Which of the following is the process of converting data into a format that Cannot be read by another user?

d) auditing

Explanation: In the world of information security, AAA (authentication, authorization, and accounting) is a leading model for access control. Here, authentication is the process of identifying an individual. After a user is authenticated, she can access network resources based on her authorization.

d) auditing

Explanation: Authentication is the process of identifying an individual, usually based on a username and password. After a user is authenticated, he can access network resources based on his authorization.

d) auditing

Explanation: Authorization is the process of giving individuals access to system objects based on their identities. Of course, before authorization is to occur, authentication must occur.

d) authoring

Explanation: Accounting, also known as auditing, is the process of keeping track of a user’s activity while accessing network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during each session.

d) nonrepudiation

Explanation: Nonrepudiation prevents one party from denying the actions it has carried out. If you have established proper authentication, authorization, and accounting, appropriate mechanisms of nonrepudiation should be in place, and no user should be able to deny the actions she has carried out while in your organization’s system.

d) PIN

Explanation: A personal identification number (PIN) is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Because they consist of only digits and are relatively short (usually four digits), PINs are used for relatively low-security scenarios, such as gaining access to a system, or in combination with another method of authentication.

d) PAN

Explanation: A digital certificate is an electronic document that contains an identity, such as a user or organization name, along with a corresponding public key. Because a digital certificate is used to prove a person’s identity, it can also be used for authentication.

d) biometric

Explanation: A smart card is a pocket-sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic. Nonvolatile memory is memory that does not forget its content when power is discontinued. This kind of memory may contain digital certificates to prove the identity of the person who is carrying the card, and it may also contain permissions and access information.

d) RADIUS

Explanation: Biometrics is an authentication method that identifies and recognizes people based on physical traits, such as fingerprints, facial recognition, iris recognition, retinal scans, and voice recognition. Many mobile computers include a finger scanner. Installing biometric devices on doors and cabinets is relatively easy to ensure that only authorized people enter secure areas.

d) MS-CHAPv2

Explanation: Kerberos is the default computer network authentication protocol that allows hosts to securely prove their identity over a nonsecure network. It can also provide mutual authentication so that both the user and server verify each other’s identity. To ensure security, Kerberos protocol messages are protected against eavesdropping and replay attacks.

d) Kerberos

Explanation: A directory service stores, organizes, and provides access to information in a directory. It is used for locating, managing, and administering common items and network resources, such as volumes, folders, files, printers, users, groups, devices, telephone numbers, and other objects. One popular directory service used by many organizations is Microsoft’s Active Directory.

d) NTLAN server

Explanation: A domain controller is a Windows server that stores a replica of the account and security information of a domain and defines the domain boundaries. To make a computer running Windows Server 2008 a domain controller, you first have to install Active Directory Domain Services. You will then have to execute the dcpromo (short for dc promotion) command to make the server a domain controller from the Search Programs and Files dialog box or from the command prompt.

d) organizational units

Explanation: A group is a collection or list of user accounts or computer accounts. Different from a container, a group does not store users or computers; rather, it just lists them. Using groups can simplify administration, especially when assigning rights and permissions.

d) SQL database

Explanation: A user account allows users to log on and gain access to the computer where the account was created. The local user account is stored in the Security Account Manager (SAM) database on the local computer. The only Windows computer that does not have a SAM database is the domain controller.

d) SAM

Explanation: Windows Active Directory employs two types of groups: security and distribution. A security group is used to assign rights and permissions and to gain access to network resources. It can also be used as a distribution group. A distribution group is used only for nonsecurity functions, such as distributing email, and it cannot be used to assign rights and permissions.

d) key

Explanation: A right authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up a system’s files and directories. User rights are assigned through local policies or Active Directory group policies.

d) key

Explanation: A permission defines the type of access granted to an object (an object can be identified with a security identifier) or object attribute. The most common objects assigned permissions are printers, NTFS files and folders, and Active Directory objects.

d) ACL

Explanation: Information about which users can access an object and what they can do is stored in the access control list (ACL), which lists all users and groups that have access to an object.

d) overriding

Explanation: NTFS uses two types of permissions. Explicit permissions are granted directly to a file or folder, whereas inherited permissions are granted to a parent object and flow down to child objects.

d) registering

Explanation: Encryption is the process of converting data into a format that cannot be read by another user. After a file is encrypted, it automatically remains encrypted when stored on disk. Decryption is the process of converting data from encrypted format back to its original format.

d) SPAP

Explanation: Password Authentication Protocol (PAP) uses plain text (unencrypted passwords). PAP is the least secure form of authentication and is not recommended.

d) access log

Explanation: Auditing is not enabled by default in Windows. To enable auditing, you must specify what types of system events to audit by using group policies or the local security policy (Security Settings\Local Policies\Audit Policy).

Explanation: Members of the Domain Admins group can perform administrative tasks on any computer within the domain. By default, the Administrator account is a member.

Explanation: Single sign-on (SSO) allows you to log on once and access multiple related but independent software systems without having to log on again. As you log on with Windows via Active Directory, you are assigned a token, which can then be used to log on to other systems automatically.

Explanation: When two or more authentication methods are used to authenticate someone, a multifactor authentication system is said to be in place. Of course, a system that uses two authentication methods (such as smart cards and passwords) can be referred to as a two-factor authentication system.

Explanation: If you need to audit non-Microsoft products, you may need to use Syslog, standard for logging program messages that can be accessed by devices that would not otherwise would not have a method for communication. Cisco firewalls and routers, computers running Linux and UNIX, and many printers can use Syslog. It can be employed for computer system management and security auditing, as well as for generalized information, analysis, and debugging messages.

Explanation: For both individual computers and entire networks, the most common method of authentication is the password. A password is a secret series of characters that enables a user to access a particular file, computer, or program.

Explanation: Because administrators have full access to individual computers or entire networks, it is recommended that you use a standard non-administrator user account to perform most tasks. Then, when you need to perform administrative tasks, you can use the Run as command or the options built into the Windows operating system.