Active Directory | Exam Premium

CompTIA Security+ Question I-99

A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles?

A. Leverage role-based access controls.
B. Perform user group clean-up.
C. Verify smart card access controls.
D. Verify SHA-256 for password hashes.

Answer: B

Explanation:
Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user, group and computer objects accumulating over time and placing security and compliance objectives in jeopardy. You would therefore need to regularly clean-up these settings.

CompTIA Security+ Question I-38

A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts?

A. Implement Group Policy to add the account to the users group on the hosts
B. Add the account to the Domain Administrator group
C. Add the account to the Users group on the hosts
D. Implement Group Policy to add the account to the Power Users group on the hosts.

Answer: A

Explanation:
Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). This means that if the GPO is linked to the domain, all Users groups in the domain will include the service account.

CompTIA Security+ Question G-99

An active directory setting restricts querying to only secure connections. Which of the following ports should be selected to establish a successful connection?

A. 389
B. 440
C. 636
D. 3286

Answer: C

Explanation:
Port 636 is used for secure LDAP (LDAPS).

Incorrect Options:

A: Port 389 is used for LDAP.

B: Port 440 is not used for secure Active Directory connections.

D: Port 3286 is not used for secure Active Directory connections.

Reference:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 147

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

CompTIA Security+ Question E-31

Jane, a security administrator, has been tasked with explaining authentication services to the company’s management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company’s environment?

A. Kerberos
B. Least privilege
C. TACACS+
D. LDAP

Answer: A

Explanation:
Kerberos was accepted by Microsoft as the chosen authentication protocol for Windows 2000 and Active Directory domains that followed.

CompTIA A+ Core 2 Question F-90

Which of the following options is MOST likely active on a network of three workstations, running Windows 7 Home Edition x64, to enable File and Print sharing?

A. HomeGroup
B. Active Directory
C. WorkGroup
D. Domain Setup

Correct Answer: A

Explanation:
http://windows.microsoft.com/en-us/windows7/help/home-sweet-homegroup-networking-the-easy-way