Chapter 16 Review

When working with a workgroup, private data for an individual user is best kept in the C:\__________ folder for that user.

users

Active Directory _______________________ (AD DS) authenticates accounts and authorizes what these accounts can do. (two word answer)

Domain Services

Administrative shares are hidden by default. True or False?

True

If a Windows computer belongs to a domain, all security is managed by the network administrator for the entire network. True or False?

True

Windows Firewall is automatically configured when you set up your security level for a new network connection. True or False?

True

________[a]________ are assigned to an account, and ________[b]_________ are assigned to data files and folders.

a - privileges b - permissions

This encrypts data on a USB flash drive and restricts access by requiring a password: a. BitLocker To Go b. VPN using IPSec c. BitLocker d. Encrypting File System

a. BitLocker To Go

The principle of _________________________ is an approach to permissions in which a user is given only the permissions required to perform her job and no more. (two word answer)

least privilege

A hidden share is a folder whose folder share name ends with a _____ symbol.

$ If you want to share a folder but don't want others to see the shared folder in File Explorer or Windows Explorer, add a $ to the end of the share name in the Advanced Sharing box

Windows 10 Version _________ and higher does not support homegroups.

1803

You need to secure your Windows 7 computer in a way that prevents access to the entire HDD even if the drive is moved to another system. Which solution will you implement? a. BitLocker b. BitLocker To Go c. VPN using IPSec d. Encrypting File System

a. BitLocker BitLocker is a Microsoft security solution that encrypts the content of entire drives. BitLocker will protect the content of an HDD even if it is moved to another system.

Which of the following user accounts are created automatically and disabled by default when Windows is installed? a. Guest b. System c. Limited d. Standard

a. Guest

For Windows 8/7, when all users on a network require the same access to all resources, what simple type of network model should you use? a. Homegroup b. Authenticated c. Guestgroup d. Domain

a. Homegroup

When utilizing both share and NTFS permissions, what statement is inaccurate? a. If both permissions are used, the lease restrictive permission between the 2 applies. b. Inherited permissions pass from parent folder to child file or folder. c. If NTFS permissions conflict between a user and group the least restrictive permission applies. d. When you copy a file, the file takes on the permissions of the destination folder.

a. If both permissions are used, the least restrictive permission between the two applies.

What type of permission should you set to control access to files and folders by local and network users? a. NTFS on NTFS volumes only b. Sharing on FAT32 volumes only c. Sharing on NTFS and exFAT volumes d. NTFS on exFAT or NTFS volumes

a. NTFS on NTFS volumes only

Scenario: A company asked you help mitigate the brute force attacks carried out against its users' Windows account passwords. You successfully removed the malware responsible for the attacks You need to better secure the passwords assigned to the user accounts without limiting the system's usability. Which of the following should be included in securing the user accounts? (Select THREE.) a. Set failed logon restrictions. b. Add each user to the Guests group. c. Require user account passwords. d. Disable password complexity requirements. e. Change each account type to Administrator. f. Require strong passwords.

a. Set failed logon restrictions. c. Require user account passwords. f. Require strong passwords.

Scenario: A Windows 10 Home user is attempting to encrypt the contents of a folder on a volume formatted with NTFS. The user contacted you to ask why the option to encrypt the folder is disabled. What is the most likely reason the encryption option is disabled? a. Windows Home editions do not support EFS b. The user account is not a member of the Administrators group. c. A volume formatted with NTFS does not support EFS. d. The NTFS file system is corrupt.

a. Windows Home editions do not support EFS. The user will need to upgrade to the Pro or Enterprise edition of Windows 10 to have support for EFS.

What statement about user accounts and groups is NOT true? a. a user account can belong to only one group at a time b. Everyone group includes the Authenticated Users c. By default, standard users accounts belong to the Users group d. Guest group has limited rights on the system

a. a user account can belong to only one group at a time.

Match each item with a statement below. a. gpedit.msc b. Power User c. NTFS permissions d. gpupdate e. secpol.msc f. share permissions g. efs h. administrative shares i. Remote Desktop Connection j. Wake on LAN k. Backup Operators l. gpresult m. inherited permissions

a. gpedit.msc - a subset of policies in Group Policy that applies only to the local computer or local user b. Power User - a group that exists on Windows 8/7/Vista for backwards compatibility purposes with Windows XP c. NTFS permissions - a method to control access to a folder or file and can apply to local users and network users d. gpupdate - refreshes local group policies as well as group policies set in Active Directory e. secpol.msc - a subset of policies in Local Group Policy that applies only to a local computer's Windows security settings. f. share permissions - a method to control access to a shared folder and can be assigned to NTFS or FAT volumes g. efs - NONE LISTED h. administrative shares - the folders that are shared by default on a network domain that administrator accounts can access i. Remote Desktop Connection - gives a user access to a Windows desktop from anywhere on the Internet j. Wake on LAN - configuring a computer so that it will respond to network activity when the computer is in a sleep state k. Backup Operators - NONE LISTED l. gpresult - NONE LISTED m. inherited permissions - permissions assigned by Windows that are attained from a parent object

What is a valid reason for wanting to configure a proxy server via browser (Such as IE)? a. to surf anonymously b. to improve website performance c. to connect to secured websites on a corporate network VPN d. to increase the security of the connection

a. to connect to secured websites on a corporate network VPN

Which of the following are true about NTFS permissions? (Choose all that apply.) a. when a subfolder is created, it is assigned the permissions of its parent folder. b. if NTFS permissions conflict locally, the more liberal permission applies. c. it is not possible to change the owner of a file. d. inherited permissions override explicit permissions.

a. when a subfolder is created, it is assigned the permissions of its parent folder. b. if NTFS permissions conflict locally, the more liberal permission applies.

Scenario: An administrator is assigning Windows user accounts to user groups based on the user's role and notices the built-in Power Users group. What is the purpose of the Power Users group in Windows 7 and later? a. Allows members to take ownership of files and folders. b. Backward compatibility for legacy operating systems and applications. c. Members have limited privileges and are given a temporary profile. d. Provides a method for assigning rights to guests who require Administrator access.

b. Backward compatibility for legacy operating systems and applications. The Power Users group on Windows 7 and later should be used only for compatibility with older applications.

Scenario: A technician is using the Security tab in the Properties dialog box in an attempt to remove the inherited status from a file's permissions but cannot locate where to make the change. Which of the following steps should the technician take to make this change? a. Click the Previous Versions tab, highlight the file, and click Restore. b. Click the Advanced button to open Advanced Security Settings for the file. c. Click the Administrator user name and click the edit button. d. Click the sharing tab and click Advanced Sharing.

b. Click the Advanced button to open Advanced Security Settings for the file. Advanced Security Settings can be used to disable inheritance for the file.

Windows 10 features what new web browser (be default), which is designed to replace Internet Explorer? a. Microsoft Cortana b. Microsoft Edge c. Firefox d. Chrome

b. Microsoft Edge

Scenario: The users in the sales department need a central location on the network to share data files. All the client computers in the organization are running Windows 10 and have network and Internet connectivity. The file server that hosts the network drive for the sales department is running Windows Server 2016. Which of the following is the first step in implementing this data share? a. Map a network drive to the shared folder or volume on the file server on the sales computers. b. Share the folder or volume on the file server that will store the shared data files. c. Create a system restore point on the server and all sales computers. d. Run a system image backup of the file server, including all data folders.

b. Share the folder or volume on the file server that will store the shared data files. The first step will be to create the folder or volume on the server that will store the data and then create a network share pointing to that folder.

Scenario: You are having difficulty changing permissions for a folder on an NTFS volume that was created by another user. How can you best solve this issue without losing data in the folder? a. Enable permission inheritance so the new permissions are inherited from the parent folder. b. Take ownership of the folder and then change permission. c. Delete the folder and re-create it. Then assign the new permissions. d. Disable permission inheritance and explicitly assign the new permissions.

b. Take ownership of the folder and then change permission. The owner of a folder has full permissions for the folder. If you are not the owner of the folder, you can try to take ownership of the folder. Once you are the owner, you can change the folder permissions.

Scenario: A technician, who was signed in to a Windows 10 computer as local administrator, accessed the Local Security Policy console and changed the Lock Screen timeout from 10 minutes to 60 minutes. After the technician completed the change, the user signed in to AD and discovered that the setting had reverted to 10 minutes. What can the technician do to keep the setting from reverting from 60 minutes to 10 minutes? a. The lock Screen timeout of 60 minutes is not within the allowable range. b. The Lock Screen timeout setting needs to be made in the AD OU GPO. c. The technician should run the gpupdate /f command on the local computer. d. The Lock Screen timeout policy does not apply to Windows 10

b. The Lock Screen timeout setting needs to be made in the AD OU GPO. The order in which group policies are applied are local, site, domain, OU, and enforced. Where there is a conflict in policies, the last policy applied wins. The setting should be made in the Active Directory Group Policy Object under the appropriate Organizational Unit.

Scenario: A Windows 10 user is copying a file from the C:\data folder to the E:\data folder. The C: drive is formatted with NTFS, and the D: drive is formatted with FAT32. What happens to the permissions of the file on the D:\ drive when copied? a. The file cannot be copied from NTFS to FAT32. b. The file will lose all permissions. c. The file will retain its permissions. d. The file will inherit the permissions of the destination.

b. The file will lose all permissions FAT32 volumes do not support NTFS permissions.

Scenario: A Windows user called the help desk to request that her local user account password be reset on her computer. The help desk technician connected to the computer using RDC and reset the password using the Network Places Wizard. After the password was reset, the user lost access to all the data files on the local HDD. Which of the following describes the most likely reason for the lost data files? a. The technician erased all the data files while resetting the password. b. The user had previously encrypted her data files and folders using EFS. c. The user lost access to the network shared drive when her password was reset. d. The user attempted to enter an incorrect password too many times.

b. The user had previously encrypted her data files and folders using EFS. When the user's account password was reset, she lost access to her EFS encrypted files and folders, personal digital certificates, and passwords stored on the computer.

When using Group Policy to configure QoS, what options are available? (Choose all that apply.) a. you can choose the protocol (either IP or ICMP) for the policy b. outbound traffic can be throttled c. the priority is a number from 0 to 63 d. you must choose a specific application to apply the policy

b. outbound traffic can be throttled c. the priority is a number from 0 to 63

What statement about controlling access to folders and files is accurate? a. in Windows, accounts have no rights assignments until you configure them. b. rights are assigned to accounts c. account configuration should keep in mind the principle of highest privilege d. permissions refer to the tasks an account is allowed to do in the system.

b. rights are assigned to accounts

Which of the following best meets the requirements of a strong password? a. qwerty1234567890 b. t*M&2.zY7 c. p@ssw0rd d. welcometoclass e. johndoe123

b. t*M&2.zY7 A combination of uppercase and lowercase letters, numbers, and symbols is not easily guessed and, when randomized, difficult to crack.

As an __________________ user, you might be allowed to use File Explorer or Windows Explorer to view shared folders and files on the remote computer, but you cannot access them. a. Power b. Administrator c. Anonymous d. Standard

c. Anonymous

Scenario: Your organization recently deployed a Windows domain controller with Active Directory. All the domain OU users need to run the same script file each time they sign in to Windows. How can the settings be configured with the least effort by the admin? a. Configure Local Group Policy on each workstation to run a logon script. b. Configure folder redirection in Group Policy. c. Configure Group Policy to run a logon script. d. Configure user account properties for each domain user in Active Directory to run a logon script.

c. Configure Group Policy to run a logon script. If you want to configure settings for all users in the same OU, the best tool to use is Group Policy. Policy changes in Group Policy affect all users in the OU.

Which of the following security policies can be implemented to prevent removable media from automatically launching potentially harmful programs? a. Disable the Guest account b. BitLocker c. Disable AutoRun d. Disable AutoPlay e. Enable screen lock

c. Disable AutoRun An executable can be launched automatically using AutoRun when removable media is inserted into a computer.

Scenario: You recently created several new user accounts in the Sales OU and configured them with the appropriate group membership, logon scripts, and printer access. Except for one new sales employee, all employees are actively using the account. The remaining employee will be using the account within the next two weeks. What is best practice for the remaining unused account? a. Leave the account active since it will be unused for only two weeks. b. Delete the account and re-create it when the employee is ready to use it. c. Disable the account until the employee is ready to use it. d. Remove the account membership to all groups.

c. Disable the account until the employee is ready to use it. Best practice is to leave all unused accounts disabled.

User accounts that are issued a temporary user profile that is deleted when the user signs out are members of what group? a. Backup Operators group b. Power Users group c. Guests group d. Administrators group

c. Guests group The Guests group has limited privileges on the system and is given a temporary profile that is deleted when the user signs out.

Scenario: Your computer has a single HDD formatted with NTFS with the following data folders:C:\DocumentsC:\Pictures You create a new child folder under the C:\Documents folder. What term describes the permissions the new folder automatically attains from the C:\Documents folder? a. Explicit permissions b. Allow permissions c. Inherited permissions d. Deny permissions

c. Inherited permissions Inherited permissions are permissions that are attained from a parent folder. So, for this example, the C:\Documents\NewFolder inherits its permissions from the C:\Documents folder.

Scenario: A technician wants to limit access to a group of folders and is using Group Policy to prevent the users in the sales department from accessing folders assigned to the accounting department. The technician is having difficulty achieving acceptable results. Which of the following is the most likely reason the technician is having difficulties? a. The technician should be using Local Security Policy instead of Group Policy. b. The users in the sales department are in a different domain than the accounting department users. c. The technician should be setting NTFS permissions instead of using Group Policy. d. The technician is not signed in as a Domain Admin

c. The technician should be setting NTFS permissions instead of using Group Policy. File and folder permissions should be made using NTFS permissions on the folders.

What NTFS permissions should you assign if the following user: create folders and files open files to read data not delete files not run programs in a folder (Choose all that apply.) a. Full Control b. Execute c. Write d. Read

c. Write - Can create a folder or file and change attributes but cannot read data. This permission is used for a drop folder, where users can drop confidential files that can only be read by a manager. For example, an instructor can receive student homework in a drop folder. d. Read - Can read folders and contents.

When mapping a drive, you can type in the path to the shared folder on the host computer. What is the syntax for the path? a. /sharedfolder/server b. \server\sharedfolder c. \\server\sharedfolder d. \\sharedfolder\server

c. \\server\sharedfolder

What command launches the Remote Desktop client for Windows? a. vnc b. rdp c. mstsc d. rdesktop

c. mstsc

To which group does Windows give access to folders that you create which are not part of your user profile? a. Guests b. Power User c. Authenticated Users d. Anonymous Users

c.Authenticated Users When you create a folder or file that is not part of your user profile, Windows gives access to all Authenticated Users by default.

Scenario: Several computers in your organization are being used from within the building after hours when the company is closed. Your manager has asked you to configure the computers to limit access to business hours. Which of the following steps can be taken to limit access to the computers? a. Disable Microsoft account resources. b. Change the user account passwords. c. Set the BIOS to automatically power off the computers at closing time. d. Configure logon time restrictions.

d. Configure logon time restrictions. Logon time restrictions can be configured to limit account access to certain days and times of day.

Scenario: You have received several trouble tickets from the employees in the warehouse for the stand-alone computers used to control various shipping machines because the computers are not booting when powered. Each time a technician resolves the booting issue the boot order is changed in the firmware. Each computer is required to have the USB ports disabled in the firmware to keep employees from connecting rogue devices. Which of the following steps should be taken to eliminate these trouble tickets? a. Install a lock on the computer case to prevent removal of the covers. b. Disconnect the USB ports from the motherboard. c. Require all employees to use a unique Windows user account and password. d. Enable the supervisor password in the BIOS/UEFI setup

d. Enable the supervisor password in the BIOS/UEFI setup. The first step is to configure a supervisor password in the BIOS/UEFI to allow access to the BIOS/UEFI setup program.

Scenario: You have been tasked with training end users in security best practices and have observed a trend among users in which many are writing down their passwords. Which of the following procedures can be implemented to provide enough security to protect resources while minimizing the need for users to write down their passwords? a. Disable required passwords. b. Disable password complexity requirement. c. Increase password length requirement. d. Lengthen the time period between forced password changes.

d. Lengthen the time period between forced password changes. Users will most often write down their passwords if they are forced to change them too often and when Enforce password history is set to a high number of passwords. Enforce password history is used to prevent users from repeatedly using the same password.

A technician is configuring the Windows computers on a network to print to a printer that is directly connected to the network via UTP cable. What term best describes this method of printer connectivity? a. Administrative share b. Shared printer c. Network drive mapping d. Network printer

d. Network printer A printer that is connected directly to the network is called a network printer. These printers are shared directly through the network.

Which of the following is a hardware component used to hold the BitLocker encryption key and ensures encrypted data is not accessed in the event a hard drive is lost or stolen? a. MFA b. EFS c. NIC d. TPM

d. TPM A TPM (Trusted Platform Module) is a hardware component integrated into the motherboard of a system that holds the BitLocker encryption key. If the HDD is lost or stolen and installed in another system, the data will not be accessible.

The best protection for computer resources is layered protection. When securing a workstation, use as many layers of protection as you reasonably can that are justified by the value of the resources you are protecting. These layers are collectively called __________________________. (three word answer)

defense in depth

Active Directory (AD) is a suite of services and databases provided by Windows Server that is used to manage Windows __________, including resource access and what users and computers can do.

domains

Which of the following security settings can best help minimize brute force attacks on local user account passwords? a. Audit logon failures b. Account lock timeout c. Account audit d. Screen lock timeout e. Account lockout threshold f. Logon time restrictions

e. Account lockout threshold Account lockout threshold sets the maximum number of failed logon attempts before the account is locked. Brute force attacks try to crack passwords by using a combination of letters, numbers, and symbols again and again until successful. Locking the account will stop the attack.

Users and resources of a company or school managed by AD are organized into a _____________ (the entire enterprise)

forest

Use the _____________ command to view a list of shared folders and volumes.

fsmgmt.msc

Account _____________________ sets the maximum number of failed logon attempts before the account is locked. (two word answer)

lockout threshold

A _____________ script is a list of commands stored in a script file that is performed each time a user signs in to Windows.

logon

Drive mapping is managed by a Windows component called the ____________________________ or NFS.

network file system

AD is able to change a home folder location away from a user's local folder to a share on the network. This is called folder ________________.

redirection Folder redirection is a technique in Active Directory of using a shared folder on the network instead of a user's Home folder on the local computer.