Ch. 8.3 - 8.9

Which of the following character types are allowed in a UPN? (Select two.)

- ! - #

You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shut down. You would like to use auditing to track who performs these actions. What should you do to only monitor the necessary events and no others? (Select two. Each choice is a required part of the solution.)

- Audit successful system events. - Create a GPO to configure auditing. Link the GPO to the domain.

You would like to prevent users from running any software with .exe or .com extensions on computers in the domain unless they have been digitally signed. The rule should apply to all known and unknown software. How should you configure this rule in AppLocker

Configure an executable rule with a publisher condition.

Which of the following is true about Group Policy preferences?

Preferences are not enforced.

You manage 20 Windows workstations in your domain network. You want to prevent the sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change. What should you do?

Configure the User Account Control: Behavior of the elevation prompt for standard users setting in Group Policy to prompt for credentials.

If a standard user tries to perform an administrative task, they will be prompted to enter administrative credentials. Which security option is responsible for this prompting?

User account control

You manage a single domain named widgets.com. Recently, you noticed that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You enable successful auditing of directory service access events in a GPO and link the GPO to the domain. After several days, you check Event Viewer, but you do not see any events listed in the event log indicating changes to Active Directory objects. What should you do?

Edit the access list for the OU. Identify specific users and events to audit.

Which of the following best describes a restricted groups policy?

A client configuration that can be used to control membership for groups that require high security.

Under which security option category would you enable a prompt for users to change their password before it expires?

Interactive logon.

Your organization's security policy dictates that the security level of the Local Intranet and Trusted Sites zones in Internet Explorer be set to medium-high on all user workstations. Rather than configure each workstation individually, you decide to use a Group Policy preference setting in a GPO to make the change. Click on the Control Panel Setting you would use to implement this configuration.

Internet Settings

Privilege use tracks which of the following? (Select two.)

- When an administrator takes ownership of an object -When a user exercises a user right

Click on the tool you can use to configure Restricted Groups to control membership for groups that require high security.

Group Policy Management

Which of the following is a password restriction that applies to Azure AD?

There is a global banned password list. Explanation

Which AppLocker rule condition uses the digital fingerprint of an application?

Hash

Which of the following are true regarding the Members group name? (Select two.)

- Any user included in the list who is not currently a member of the restricted group becomes a member of the restricted group automatically when the policy is applied. - Any user not included in the Members list is removed from the restricted group. The exception is the administrator in the Administrators group.

Which file type applies only to Windows applications that are purchased through the Windows Store?

.appx

Which setting should you disable unless a specific application requires access to the plaintext password?

Store passwords using reversible encryption

You would like to have better control over the applications that run on the computers in your domain, so you have decided to implement AppLocker. You have created default rules and an executable rule that only allows the company's accounting application to run. When you test these rules, you find that you can still run any program on your test client. What should you do? (Select two. Each correct answer is part of the solution.)

- Ensure that the enforcement mode for executable rules is set to Enforce rules. - Start the Application Identity service on the client computers.

You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows servers for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. Computer accounts for workstations are located in the Workstations OU. You are creating a security template that you plan to import into a GPO. What should you do to log whenever a user is unable to log on to any computer using a domain user account? (Select two. Each choice is a required part of the solution.)

- Link the GPO to the Domain Controllers OU. - Enable the logging of failed account logon events.

Which file types are included in the Script rule type?

.cmd and .bat

Management is concerned that users are spending work hours playing games and has asked you to create a restriction that will prevent all standard users and administrators from running the Games app. Click on the option you would use in Group Policy Management Editor to implement this restriction.

Packaged app Rules

You are consulting with the owner of a small network with a Windows server functioning as a workgroup server. There are six Windows desktop computers. There is no internet connectivity. The server contains possibly sensitive information, so the owner wants to make sure that no unauthorized access occurs. You suggest that auditing be configured so that access to sensitive files can be tracked. What can you do to ensure that the files generate audit results? (Select three. Each correct answer is part of the required solution.)

- Make sure the Object Access auditing policy is configured for success and failure. - Make sure the files to be audited are on NTFS partitions. - Make sure the correct users and groups are listed in the auditing properties of the files.

- This policy does not remove the restricted group from other groups. - Any user included in the list who is not currently a member of the restricted group becomes a member of the restricted group automatically when the policy is applied. - Any user not included in the Members list is removed from the restricted group. The exception is the administrator in the Administrators group. - You can use this option to define membership in a local group by adding a restricted group. - The restricted group to be added to the local group must be a group defined in Active Directory.

- Members of - Members - Members - Members of - Members of

- The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is not displayed. - A UAC prompt and the secure desktop are displayed for 150 seconds. The user cannot perform any other actions until they respond to the prompt. -The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is displayed for 150 seconds. -If logged on as a standard user, all actions requiring privilege elevation are automatically denied.

- Notify me only when apps try to make changes to my computer (do not dim the desktop) - Always notify -Notify me only when apps try to make changes to my computer -Never notify

Which of the following are characteristics of Group Policy settings? (Select two.)

- Policies require Group Policy-aware applications. - Filtering is based on Windows Management Instrumentation (WMI) and requires writing WMI queries.

You manage a single domain running Windows Server. You have configured a restricted Group Policy as shown in the image. When this policy is applied, which actions will occur? (Select two.)

- The Desktop Admins group will be made a member of the Backup Operators group. - Any other members of the Backup Operators group will be removed.

Your organization's security policy dictates that the security level for the Local Intranet and Trusted Sites zones in Internet Explorer be set to medium-high on all user workstations. Rather than configure each workstation individually, you decide to use a Group Policy preference setting in a GPO to make the change. Which of the following is true concerning this Group Policy preference? (Select two.)

- This preference is not available in Local Group Policy. - The preference can be applied to specific systems based on the criteria you specify.

Which of the following are Azure AD default password policies? (Select three.)

- Users cannot use the last password again when changing or resetting their password. - Users are notified of expiration 14 days before the password expires. - The maximum password age (password expiration policy) is 90 days.

How many old passwords can Windows remember?

24

How many characters can be entered before the "@" symbol and how many characters can be entered after the "@" symbol in a UPN?

64 before and 48 after the "@" symbol

Which UAC level is recommended as the most secure configuration option because it will always provide a standard user the option to log in as an administrator?

Always notify.

Which identifier enables or disables devices using the Devices Group Policy?

Device class

All your users are in the same city. Which preference would you use to set their time, date, and time zone preferences on their Windows device?

Regional options

Which of the following is the option provided by Azure AD for users that forget their password or get locked out of their account?

SSPR

You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its security database. How can you create a policy that meets these requirements?

Select Audit Failure for the enabled audit policy.

You want to use Restricted Groups to manage the membership of local groups on the domain member servers that you manage. You can define a restricted group in one of two ways: Members of this group This group is a member of The This group is a member of option is the preferred method for most use cases. Which of the following explains why this is the preferred method?

Using the This group is a member of option does not remove existing members of the group if they are not part of the restricted group.

You manage several Windows workstations in your domain. You want to configure a GPO that will make them prompt for additional credentials whenever a sensitive action is taken. What should you do?

Configure User Account Control (UAC) settings.

You are an administrator for a company that uses Windows servers. In addition to Active Directory, you provide file and print services, DHCP, DNS, and email services. There is a single domain and a single site. There are two member servers, one that handles file and print services only and one database server. You are considering adding additional servers as business increases. Your company produces mass mailings for its customers. The mailing list and contact information provided to your company by its clients are strictly confidential. Because of the private information sometimes contained in the data (one of your clients is a hospital), and because of the importance of the data to your operation, the data can also be considered a trade secret. You want to ensure the data stored on your member servers is only accessed by authorized personnel for business purposes. You've set file permissions to restrict access, but you want to track the authorized users. How should you configure your security policy to track access to the data files?

Configure object access auditing in a GPO and link it to the domain.

You are the administrator for the westsim.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. Computers in the accounting department use a custom application. During installation, the application creates a local group named AcctMagic. This group is used to control access to the program. By default, the account used to install the application is made a member of the group. You install the application on each computer in the accounting department. All accounting users must be able to run the application on any computer in the department. You need to add each user as a member of the AcctMagic group. You create a domain group named Accounting and make each user a member of this group. You then create a GPO named Acct Software linked to the Accounting OU. You need to define the restricted group settings. What should you do?

Create a restricted group named AcctMagic. Add the Accounting domain group as a member.

ou want to prevent users from running any file with a .bat or .vbs extension unless the file is digitally signed by your organization. How should you configure this rule in AppLocker?

Create a script rule with a publisher condition.

You want to find out who has been running a specific game on the client computers in your company. You do not want to prevent users from running the program, but instead want to log information when the file runs. The application is not digitally signed. How should you configure a rule in AppLocker to meet these requirements?

Create an executable rule with a path condition that identifies the file. Set the enforcement mode to Audit only.

You are the network administrator for your company. Rodney, a user in the research department, shares a computer with two other users. One day, Rodney notices that some of his documents have been deleted from the computer's local hard drive. You restore the documents from a recent backup. Rodney now wants you to configure the computer, so he can track all users who delete his documents in the future. You enable auditing of successful object access events in the computer's local security policy. Rodney then logs on and creates a sample document. To test auditing, you then log on and delete the document. However, when you examine the computer's security log, no auditing events are listed. How can you make sure an event is listed in the security log whenever one of Rodney's documents is deleted?

Edit the advanced security properties of the folder containing Rodney's documents. Configure an auditing entry for the Everyone group. Configure the entry to audit the success of the Delete permission.

You have been asked to troubleshoot a Windows workstation that is a member of your domain. The director who uses the machine said he is able to install anything he wants and change system settings on demand. He has asked you to figure out why User Account Control (UAC) is not being activated when he performs a sensitive operation. You verify that the director's user account is a standard user and not a member of the local Administrators group. You want the UAC prompt to show. What should you do?

Enable the Run all administrators in Admin Approval Mode setting in the Group Policy .

Which preference would you use to regularly clean up temporary folders?

Files Folders

You want to prevent users in your domain from running a common game on their machines. This application does not have a digital signature. You want to prevent the game from running even if the executable file is moved or renamed. You decide to create an AppLocker rule to protect your computer. Which type of condition should you use when creating this rule?

Hash

You need to configure a Group Policy preference that configures notebook systems in the domain to use the Power Saver power plan when undocked. You have specified the appropriate power plan in the Advanced Settings tab of the Power Options Group Policy preference and have set it as the active power plan. Click on the option you must enable to apply the preference only to undocked notebook systems.

Item-level targeting

Which of the following is a potential use for the restricted group policy?

Manage the membership of local groups on domain member servers and workstations.

Which setting would you set to 0 to allow all users to reset their password immediately?

Minimum password age

Which of the following is a valid Azure AD password?

My Password

Outside sales employees in your organization use a VPN connection to access your internal network while traveling to customer sites. Currently, each user must manually create and manage the VPN connection settings on their notebook systems and frequently require Help Desk assistance. Rather than configure each workstation individually, you decide to use a Group Policy preference setting in a GPO to push down the correct VPN configuration settings for your organization's VPN server to the notebook systems. Click on the Control Panel Setting you would use to implement this process.

Network Options

Which of the following UAC levels prompts the user only when a program tries to change the computer or a program not included with Windows attempts to modify Windows settings?

Notify me only when apps try to make changes to my computer (do not dim my desktop)

You suspect that sensitive information has been leaked. Which audit logs could you review to track who opened a file containing the sensitive data?

Object access

Which of the following BEST describes granular password policies?

Policies within a GPO that apply password policies for users and global groups.

You manage a single domain named widgets.com. This morning, you noticed that a trust relationship you established with another forest has changed. You reconfigured the trust, but you want to be able to identify if this change happens again in the future. You want to configure auditing to track this event. Which auditing category should you enable?

Policy change events

You have a computer running Windows. Prior to installing some software, you turn off User Account Control (UAC), reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions. You want the protection of UAC, but it is not working at all. What should you do?

Reboot the machine.

Recently, some users in your domain have downloaded and installed an open source program that contains malware. After download, the application is installed by running a program with an .msi extension. The file is not digitally signed. You have a copy of this open-source program running on your server, and it did not install any malware. The users that got the malware likely obtained the program from a website they did not know was malicious. How can you prevent users from installing this software if it has been tampered with?

Use AppLocker to create a Windows installer rule with a file hash condition.

You manage a single domain running Windows Server. You have configured a Restricted Group policy as shown in the image. When this policy is applied, which action will occur?

The Backup Operators group will be made a member of the Desktop Admins group.

Group Policies can be used to set the same notification levels at the domain level that can be set for local machines using the User Account Control (UAC) tool. You need to configure the Notify me only when programs try to make changes to my computer notification level using Group Policy. Which of the following Group Policies must be set to complete this configuration?

The Behavior of the elevation prompt for administrators in Admin Approval Mode policy setting is set to Prompt for consent for non-Windows binaries. The User Account Control: Switch to the secure desktop when prompting for elevation policy setting is enabled.

The desktop workstations you recently purchased for the employees in your organization's Denver office came with two network boards installed: A RealTek PCIe Fast Ethernet interface integrated into the motherboard. A Broadcom NetXtreme 57xx Gigabit Ethernet interface installed in a motherboard slot. You used the gigabit controller to connect these systems to the network. Because the integrated interface is not used, you set up a Devices Group Policy preference that disables the RealTek adapter. However, because this affects only the employees in the Denver office, you set up an item-level target that specifies that the preference only be applied to hosts in the Denver site in Active Directory. Which of the following is true concerning this Group Policy preference when it is applied?

The preference will be applied, but not enforced.

There are two restricted group properties that an administrator can define - members and members of. Which of the following is true about the members of property?

This policy ensures that the restricted group is a member of the defined groups but does not remove the restricted group from other groups.