106 Exam. Module 16
A technician, who was signed in to a Windows 10 computer as a local administrator, accessed the Local Security Policy console and changed the Lock Screen timeout from 10 minutes to 60 minutes. After the technician completed the change, the user signed in to AD and discovered that the setting had reverted to 10 minutes.What can the technician do to keep the setting from reverting from 60 minutes to 10 minutes? The Lock Screen timeout of 60 minutes is not within the allowable range. The technician should run the gpupdate /f command on the local computer. The Lock Screen timeout setting needs to be made in the AD OU GPO. The Lock Screen timeout policy does not apply to Windows 10.
The Lock Screen timeout setting needs to be made in the AD OU GPO. Correct. The order in which group policies are applied are local, site, domain, OU, and enforced. Where there is a conflict in policies, the last policy applied wins. The setting should be made in the Active Directory Group Policy Object under the appropriate Organizational Unit.
Which of the following security settings can best help minimize brute force attacks on local user account passwords? Logon time restrictions Screen lock timeout Audit logon failures Account lockout threshold
Account lockout threshold Correct. Account lockout threshold sets the maximum number of failed logons before the account is locked. Brute force attacks try to crack passwords by using a combination of letters, numbers, and symbols again and again until successful. Locking the account will stop the attack.
An administrator is assigning Windows user accounts to user groups based on the user's role and notices the built-in Power Users group.What is the purpose of the Power Users group in Windows 7 and later? Allows members to take ownership of files and folders. Members have limited privileges and are given a temporary profile. Provides a method for assigning rights to Guests who require Administrator access. Backward compatibility for legacy operating systems and applications.
Backward compatibility for legacy operating systems and applications. Correct. The Power Users group on Windows 7 and later should be used only for compatibility with older applications
You need to secure your Windows 7 computer in a way that prevents access to the entire HDD even if the drive is moved to another system.What solution should you implement? BitLocker To Go BitLocker Encrypting File System VPN using IPSec
BitLocker Correct. BitLocker is a Microsoft security solution that encrypts the content of entire drives. BitLocker will protect the content of an HDD even if it is moved to another system.
Knowing some of the common symptoms that a device might experience can be an important part of discovering when malware and grayware applications are installed on a device. Administrators need to be aware of these symptoms when troubleshooting a device that is behaving strangely.Which of the following might be a symptom of adware? Pop-ups Unable to access the network Strange notifications Certificate warnings
Certificate warnings Correct. This type of application will intend harm to your device, usually installed in some sort of surreptitious manner. This would include applications like viruses, worms and trojan horses.
A technician is using the Security tab in the Properties dialog box in an attempt to remove the inherited status from a file's permissions but cannot locate where to make the change.What step would the technician take to make the change? Click the Sharing tab and click Advanced Sharing. Click the Administrator user name and click the Edit button. Click the Advanced button to open Advanced Security Settings for the file. Click the Previous Versions tab, highlight the file, and click Restore.
Correct! Click the Advanced button to open Advanced Security Settings for the file. Correct. Advanced Security Settings can be used to disable inheritance for the file.
A coworker asks your opinion about how to minimize ActiveX attacks while they browse the Internet using Internet Explorer. The coworker recalls there is a setting in the Internet Options dialog box to prompt the user before downloading ActiveX controls but can't remember which tab to use.What tab would suggest the coworker look in for the ActiveX controls? Security tab Privacy tab General tab Programs tab
Correct! Security tabCorrect. Your coworker should use the Security tab to set the zone security level for the Internet zone. Setting the level to medium-high will prompt users before they download ActiveX controls that are not digitally signed by Microsoft.
Your organization recently deployed a Windows domain controller with Active Directory. All the domain OU users need to run the same script file each time they sign in to Windows.How can the settings be configured with the least effort by the admin? Configure user account properties for each domain user in Active Directory to run a logon script. Configure folder redirection in Group Policy. Configure Local Group Policy on each workstation to run a logon script. Configure Group Policy to run a logon script.
Configure Group Policy to run a logon script. Correct. If you want to configure settings for all users in the same OU, the best tool to use is Group Policy. Policy changes in Group Policy affect all users in the OU.
Several computers in your organization are being used from within the building after hours when the company is closed. Your manager has asked you to configure the computers to limit access to business hours.What step can be taken to limit access to the computer? Configure logon time restrictions. Set the BIOS to automatically power off the computers at closing time. Disable Microsoft account resources. Change the user account passwords.
Configure logon time restrictions. Correct. Logon time restrictions can be configured to limit account access to certain days and times of day.
What security policy can be implemented to prevent removable media from automatically launching potentially harmful applications? Disable AutoPlay. Disable AutoRun Disable the Guest account Enable screen lock.
Disable AutoRun. Correct. An executable can be launched automatically using AutoRun when removable media is inserted into a computer.
You recently created several new user accounts in the Sales OU and configured them with the appropriate group membership, logon scripts, and printer access. Except for one new sales employee, all employees are actively using the account. The remaining employee will be using the account within the next two weeks.What is best practice for the remaining unused account? Leave the account active since it will be unused for only two weeks. Delete the account and re-create it when the employee is ready to use it. Remove the account membership to all groups. Disable the account until the employee is ready to use it.
Disable the account until the employee is ready to use it. Correct. Best practice is to leave all unused accounts disabled.
What user accounts are created automatically and disabled by default when Windows is installed? (Select TWO.) Standard Guest Admin Administrator
Guest Correct. The Guest user is created automatically and disabled by default when Windows is initially installed. Administrator Correct. The Administrator user is created automatically and disabled by default when Windows is initially installed.
You have received several trouble tickets from the employees in the warehouse for the stand-alone computers used to control various shipping machines because the computers are not booting when powered. Each time a technician resolves the booting issue the boot order is changed in the firmware. Each computer is required to have the USB ports disabled in the firmware to keep employees from connecting rogue devices.Which of the following steps should be taken to eliminate these trouble tickets? Disconnect the USB ports from the motherboard. Enable the supervisor password in the BIOS/UEFI setup. Require all employees to use a unique Windows user account and password. Install a lock on the computer case to prevent the removal of the covers.
Enable the supervisor password in the BIOS/UEFI setup. Correct. The first step is to configure a supervisor password in the BIOS/UEFI to allow access to the BIOS/UEFI setup program.
Your computer has a single HDD formatted with NTFS with the following data folders:C:\DocumentsC:\PicturesYou create a new child folder under the C:\Documents folder.What term describes the permissions the new folder automatically attains from the C:\Documents folder? Explicit permissions Allow permissions Deny permissions Inherited permissions
Inherited permissions Correct. Inherited permissions are permissions that are attained from a parent folder. So, for this example, the C:\Documents\NewFolder inherits its permissions from the C:\Documents folder.
You have been tasked with training end users in security best practices and have observed a trend among users in which many are writing down their passwords.Which of the following procedures can be implemented to provide enough security to protect resources while minimizing the need for users to write down their passwords? Disable password complexity requirement. Disable required password Lengthen the time period between forced password changes. Increase password length requirement.
Lengthen the time period between forced password changes. Correct. Users will most often write down their passwords if they are forced to change them too often and when Enforce password history is set to a high number of passwords. Enforce password history is used to prevent users from repeatedly using the same password.
Dealing with security and keeping data safe is an important topic for any organization. Without protecting resources from unwanted users and applications, those resources are useless.Which of the following are unwanted applications that intend harm and are transmitted without your knowledge? Grayware Adware Spyware Malware
Malware Correct. This type of application will intend harm to your device, usually installed in some sort of surreptitious manner. This would include applications like viruses, worms, and trojan horses.
Keeping anti-virus applications up to date is an extremely important part of securing a network. Anti-virus applications are constantly on the lookout for any sort of malicious application that could infect a device.Which of the following might be a common update applied to anti-malware applications? Pop-up blockers Certificate manager Malware encyclopedia Malware definitions
Malware definitions Correct. This is a type of grayware that is looking to gather information about user habits and other statistics.
A technician is configuring the Windows computers on a network to print to a printer that is directly connected to the network via UTP cable.What term best describes this method of printer connectivity? Network printer Shared printer Network drive mapping Administrative share
Network printer Correct. A printer that is connected directly to the network is called a network printer. These printers are shared directly through the network.
While there are a number of different types of malicious applications, there can sometimes be common characteristics or exploits of particular weaknesses. Administrators need to be on the lookout constantly for these types of attacks.Which of the following involves the insertion of various data retrieval statements into an application? Dictionary attack Rainbow tables Zero-day attack SQL injection attack
SQL injection attack Correct. This type of application will intend harm to your device, usually installed in some sort of surreptitious manner. This would include applications like viruses, worms and trojan horses.
A company asked you to help mitigate the brute force attacks carried out against its users' Windows account passwords. You successfully removed the malware responsible for the attacks and need to better secure the passwords assigned to the user accounts without limiting the system's usability.What options can be included when securing user accounts? (Select THREE.) Require user account passwords. Require strong passwords. Change each account type to Administrator. Add each user to the Guests group. Set failed logon restrictions. Disable password complexity requirements.
Set failed logon restrictions. Correct. Brute force attacks try combinations of letters, numbers, and symbols again and again until they are successful. Enabling failed logon restrictions will discourage most password cracking by requiring a timeout between failed attempts or locking an account for a set period of time or until manually unlocked by an admin. Require strong passwords. Correct. Strong password requirements should be enforced for all users. There needs to be a balance between strong, complex passwords and passwords that are memorable. Require user account passwords. Correct. Each user account should have an assigned password. Blank passwords are unacceptable in most situations.
The users in the sales department needs a central location on the network to share data files. All the client computers in the organization are running Windows 10 and have network and internet connectivity. The file server that hosts the network drive for the sales department is running Windows Server 2016.What is the first step in implementing the data share? Create a system restore point on the server and all sales computers. Map a network drive to the shared folder or volume on the file server on the sales computers. Run a system image backup of the file server, including all data folders. Share the folder or volume on the file server that will store the shared data files.
Share the folder or volume on the file server that will store the shared data files. Correct. The first step will be to create the folder or volume on the server that will store the data and then create a network share pointing to that folder.
You are having difficulty changing permissions for a folder on an NTFS volume that was created by another user.How can you best solve this issue without losing data in the folder? Disable permission inheritance and explicitly assign the new permissions. Enable permission inheritance, so the new permissions are inherited from the parent folder. Delete the folder and re-create it. Then assign the new permissions. Take ownership of the folder and then change permissions.
Take ownership of the folder and then change permissions. Correct. The owner of a folder has full permissions for the folder. If you are not the owner of the folder, you can try to take ownership of the folder. Once you are the owner, you can change the folder permissions.
A Windows 10 user is copying a file from the C:\data folder to the E:\data folder. The C: drive is formatted with NTFS, and the D: drive is formatted with FAT32.What happens to the permissions of the file on the D:\ drive when copied? The file cannot be copied from NTFS to FAT32. The file will retain its permissions. The file will inherit the permissions of the destination. The file will lose all permissions.
The file will lose all permissions. Correct. FAT32 volumes do not support NTFS permissions.
While performing disk and file maintenance on the company file server, you determine a user in the accounting department has been accidentally saving documents to all shared folders on the file server. The user's computer was recently passed to them from another user in the company, and according to company policy, the user should have access only to the accounting share.What option best describes the situation above? The user bypassed the security of the file server. The principle of least privilege was not followed. The firewall on the server is disabled. The firewall on the user's computer is disabled.
The principle of least privilege was not followed. Correct. The principle of least privilege is an approach to permissions in which a user is given only the permissions required to perform their job and no more. This principle was not followed in that they had access to all shared folders on the file server.
A technician wants to limit access to a group of folders and is using Group Policy to prevent the users in the sales department from accessing folders assigned to the accounting department. The technician is having difficulty achieving acceptable results.What is the most likely reason for the difficulties that the technician is experiencing? The users in the sales department are in a different domain than the accounting department users. The technician should be using Local Security Policy instead of Group Policy. The technician is not signed in as a Domain Admin. The technician should be setting NTFS permissions instead of using Group Policy.
The technician should be setting NTFS permissions instead of using Group Policy. Correct. File and folder permissions should be made using NTFS permissions on the folders.
As administrators and other IT support personnel get to know the various types of malware, grayware, and other types of resource stealing and draining applications, it is important to know how each type works.Which of the following is an unwanted application that substitutes itself for a legitimate application? Virus Worm Trojan Spyware
Trojan Correct. This type of malware does not need a host program and substitutes itself for a legitimate application. While an end user thinks they are executing one application, they are actually executing the Trojan, which is embedded in the legitimate software.
A Windows user called the help desk to request that their local user account password be reset on their computer. The help desk technician connected to the computer using RDC and reset the password using the Network Places Wizard. After the password was reset, the user lost access to all the data files on the local HDD.What is the most likely reason for the lost data files? The technician erased all the data files while resetting the password. The user attempted to enter an incorrect password too many times. The user had previously encrypted their data files and folders using EFS. The user lost access to the network shared drive when their password was reset.
The user had previously encrypted their data files and folders using EFS. Correct. When the user's account password was reset, they lost access to their EFS encrypted files and folders, personal digital certificates, and passwords stored on the computer.
Understanding the various types of attacks that a network can experience is a constant learning experience for administrators. Knowing the basic types and categories is important.Which of the following explains what a DoS attack is? This is a security hole discovered in the software This type of attack is commonly referred to as a denial-of-service attack This attack is referred to as a man-in-the-middle attack This attack has also been called an on-path attack
This type of attack is commonly referred to as a denial-of-service attack Correct. This attack often overwhelms a computer or network with requests or traffic for the purpose of preventing new connections.
A Windows 10 Home user is attempting to encrypt the contents of a folder on a volume formatted with NTFS. The user contacted you to ask why the option to encrypt the folder is disabled.What is the most likely reason the encryption option is disabled? The user account is not a member of the Administrators group. The NTFS file system is corrupt. Windows Home editions do not support EFS. A volume formatted with NTFS does not support EFS.
Windows Home editions do not support EFS. Correct. The user will need to upgrade to the Pro or Enterprise edition of Windows 10 to have support for EFS.
Which of the following best meets the requirements of a strong password? t*M&2.zY7 qwerty1234567890 p@ssw0rd johndoe123
t*M&2.zY7 Correct. A combination of uppercase and lowercase letters, numbers, and symbols is not easily guessed and, when randomized, difficult to crack.
