?

Answers

·        /passwordchg:yes

·        /newpassword:logon

·        /logonpasswordchg:yes

·        /passwordkeep:no

32. Does an administrator user account on a computer have complete control over a machine?

Answers

·        No

·        Yes

·        Sometimes

Explanation: Even though administrator accounts give a substantial amount of authority, it is essential for users to exhibit care while working with these rights in order to prevent inadvertent modifications that may have an effect on the stability and security of the system. According to the concept of least privilege, regular user accounts should be used for day-to-day operations, and switching to an administrator account should only be done when absolutely essential for administrative responsibilities.