Which security feature in Windows 7 prevents malware by limiting
user privilege levels? - a. Windows Defender
- b. User Account Control (UAC)
- c. Microsoft Security Essentials
- d. Service SIDs
|
|
b. User Account Control (UAC) |
| |
The default privilege level for services is LocalSystem. True or
False?
|
|
False |
| |
When compared to Windows XP, which networking
features have been updated or added in Windows 7 to enhance
security? (Choose all that apply.) - a. TCP/IPv4
- b. Network Access Protection (NAP)
- c. Point-to-Point tunneling Protocol (PPTP)
- d. Internet Connection Sharing
- e. Windows Firewall
|
|
b. Network Access Protection (NAP) e. Windows Firewall |
| |
Which data protection feature is new in Windows 7? - a. Local security policy
- b. BitLocker Drive Encryption
- c. EFS
- d. BitLocker To Go
- e. Network Access Protection
|
|
d. BitLocker To Go |
| |
Which of the following passwords meet complexity requirements?
(Choose all that apply.) - a. passw0rd$
- b. ##$$@@
- c. ake1vyue
- d. a1batro$$
- e. A%5j
|
|
a. passw0rd$
- e. A%5j
|
| |
Which password policy setting should you use to prevent users from
reusing their passwords too quickly? - a. Maximum password age
- b. Minimum password age
- c. Minimum password length
- d. Password must meet complexity requirements
- e. Store passwords using reversible encryption
|
|
b. Minimum password age |
| |
Which account lockout policy setting is used
to configure the time frame in which incorrect logon attempts must
be conducted before an account is locked out? - a. Account lockout duration
- b. Account lockout threshold
- c. Reset account lockout counter after
- d. Password must meet complexity requirements
- e. Store passwords using reversible encryption
|
|
c. Reset account lockout counter after |
| |
The _____ local policy controls the
tasks users are allowed to perform.
|
|
User Rights Assigment |
| |
Which type of AppLocker rule condition can
uniquely identify any file regardless of its location? - a. Publisher
- b. Hash
- c. Network zone
- d. Path
|
|
b. Hash |
| |
How would you create AppLocker rules if you
wanted to avoid updating the rules when most software is installed? - a. Manually create rules for each application
- b. Automatically generate rules
- c. Create default rules
- d. Download rule templates
|
|
c. Create default rules |
| |
Evaluating DLL files for software restrictions has a minimal
performance impact because of caching. True or False?
|
|
False |
| |
Which utilities can be used to compare the settings in a security
template against a computer configuration? (Choose all that apply.) - a. Secedit
- b. Windows Defender
- c. Security Templates snap-in
- d. Group Policy Object Editor
- e. Security Configuration and Analysis tool
|
|
a. Secedit e. Security Configuration and Analysis tool |
| |
To which event log are audit events written? - a. Application
- b. Security
- c. System
- d.Audit
- e. Advanced Audit
|
|
b. Security |
| |
An _____ is used to describe the
structure of an application and trigger UAC when required.
|
|
Application Manifest |
| |
What are you disabling when you configure UAC
to not dim the desktop? - a. Admin Approval Mode
- b. File and Registry Virtualization
- c. user-initiated prompts
- d. secure desktop
|
|
d. Secure Desktop |
| |
Microsoft Security Essentials requires a
subscription fee after a 90 day trial period. True of false?
|
|
False |
| |
Which of the following does Action Center
monitor? (Choose all that apply.) - a. Network Firewall
- b. Windows Update
- c. User Account Control
- d. Internet security Settings
- e. Virus Protection
|
|
- a. Network Firewall
- b. Windows Update
- c. User Account Control
- d. Internet security Settings
- e. Virus Protection
|
| |
To prevent spyware installation you should configure Windows
Defender to perform _____.
|
|
Real-time scanning |
| |
Which type of encryption is the fastest, strongest, and best suited
to encrypting large amounts of information? - a. Symmetric
- b. 128 bit
- c. Asymmetric
- d. Hash
- e. Public Key
|
|
a. Symmetric |
| |
To encrypt a file by using EFS, the file must be stored on an NTFS
formatted partition. True or False?
|
|
True |
| |
How can you recover EFS encrypted files if the user profile holding
the digital certificate is accidentally deleted? (Choose all that
apply.) - a. Restore the file from backup.
- b. Restore the user certificate from a backup copy.
- c. Another user with access to the file can decrypt it.
- d. Decrypt the file by using the recovery certificate.
- e. Decrypt the file by using the EFS recovery snap-in.
|
|
- b. Restore the user certificate from a backup copy.
- c. Another user with access to the file can decrypt it.
- d. Decrypt the file by using the recovery certificate.
|
| |
Which of the following is not true about BitLocker Drive Encryption? - a. BitLocker Drive Encryption requires at least two disk partitions
- b. BitLocker Drive Encryption is designed to be used with a TPM
- c. Two encryption keys are used to protect data.
- d. Data is still encrypted when BitLocker Drive Encryption is disabled.
- e. You must use a USB drive to store the startup key.
|
|
e. You must use a USB drive to store the startup key |
| |
BitLocker Drive Encryption is user aware and can be used to protect
individual files on a shared computer. True or False?
|
|
False |
| |
Which is the preferred setting for Windows Update? - a. Install updates automatically
- b. Download updates but let me choose whether to install them.
- c. Check for updates but let me choose whether to download and install them.
- d. Never Check for Updates.
|
|
a. Install updates automatically |
| |
Which categories of updates can be downloaded and installed
automatically by Windows Update? (Choose all that apply.) - a. Critical
- b. Important
- c. Recommended
- d. Optional
- e. Feature update
|
|
- b. Important
- c. Recommended
- d. Optional
|
| |
Virus Protection Buddy's Machine Shop has been infected with a virus for the second time in six months. Several machines cannot run antivirus software because it interferes with specialized software used to carve machine parts from blocks of metal. What can you o to mitigate the risk of viruses infecting the computers? |
|
here are several solutions for
preventing virus infections on the computers running specialized
software.
Buy new software that is
compatible with anti-virus software – The specialized software
that runs manufacturing operations is typically very expensive.
Purchasing upgrades or replacing vendors is a very long and
expensive process. This cannot be implemented in the short term.
Remove the manufacturing computers
from the network – Most viruses take advantage of network
connectivity to move from computer to computer. Removing the
manufacturing computers from the network would eliminate the ability
to be infected over the network. However, in many cases
manufacturing computers need to download design documents from file
servers. The design plans could be moved to the manufacturing
computers on CD or portable disk drive, but that is a cumbersome
process.
Configure Windows Update to
download and apply updates automatically – This will eliminate
most viruses on these computer. It would still be better if
anti-virus software could be installed as well, but this solution is
quick and cheap to implement. If an update causes problems with the
manufacturing software, the update can be uninstalled.
|
| |
Home User Protection Superduper Lightspeed Computers sells many computers to home users. Many Windows XP customers have returned to the store complaining that their computer is slow or crashes frequently. Which features can you configure in Windows 7 to increase customer satisfaction? |
|
Superduper Lightspeed Computers should
begin configuring Windows Defender for their customers using Windows
7. Windows Defender can prevent spyware which often causes computers
to slow down and crash. For the best protection Windows defender
should be configured to run a scan at least weekly and also perform
real-time scanning.
Superduper Lightspeed Computers should
also begin installing Microsoft Security Essentials for their
customers. Microsoft Security Essentials protects against some
malware that Windows Defender does not.
|
| |
Applying Security Settings Gigantic Life Insurance has thousands of insurance brokers selling their services. The Security Officer has recently identified a list of security settings that she wants configured on all Windows 7 computers used by the insurance brokers. What is the best way to apply these security settings? |
|
The best way to apply security settings
for Windows 7 is to create a security template that contains those
settings. If you were applying the security template to just a single
computer, you could use the Security Configuration and Analysis
snap-in. However, in this case, there are thousands of computers to
update and it is not realistic to visit each one to apply the
security template.
You need to automate the application of
the security template. This can be done by using a script that runs
secedit on each computer or by using a Group Policy. Using a Group
Policy is faster and easier than creating a scripting solution. |
| |
Data Encryption The salespeople at Hyperactive Media sales all use laptop computers so they can have easy access to important data on the road. The salespeople regularly take customer lists and other sensitive company information with them. Occasionally a laptop is lost or stolen. Which data encryption features in Windows 7 can prevent hard drive data from being used after a laptop is stolen? Which features would you implement and why? |
|
Windows 7 includes both EFS and
BitLocker Drive Encryption to protect data. EFS is primarily used to
protect individual files, while BitLocker Drive Encryption is used to
protect an entire partition.
For laptops that are leaving the
office, BitLocker Drive Encryption is the best choice for protecting
data, because it protects the entire partition, not just individual
files. This means that all temporary files, data files, and operating
system files are encrypted and protected without any user
intervention.
As part of your BitLocker
implementation, you need to create a recovery plan in case the
certificate used for decryption is lost. You document the recovery
password for BitLocker on each laptop. In addition, you should
configure a recovery agent on each laptop that can be used to recover
BitLocker encrypted data.
|
| |