Module 6
What is the default value for the Maximum password age setting in the Password Policy? 32 days 10 days 0 days 60 days 42 days 30 days 40 days
42 days
Humphry downloaded some free games from an untrusted Internet site and installed them on his Windows 10 system. A couple of days after the installation, his computer's performance degraded drastically. Assuming that the games had slowed it down, he uninstalled the them and used software to get rid of residual files. Despite this, his computer's performance did not improve. Inspecting the Resource Monitor revealed that the Memory and CPU were running close to 100% capacity. He suspects that the computer is infected with malware. Which of the following scans would you recommend to Humphry? Real-time scanninig A quick scan A full scan A custom scan
A full scan
Which policy allows you to configure an account to be temporarily disabled after a number of incorrect sign-in attempts? System Lockout Account Lockout Password Credential
Account Lockout
Which of the following can be used to restrict which programs are allowed or disallowed in the system? AppLocker A network policy System Lockdown Local policies Software restriction policies
AppLocker
Applications that are not designed for Windows 10 generate and error when they require administrative privileges and do not properly request elevated privileges. Which of the following can be used to eliminate this error when the application is launched? Private Toolkit System Compatibility Toolkit Application Privileges Toolkit Application Compatibility Toolkit Private Toolkit
Application Compatibility Toolkit
Which of the following encryption algorithms uses a one key to encrypt data and a different key to decrypt data? Dual Hashing Asymmetric Signing Symmetric Path
Asymmetric
Which of the following is the best method for protecting data on removable storage, such as USB drives? EFS Local Security Policy Bit Locker Bit Locker To Go NTFS Account Lockout Policy
Bit Locker to Go
Jon has the Windows 10 Home edition installed on his personal laptop. As an avid gamer, John prefers having his computer update with the latest feature updates from Microsoft. He usually plays games at specific times, and he wants to prevent his computer from restarting to install an update during these time slots. Which of the following Windows Update settings should John modify? View update history Pause updates for 7 days Download updates over metered connections Change active hours
Change active hours
The process of taking data and altering it so it is unreadable is known as which of the following? Signing Decryption Decryption Data Algorithm Enhancing Encryption
Encryption
Maria is configuring security settings on her computer. Recently, her friend's computer was attacked by malware that encrypted data on all the hard disks and demanded a cryptocurrency ransom to decrypt this data. Which of the following options in Windows 10 is the best option to help Maria avoid a similar situation? Windows Defender Application Guard Secure boot Windows Defender Smartscreen Controlled folder access
Controlled folder access
A system administrator, configures Windows Update for Business in her organization to control updates for Windows 10 systems. The settings are configured such that a test system first receives any new Windows update and other Windows systems receive the update after two weeks. Being a small organization, the system administrator wants to reduce bandwidth consumption during the organization-wide update.Which of the following options should the system administrator use in this scenario? Delivery optimization Pause updates Update notification Change active hours
Delivery optimization
A database admin spends time analyzing datasets that are larger than 1 TB in size. This data is stored in databases on her Windows 10 system. While running an analysis on these databases, she does not want her code to be slowed down because of real-time scanning by Windows Defender. Which of the following Windows Defender settings should the database admin modify to solve this problem? Exclusions Cloud-based protection Notifications Tamper protection
Exclusions
Hashing is a security process records the occurrence of specific operating system events in the Security log. True False
False
Which type of permissions is considered the most basic level of data security in Windows 10? NTFS FAT EFS BIOS NAP UEFI
NTFS
The Local Security Policy is part of a larger Windows management system known as which of the following? Domain Policy Internal Policy External Policy Group Policy Network Policy Local Policy
Group Policy
Which of the following contain the Account Policy settings? (Choose all that apply.) EFS Security Policy Remote Policy Internal Policy Local Security Policy Group Policy External Policy System Policy NAP
Group Policy Local Security Policy
Which of the following encryption algorithms is one-way encryption, which means that it encrypts data, but the data cannot be decrypted? Symmetric Asymmetric Signing Dual Hashing
Hashing
A user recently lost an encryption certificate that rendered some of his EFS-encrypted files unrecoverable. To prevent a similar situation from arising in the future, he wants to create a recovery certificate for recently encrypted files. He creates the recovery certificate. What should the user do next? Run cipher with the /r:filename option, where filename is the name of the recovery certificate Run cipher with the /u option to update the existing encrypted files Use the public key of the recovery certificate to encrypt the symmetric key Import the recovery certificate into the local security policy as a data recovery agent
Import the recovery certificate into the local security policy as a data recovery agent
Which of the following is NOT true of BitLocker Drive Encryption? (Choose all that apply.) It uses asymmetric encryption to secure data. It uses symmetric encryption to secure data. EFS and BitLocker Drive Encryption use the same method to secure the encryption key. When you use BitLocker Drive Encryption, an entire volume is encrypted. To use BitLocker Drive Encryption, a hard drive cannot be divided into partitions.
It uses asymmetric encryption to secure data. EFS and BitLocker Drive Encryption use the same method to secure the encryption key. To use BitLocker Drive Encryption, a hard drive cannot be divided into partitions.
A manager signs into a Windows 10 system with administrative user privileges. The system has UAC enabled. Shawn accidently launches a malicious application that is infected with malware.If the malware is able to access and corrupt the system files, which of the following must be true? The application launched with standard user privileges, the same as the Windows 10 interface. The manager entered the credentials of a user with administrative privileges after opening the application. The Application Information Service has stopped or is set to start manually. On a prompt to continue or cancel running the program, the manager selected to continue.
On a prompt to continue or cancel running the program, the manager selected to continue.
Which policy controls password characteristics for local user accounts? Account Lockout Password System Lockout Credential
Password
Which software rule condition identifies software by the file location? Path Drive Publisher File Hash Certificate
Path
Which advanced audit policy setting tracks when tasks are performed that require a user-rights assignment, such as changing the system time? Account Management Object Access Privilege Use Detailed Tracking
Privilege Use
A user has an application installed on her UAC-enabled Windows 10 system that was designed for an older version of Windows. Some of the application's features require administrative privileges. When she tries running the application, the application fails to run and generates an error instead.If the user's account already has administrative privileges, what can she do to resolve this issue? She should add an entry in the application manifest to trigger the privilege elevation prompt. She should sign in with a user account that has standard user privileges. She should sign in with another user account that has administrative privileges. She should use the Application Compatibility Toolkit to resolve the issue.
She should use the Application Compatibility Toolkit to resolve the issue.
Which of the following encryption algorithms uses the same key to encrypt data and decrypt data? Symmetric Dual Asymmetric Signing Path Hashing
Symmetric
A company engineer is trying to open an encrypted file on her Windows 10 system. The file was encrypted using EFS, and she opened this as recently as last week. Which of the following is most likely the reason that the engineer is unable to open the file? The file was moved from its original folder to a different folder. The engineer created a duplicate copy of the fileon another partition. The engineer failed to back up the EFS certificate on a smart card. The engineer reset the password of his Windows user account
The engineer reset the password of his Windows user account
Adam is considering switching to BitLocker Drive Encryption because of the inefficiencies of EFS. When he tries to use this encryption feature on Windows 10 Professional, he is unsuccessful. Which of the following is the most likely reason? The motherboard in the computer does not contain a TPM module. BitLocker Drive Encryption is unavailable on Windows 10 Professional. Vishal encrypted some files and folders using EFS. The hard drive does not contain a system volume.
The hard drive does not contain a system volume.
North Star is a manufacturer of frozen treats. The packaging at the plant is automated by machines that are controlled by a Windows 10 computer.Which of the following indicates that this computer receives updates using Long Term Servicing Branch? The updates applied to the operating system come with version numbers such as 1909. The computer receives Windows Updates at irregular intervals. The computer receives the latest feature updates from Microsoft every six months. The operating system on the computer will receive Windows Updates for 10 years.
The operating system on the computer will receive Windows Updates for 10 years.
Vicki wants to use Windows Update for Business in her organization to control updates for Windows 10 systems within her organization. The company has one hundred Windows 10 Pro desktops computers, seventeen Windows 10 Enterprise laptops, and five Windows 10 Home laptops. Vicki is able to use Group Policy to apply these settings to most computers but not all. Which of the following is the most likely reason that Vicki is not able to apply the Windows Update for Business settings to all computers? These computers are part of a domain rather than a workgroup. These computers are designated test computers for new updates. These computers are running preview builds of Windows 10 These computers are running the Windows 10 Home edition.
These computers are running the Windows 10 Home edition.
A network admin is configuring advanced audit policies for Windows 10 clients. She decides to configure the Privilege Use category. Which of the following justifies the network admin's decision to configure the settings under this category? To track when system events occur, such as restarting the system. To disable auditing for success and failure events for log off and account lockout. To change the categories of privilege use that are audited by default. To track instances where users change the system time on their computer.
To track instances where users change the system time on their computer.
A trusted platform module is part of the motherboard in your computer and is used to store encryption keys and certificates/ True False
True
BitLocker To Go can be configured to automatically unlock a protected drive when it is connected to a specific computer when a particular user is signed in. This simplifies access to the drive when used in a trusted environment, but still prompts for a password when the protected drive is used in another location. True False
True
Newer Windows applications use a Manifest to describe the structure of the application. True False
True
A system administrator uses BitLocker Drive Encryption to encrypt all Windows 10 computers in the organization. Because the computers contain sensitive information, users must enter a PIN to start the system. While this is a useful security feature when the computers are disconnected from the organization's network, this becomes a hindrance in performing remote maintenance because the administrator cannot start these computers without entering the PIN.Which of the following tools can the administrator use to overcome this issue? BitLocker Network Unlock Windows Defender Smartscreen Trusted Platform Module (TPM) BitLocker To Go
Trusted Platform Module (TPM)
A network admin creates a rule with the Deny permission for photo.exe in the Executable Rules collection for a group with all users. Which of the following is true in this scenario? This rule can also be applied to multiple users or groups. Users who have the Allow permission for photo.exe will be able to run the executable. This rule is not enabled by default due to negative performance impact. Users will not be able to run other applications that do not have an Allow rule.
Users will not be able to run other applications that do not have an Allow rule.
A system administrator, needs to uninstall a Windows update that was recently installed on around 200 Windows 10 computers in the organization due to incompatibility issues.Which of the following options will best carry out this task? Using the Get-HotFix cmdlet on command prompt Using the graphical interface Using Windows Server Update Services Using a batch script with wusa.exe
Using a batch script with wusa.exe
A system administrator, is setting up the password policy for local user accounts. She allows users to reuse a password after they have used 4 different passwords. She also modifies the policy to force users to change their old passwords every 60 days. After some time, she notices that users are modifying their passwords 4 times in a short time span and continuing to use their old passwords. This defeats the purpose of setting up the password restrictions. Which of the following settings should the system administrator modify to control this behavior? set the Minimum password length to 10 characters the Maximum password age setting to 60 da modify the setting to enforce password history set the Minimum password age setting to 55 days
set the Minimum password age setting to 55 days