CIST 2411 Final Exam
What does Exploit protection use to help mitigate exploit techniques?
Antivirus software Exploit protection is a component of Exploit Guard that uses Windows Defender Antivirus (or whichever antivirus software is installed) to help mitigate exploit techniques used against your organization's apps.
Which capability of Windows Defender Advanced Threat Protection provides the first line of defense in the stack by ensuring that configuration settings are properly set and exploit mitigation techniques are applied?
Attack Surface Reduction
What are the vectors that an attacker can use to enter or extract data from an environment called?
Attack surface A software environment consisting of different points where an attacker can try to enter data to (or extract data from) is known as an attack surface. The basic premise of security is to lower the attack surface as much as possible.
Which driver must be enabled for Windows Defender Advanced Threat Protection (ATP) to run?
ELAM
Which of the following indicates that somethings may need your attention in Windows Security?
Yellow exclamation triangle A green checkmark indicates that everything in Windows Security is on and configured properly. A red exclamation triangle is not an icon you will see in Windows Security. A yellow exclamation triangle signifies that something needs your attention. A red X indicates that there is a serious problem that needs your immediate attention.
Which Windows Security feature helps protects a device against potentially dangerous apps, files, sites, and downloads?
Windows Defender SmartScreen helps protect your device against potentially dangerous apps, files, sites, and downloads.
Which PowerShell cmdlet can be used to enable and configure controlled folder access?
Set-MpPreference
Which PowerShell cmdlet can be used to configured exploit protection?
Set-ProcessMitigation
A user keeps attempting to open a text file. All that happens is a Command Prompt window flashes on screen and then disappears. Which of the following actions will help you determine the cause of this issue?
Show full file extensions
What is WindowsUpdate.log?
A log file that can be created and saved and can be used to locate errors or problems.
You have 400 Windows 10 workstations and a Windows Server Update Service (WSUS) in your office. Which option would you use to stop the workstations in your organization from using Microsoft's servers for system updates?
Allow downloads from other PCs
When you initially set up your Windows 10 system, you configured it to create regular backups. You have also kept an up-to-date system image. Recently, your system has been experiencing serious issues. At first, the system would boot and let you log on, but then it would crash within a couple minutes. You tried booting from the installation DVD, clicking the Repair your computer option, and running Startup Repair and System Restore to resolve the issue. Both of these options failed to recover your system. You want to avoid losing installed applications and data. You have again booted from the installation disc. Which of the following options should you try next?
Click Repair your computer. Click Troubleshoot. Run the System Image Recovery option.
Using the Settings app, you have accessed Windows Update > Delivery Optimization. What function does this option provide?
Delivery Optimization provides you with Windows and Store app updates and other Microsoft products.
Which Exploit protection mitigation needs to be enabled if you want to prevent executable code from being run from data-only memory pages?
Data Execution Prevention (DEP)
Which application would you use to include device updates with Windows Update?
Control Panel
Which virus protection feature should be enabled to protect files, folders, and memory areas from unauthorized changes by unfriendly applications?
Controlled folder access
Which component of Exploit Guard protects your system ransomware and malware by preventing changes in protected files and folders?
Controlled folder access- Controlled folder access requires Windows Defender Antivirus.
Your Windows system has two volumes defined. The C: volume contains the Windows system and is formatted with NTFS. The D: volume is formatted with FAT32. Which action must you take to create a system image backup with the D: volume as the destination?
Convert the D: drive to NTFS
Shows the collective security configuration state of your machines across application, operating system, network, accounts, and security controls.
Configuration Score
Windows Defender Advanced Threat Protection shows the collective state of your devices in the following categories: application, operating system, network, accounts, and security controls. Which capability provides this information?
Configuration Score
Which malware type is designed to facilitate identity theft?
Crimeware
Your Windows computer has two hard drives, both formatted with NTFS. You have enabled system protection on both disks. How do you delete all restore points while keeping system protection enable on both drives?
Edit the System Protection configuration in System Properties, and delete the restore points.
You have configured scheduled backups in the Backup and Restore console to take a backup each week. You save the backups to a network location. You find that backups are not being completed because the destination computer is asleep when the schedule time starts. The destination computer is not waking up to perform the backup. How can you make sure the backup destination device is awake and available?
Edit the backup task in Task Scheduler.
To provide additional storage space, you have added a second internal hard drive to your Windows 10 system. For the past several weeks, you have created and changed many files stored on the new hard drive. One of the files on the new drive has become corrupted. You want to recover as much as you can by reverting to a previous version of that file. After viewing the file properties, you notice that no previous versions are available. Which action must you take to ensure that you can revert files to previous versions on the new hard drive of your Windows 10 computer?
Enable System Protection on the new hard drive.
You are supporting a Windows 10 computer that is used by three different users. The computer has the following volumes with default System Protection settings: C: (System drive with user profiles and individual user files) E: (Data files common to all users) Which option is the easiest way to protect the data on both volumes with restore points?
Enable system protection for the E: volume.
By default, when does Windows Security check for new updates?
Every time a system scan takes place
You are configuring file backups using Backup and Restore (Windows 7) in Control Panel on a Windows system. Which information can be included in the backup? (Select two.)
Files on user desktops Files in user Documents libraries
Match the Windows Security scan options to its description. Each scan option is only used once.
Full scan-Checks all files and running programs on Offline scan-Restarts the computer and uses up-to-date definitions to find and remove threats. Quick scan-Checks folders where threats are commonly found. Custom scan-Lets you choose which files and folders to scan.
Your Windows system is a member of a domain. Windows Update settings are being controlled through Group Policy. How can you determine whether a specific security update from Windows Update is installed on the computer?
Go to Programs and Features in Control Panel.
You have a computer running Windows 10. The C: drive holds all system files and is the boot volume. The D: volume holds only user data files. You want to schedule a backup that includes everything on the C: and D: drives so you could restore your entire computer if necessary. How do you configure the backup to run on Monday, Wednesday, and Friday?
In Windows Task Scheduler, create a task to run wbadmin
You want to use a USB flash drive as a system recovery drive. Which of the following steps can you use to launch the utility you must use to perform this task?
In the taskbar search field, type "Create a recovery drive". Then select the "Create a recovery drive entry in the search results."
You use a Windows desktop system to edit and produce audio files. Your system has two hard disks installed. Your applications are installed on the C: volume on the first hard disk. Because of the size of the audio files you produce, you keep them on a separate volume (D:) located on the second hard disk. Your Windows desktop system has system protection enabled on the both drives. You need to configure system protection on this system to maximize overall protection. What should you do?
Increase the amount of disk space reserved for restore points on C:
Which of the following Microsoft solutions does Windows Defender Advanced Threat Protection (ATP) directly integrate with?
Intune
Which of the following is true of the Family Options Windows Security feature?
Is available for Microsoft accounts The Family Options feature of Windows Security is only available to Microsoft accounts. This option gives you easy access to tools to manage your family's digital life. Family Options is often used to help keep your childrens' devices clean, up to date with the latest version of Windows 10, and protected when your kids are online. This option is available only for Microsoft accounts and can be used only by adults.
You are logged into the Windows Defender Security portal. You notice that a machine has a malware program on it. You know what this program is, and you want to leave a comment so others can identify the malware. Under which setting can you leave comments?
Manage alerts
Provides proactive hunting, prioritization, and additional context and insights
Microsoft Threat Experts
You are supporting a Windows 10 computer that has two volumes: The C: drive is the system drive with user profiles and individual user files. The D: drive holds data files common to all users. System Protection has been configured as follows: A system image backup has been created that includes both the C: and D: drives. Regular backups are scheduled to back up all user libraries. The scheduled backup includes a system image. System Restore has been used to take a snapshot. A user has edited and saved a file on the D: drive. The user doesn't like the changes and wants to revert to a previous version of the file. The user goes to the Previous Versions tab of the file and sees nothing listed. To avoid this situation in the future, you must ensure that users can revert files on the D: drive to earlier versions of the file from the Previous Versions tab. What should you do? (Select two. Each answer is a complete solution.)
Modify the backup settings in Backup and Restore to include the D: drive. Enable System Protection for the D: drive.
Your Windows 10 computer has two hard drives. The C: drive is the system drive, and the D: drive holds data files. You perform a system image backup that includes both drives using the Backup and Restore console. Your computer takes regular restore point snapshots. One day, you find that the D:\finances folder has been deleted. You check previous versions of the drive, but find nothing listed. Which action can you take to restore the folder and its contents as quickly as possible?
Mount the .vhd file in the backup and then copy the folder to the drive.
Which of the following is a characteristic of a virus?
Must be attached to a file or program to run
Which component of Exploit Guard helps prevent access to internet domains that may host phishing scams, exploits, and other malicious content?
Network protection
Further reinforces the security perimeter of your network
Next Generation Protection
You need to create a recovery drive for your Windows system. To do this, you've procured a USB flash drive with the following characteristics: - USB version: 2.0 - Capacity: 4 GB Can you create a recovery drive using this device?
No. The device must be 8 GB (or larger) in size.
Uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations
Threat & Vulnerability Management
Your Windows 10 computer has the following drives: C: (System drive with user profiles) E: (Data files) F: (External USB hard drive) You enable system protection on the C: drive. You also schedule regular backups with the following settings: Back up all user libraries Back up the C: and E: drives Include a system image Save the backup to the F: drive Last night the E: drive crashed. How can you restore the data files found in the E: drive?
Use the Backup and Restore console to restore data from a backup.
You run a regular file backup on your Windows 10 computer every Friday night, which also includes a system image backup. System Protection has been enabled for all drives on the system. On Wednesday, you receive a new version of a graphic editing application that you use regularly. You install the new application, but you find that the application does not work properly. When you try to run the original application, you find that the upgrade has deleted it from your system. You also find that some of the graphics files you had been working on yesterday have been deleted. What can you do to get things back to normal as quickly as possible? (Select two. Each answer is part of the complete solution.)
Use File History to restore the missing files. Use System Restore to revert to a restore point before you installed the application.
You have just read about a new security patch that has been made available for your Windows system. You install the patch as a Windows update. After you reboot and sign in, your computer appears to be unstable. Which action should you take? (Select two. Each answer is part of the complete solution).
Use Programs and Features to remove the update. Use the Setting app to uninstall the update.
You manage a Windows computer that is shared by multiple users. Recently, a user downloaded and installed two malware programs on the computer. The applications had a .msi extension. What is the first line of defense in protecting your system against applications like these from being copied or downloaded to your system?
Use anti-malware software that provides real-time protection
You have a Windows 10 computer configured with volumes C: and D:. You want to schedule backup jobs of the C: volume to include all user files on the C: volume as well as creating a system image of the C: volume. How do you configure the backup job and the schedule with a minimal amount of effort?
Use the Backup and Restore (Windows 7) console.
While deploying Windows updates, when would you use the critical update ring?
When deploying updates to machines (only after the update has been vetted).
Windows Update for Business (WUfB) lets you keep devices current with the latest security upgrades and features. Which operating system releases does WUfB support?
Windows 10
Which version of Windows 10 is the minimum requirement to implement the Network Protection feature of Exploit Guard?
Windows 10 Enterprise E3
Which of the following meets the minimum licensing requirement to use Microsoft Defender Advanced Threat Protection?
Windows 10 Enterprise E5
Which of the following is true about Windows Update?
Windows 10 does not allows the user to turn security updates off using the Settings app or Control Panel. By default, each client contacts the Microsoft website for updates.
You have a Windows 10 system. You have used the Settings app to access Windows update. From this location, how long can you pause updates?
7 days
Which of the following describes a system image backup? (Select two.)
A system image backup consists of an entire volume backed up to .vhd files. A system image contains everything on the system volume, including the operating system, installed programs, drivers, and user data files.
What should you do before you install a third-party anti-malware program?
Disable Windows Security.
Which Group Policy setting, when disabled, forces users to update their system before the system is shut down?
Do not display Install Updates and Shut Down option in Shut Down Windows dialog box
Which capability of Windows Defender Advanced Threat Protection (ATP) is put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars?
Endpoint Detection & Response
Match each controlled folder access configuration option to its description.
Prevents suspicious or malicious software from making changes to protected folders.-Block Prevents untrusted apps from writing to disk sectors. -Block disk modification only Stops the Controlled Folder Access feature.-Disable Tracks untrusted apps that write to disk sectors. Audit disk modification only Tracks rather than prevents changes to protected folders.-Audit Mode
What is the component of Windows 10 that provides protection against malware and other threats called?
Windows Security
Which of the following tools can be used to troubleshoot and validate Windows updates?
Windows Server Update Service (WSUS) Windows Update Troubleshooter PowerShell
Which of the following are true about Windows Update for Business?
Windows Update for Business can be used with all versions of Windows 10 except Windows 10 Home. Windows Update for Business can be configured with Group Policy, Mobile Device Management, or Systems Center Configuration Manager. Windows Update for Business provides the latest features for your Windows 10 devices, including security upgrades.
You have noticed malware on your network that is spreading from computer to computer and deleting files. Which type of malware are you most likely dealing with?
Worm
You are trying to set up and configure Microsoft Defender Advanced Threat Protection on your network. One of the client machines is not reporting properly. You need to verify that the diagnostic data service is enabled. Which command can you run to check this?
sc qc diagtrack
Put the steps for the suggested procedure for remediation of an infected system in the order they should be performed in.
1) Identify the symptoms 2) Quarantine the infected system 3) Disable System Restore 4) Update anti-malware definitions 5) Scan for and remove malware 6) Schedule future anti-malware scans 7) Re-enable System Restore 8) Educate the end user
A feature update includes new capabilities and improvements. What is the maximum number of days you can defer feature updates?
365
You use a Windows 10 system with File History running. Currently, File History is configured to save copies of files every hour. However, you've been assigned to work on a high-profile project, and you would like File History to save copies of files every 15 minutes. What should you do? (Select two. Each answer is part of the complete solution.)
Click Advanced settings and then set Save copies of files to Every 15 minutes In Control Panel, click System and Security > File History
You install a new graphics application on your Windows machine. During installation, the computer reboots, but hangs during startup. Pressing F8 has no effect. To fix your computer so it will start, what should you try first?
Boot from the installation disc and restore to a restore point.
You have recently made some changes to your Windows system. Things seemed to run fine for several days. Today, however, your computer has started to be unstable. Shortly after you log on on, the system crashes and hangs. Which of the following will most likely correct the problem in the least amount of time?
Boot into Safe Mode and restore to a restore point
One day while trying to start your Windows 10 system, you see the error Operating system not found displayed. Which of the following options will most likely fix the problem?
Boot into the recovery environment and run the bootrec /fixmbr command on the boot volume.
One day while trying to start your Windows 10 system, you see the following error displayed: -"Could not read from the selected boot disk. Check boot path and disk hardware." Which of the following will most likely fix the problem?
Boot into the recovery environment and then run the bootrec /rebuildbcd command
The vendor of your accounting software recently released an update that you downloaded and installed on your Windows system. Unfortunately, now your accounting software crashes when launched. Which action can you take to get your system running properly as quickly as possible without losing your accounting files? (Select two. Each answer is a possible solution.)
Boot the system from a recovery drive and click Troubleshoot > Advanced Options > System Restore
You are using a Windows 10 system to work on the schedule for a very important project. You saved your files in the Documents library of your user account. Unfortunately, malware from a malicious website has infected your system. You were able to remove the infection with anti-malware software. However, after shutting down, you discover that Windows does not boot properly. Which action can you take to get your system back up and running properly without losing your project files and while minimizing the risk of infecting other systems on the network? (Select two. Each option is part of the complete solution.)
Boot the system from a recovery drive. Click Troubleshoot > Reset this PC > Keep My Files
One of the users you support, VKumar, has just turned on File History and selected the internal D: drive as the location to which his files will be copied. By default, which directory does File History copy files from to save on the D: drive?
C:\Users\VKumar
Lets you integrate Microsoft Defender Advanced Threat Protection into your existing workflows.
Centralized Configuration and Administration
Which of the following web browsers can be used to access Windows Defender Advanced Threat Protection (ATP)? (Select two.)
Chrome Edge
Your Windows computer has system protection enabled on the system drive. By default, restore points are only created when a Windows update occurs. In the last week, since the last Windows update, you have installed a video editing application that you use every day. Today you installed a new sound card with the driver that came with it. Your system started behaving erratically after you rebooted. You tried updating to the latest driver for the sound card, but that didn't help. So you used System Restore to get your computer back to the state it was in before you installed the sound card. After you reboot your computer, you realize you have to install your video editing application again. Which action would have helped you avoid having to reinstall the application?
Creating a manual restore point just before installing the sound card.
You want to set up Exploit Protection. Which of the following steps should you take? (Select two. Each answer is a part of the process.)
Define your Exploit Protection settings and export to an XML file. Enable the Group Policy setting and enter path to the exported file.
Match defs to OS
Feature updates Quality updates Quality updates Feature updates Quality updates
You install the drivers to connect your new music player to your Windows 10 computer. Immediately following the device installation, you get a bluescreen error. You reboot the computer, but it displays the same bluescreen and stops the boot process. What should you try first to get the computer to boot successfully?
Reboot and Repair your computer and then choose Startup Repair.
You manage a Windows 10 system, on which File History has been turned on. You want to keep all versions of your files until space on the hard drive is needed. You have used Control Panel to access File History as shown in the image. Click on the option which will let you configure the required setting.
Select "Advanced Settings"
You are supporting a Windows 10 computer that has the following volumes: The C: drive is the system drive with user profiles and individual user files. The D: drive holds data files common to all users. System Protection has been configured as follows: A system image backup has been created that includes both the C: and D: drives. Regular backups are scheduled to back up all user libraries. The scheduled backup includes a system image. System Restore has been used to take a snapshot. A user has edited and saved a file on the D: drive. The user doesn't like the changes and wants to revert to a previous version of the file. The user goes to the Previous Versions tab of the file and sees nothing listed. How can you help the user restore the previous version of the file?
Restore the file from the system image.
If a program has been quarantined, what must you do to run it again?
Restore the program To run a program on the Quarantined Items list, you must restore it on your system. When you run it, Windows Security will identify it again as a potential security threat. Choose the Restore option to add the program to the list of allowed items so that you can run it in the future without a prompting.
As part of your regular system maintenance, you install the latest operating system updates on your Windows 10 computer. After several days, you notice that the system locks up and reboots from time to time. You suspect that a recent update is causing the problem. How can you quickly restore the computer to its state before the updates?
Restore the system using a restore point.
You have just set up a new Windows 10 system. You want to be able to recover this system if a major failure occurs. With some system failures you can still boot the system and log on and then perform tasks to recover the system using a backup. Click the option you must use if you want to be able to recover from a system failure when this type of failure occurs.
Select "Set up backup" under the Backup section.
You want to use an optical disc as a system recovery drive. In the System and Security category, click the Control Panel item you must use to create a system repair disc.
Select the "Backup and Restore (Windows 7)" option.
Your Windows system has been infected with malware that has replaced the standard boot loader on the hard disk with its own malicious software. Which type of exploit is being used in this scenario?
Rootkit
Your Windows 10 computer has two hard drives formatted with NTFS. You have enabled System Restore on both disks. How can you delete all restore points except for the last restore point?
Run Disk Cleanup.
You have just added a new 300 GB hard drive to a Windows computer. You create a single volume named Data and format the volume using FAT32. The volume is assigned drive letter D:. You copy several files to the new hard disk. Which action must you take first to include the disk in restore points created on the computer?
Run convert.exe to change the drive to NTFS.
Which of the following types of malware are designed to scam money from the victim? (Select two.)
Scareware Ransomware
You use a Windows 10 system with File History enabled. You've been working on the index.html file in the HTML Files folder in your Temp\HTML library. You realized this evening that you've made many erroneous changes during the day that will require a great deal of work to correct. You decide that the best option is to restore the version of this file as it was this afternoon. You've used File History to identify the version of the file you want to restore. Click the option you would use to restore version 6 of the file shown.
Select the green button with the replay arrow
Match servicing channels to description...
Semi-annual Channel Long-term Servicing Channel Windows Insider Program (WIP) Long-term Servicing Channel Semi-annual Channel Windows Insider Program (WIP)
Once a piece of malware is detected and reverse-engineered, its unique characteristics are identified. Anti-malware programs use these characteristics to identify malware. What do anti-malware programs call these unique characteristics of malware?
Signature
Which Windows Security feature alerts you if there are storage capacity issues?
The Device performance & health feature lets you view status information about your device's performance health, including: Windows Time service Storage capacity Apps and software Battery life (if applicable)
Which of the following are true about File History backups or restore points? (Select three.)
The following are true regarding File History backups or restore points: File History only works on NTFS partitions. File History is turned off by default and must be enabled to benefit from its functionality. The File History tool can be used without the involvement of IT workers. The users can easily restore their own files and folders. File History can be used to recover entire user folders, user libraries, desktop folders, and offline OneDrive files. File History backups use Volume Shadow Copy (VSS), which runs in the background and does not interfere with computer performance. When you view the history of a file, it is opened in read-only mode. You can browse through a previous version of a folder and navigate the directory structure. You can copy the previous version of the file to a new location or restore it to the same location. This overwrites the existing version.
To protect the data on your Windows 10 computer from loss or corruption, you enable system protection on all drives in your computer. You also schedule regular backups with the following settings: Back up all user libraries Back up all drives Include a system image Today, you notice that your user profile settings are corrupt. How can you restore the user profile settings with the least amount of effort?
Use the Backup and Restore console to restore the user profile from backup.
You support a Windows 10 computer that has the following volumes: The C: drive is the system drive with user profiles and individual user files. The D: drive holds data files common to all users. The user has taken the following actions: Scheduled regular backups to back up all user libraries. The scheduled backup includes the entire D: drive as well as a system image. Used System Restore to take a snapshot. After working with a file on the D: drive, the user has accidentally deleted most of the data in the file. The user needs your help to recover the file as it existed before making the changes. You check the System Protection settings and find that System Protection is not enabled for the D: drive. How can you restore the data in the file with the least amount of effort?
Use the Previous Versions tab of the file properties to restore the file.
To protect the data on your Windows 10 computer from loss or corruption, you enable system protection on all the drives in your computer. You also schedule regular backups of the system drive and all other drives using the Backup and Restore (Windows 7) console. After working with a file, you notice that you accidentally deleted most of the data. How can you restore the file to the state it was in before you modified it? (Select two. Each answer is a complete solution.)
Use the file's properties to restore a previous version of the file. Use the Backup and Restore (Windows 7) console to locate and restore the file.
To protect your system and the data on your Windows 10 computer, you use the Backup and Restore console to create a system image backup. While working with a file, you accidentally delete some of the data. You need to restore the older version of the file, but you cannot find any previous versions of the file. What should you do? (Select two. Each answer is part of the complete solution.)
se Windows Explorer to browse to and then copy the file. Attach the .vhd file created from the Backup and Restore console.
Which command can be used to attempt to repair infected files?
sfc