Windows 7 Security

Total Flash Cards » 29
Text Size: S | M | L
  1. Which security feature in Windows 7 prevents malware by limiting user privilege levels?
  2. a. Windows Defender
  3. b. User Account Control (UAC)
  4. c. Microsoft Security Essentials
  5. d. Service SIDs
b. User Account Control (UAC)
  1. The default privilege level for services is LocalSystem. True or False?
  1. When compared to Windows XP, which networking features have been updated or added in Windows 7 to enhance security? (Choose all that apply.)
  2. a. TCP/IPv4
  3. b. Network Access Protection (NAP)
  4. c. Point-to-Point tunneling Protocol (PPTP)
  5. d. Internet Connection Sharing
  6. e. Windows Firewall
b. Network Access Protection (NAP)
e. Windows Firewall

  1. Which data protection feature is new in Windows 7?
  2. a. Local security policy
  3. b. BitLocker Drive Encryption
  4. c. EFS
  5. d. BitLocker To Go
  6. e. Network Access Protection
d. BitLocker To Go
  1. Which of the following passwords meet complexity requirements? (Choose all that apply.)
  2. a. passw0rd$
  3. b. ##$$@@
  4. c. ake1vyue
  5. d. a1batro$$
  6. e. A%5j
a. passw0rd$
  1. e. A%5j

  1. Which password policy setting should you use to prevent users from reusing their passwords too quickly?
  2. a. Maximum password age
  3. b. Minimum password age
  4. c. Minimum password length
  5. d. Password must meet complexity requirements
  6. e. Store passwords using reversible encryption
b. Minimum password age
  1. Which account lockout policy setting is used to configure the time frame in which incorrect logon attempts must be conducted before an account is locked out?
  2. a. Account lockout duration
  3. b. Account lockout threshold
  4. c. Reset account lockout counter after
  5. d. Password must meet complexity requirements
  6. e. Store passwords using reversible encryption
c. Reset account lockout counter after
  1. The _____ local policy controls the tasks users are allowed to perform.
User Rights Assigment
  1. Which type of AppLocker rule condition can uniquely identify any file regardless of its location?
  2. a. Publisher
  3. b. Hash
  4. c. Network zone
  5. d. Path
b. Hash
  1. How would you create AppLocker rules if you wanted to avoid updating the rules when most software is installed?
  2. a. Manually create rules for each application
  3. b. Automatically generate rules
  4. c. Create default rules
  5. d. Download rule templates
c. Create default rules
  1. Evaluating DLL files for software restrictions has a minimal performance impact because of caching. True or False?
  1. Which utilities can be used to compare the settings in a security template against a computer configuration? (Choose all that apply.)
  2. a. Secedit
  3. b. Windows Defender
  4. c. Security Templates snap-in
  5. d. Group Policy Object Editor
  6. e. Security Configuration and Analysis tool
a. Secedit
e. Security Configuration and Analysis tool
  1. To which event log are audit events written?
  2. a. Application
  3. b. Security
  4. c. System
  5. d.Audit
  6. e. Advanced Audit
b. Security
  1. An _____ is used to describe the structure of an application and trigger UAC when required.
Application Manifest
  1. What are you disabling when you configure UAC to not dim the desktop?
  2. a. Admin Approval Mode
  3. b. File and Registry Virtualization
  4. c. user-initiated prompts
  5. d. secure desktop
d. Secure Desktop
  1. Microsoft Security Essentials requires a subscription fee after a 90 day trial period. True of false?
  1. Which of the following does Action Center monitor? (Choose all that apply.)
  2. a. Network Firewall
  3. b. Windows Update
  4. c. User Account Control
  5. d. Internet security Settings
  6. e. Virus Protection

  1. a. Network Firewall
  2. b. Windows Update
  3. c. User Account Control
  4. d. Internet security Settings
  5. e. Virus Protection
  1. To prevent spyware installation you should configure Windows Defender to perform _____.
Real-time scanning
  1. Which type of encryption is the fastest, strongest, and best suited to encrypting large amounts of information?
  2. a. Symmetric
  3. b. 128 bit
  4. c. Asymmetric
  5. d. Hash
  6. e. Public Key
a. Symmetric
  1. To encrypt a file by using EFS, the file must be stored on an NTFS formatted partition. True or False?
  1. How can you recover EFS encrypted files if the user profile holding the digital certificate is accidentally deleted? (Choose all that apply.)
  2. a. Restore the file from backup.
  3. b. Restore the user certificate from a backup copy.
  4. c. Another user with access to the file can decrypt it.
  5. d. Decrypt the file by using the recovery certificate.
  6. e. Decrypt the file by using the EFS recovery snap-in.
  1. b. Restore the user certificate from a backup copy.
  2. c. Another user with access to the file can decrypt it.
  3. d. Decrypt the file by using the recovery certificate.
  1. Which of the following is not true about BitLocker Drive Encryption?
  2. a. BitLocker Drive Encryption requires at least two disk partitions
  3. b. BitLocker Drive Encryption is designed to be used with a TPM
  4. c. Two encryption keys are used to protect data.
  5. d. Data is still encrypted when BitLocker Drive Encryption is disabled.
  6. e. You must use a USB drive to store the startup key.
e. You must use a USB drive to store the startup key
  1. BitLocker Drive Encryption is user aware and can be used to protect individual files on a shared computer. True or False?
  1. Which is the preferred setting for Windows Update?
  2. a. Install updates automatically
  3. b. Download updates but let me choose whether to install them.
  4. c. Check for updates but let me choose whether to download and install them.
  5. d. Never Check for Updates.
a. Install updates automatically
  1. Which categories of updates can be downloaded and installed automatically by Windows Update? (Choose all that apply.)
  2. a. Critical
  3. b. Important
  4. c. Recommended
  5. d. Optional
  6. e. Feature update
  1. b. Important
  2. c. Recommended
  3. d. Optional
Virus Protection
Buddy's Machine Shop has been infected with a virus for the second time in six months. Several machines cannot run antivirus software because it interferes with specialized software used to carve machine parts from blocks of metal. What can you o to mitigate the risk of viruses infecting the computers?
here are several solutions for preventing virus infections on the computers running specialized software.
  • Buy new software that is compatible with anti-virus software – The specialized software that runs manufacturing operations is typically very expensive. Purchasing upgrades or replacing vendors is a very long and expensive process. This cannot be implemented in the short term.
  • Remove the manufacturing computers from the network – Most viruses take advantage of network connectivity to move from computer to computer. Removing the manufacturing computers from the network would eliminate the ability to be infected over the network. However, in many cases manufacturing computers need to download design documents from file servers. The design plans could be moved to the manufacturing computers on CD or portable disk drive, but that is a cumbersome process.
  • Configure Windows Update to download and apply updates automatically – This will eliminate most viruses on these computer. It would still be better if anti-virus software could be installed as well, but this solution is quick and cheap to implement. If an update causes problems with the manufacturing software, the update can be uninstalled.

Home User Protection
Superduper Lightspeed Computers sells many computers to home users. Many Windows XP customers have returned to the store complaining that their computer is slow or crashes frequently. Which features can you configure in Windows 7 to increase customer satisfaction?
Superduper Lightspeed Computers should begin configuring Windows Defender for their customers using Windows 7. Windows Defender can prevent spyware which often causes computers to slow down and crash. For the best protection Windows defender should be configured to run a scan at least weekly and also perform real-time scanning.
Superduper Lightspeed Computers should also begin installing Microsoft Security Essentials for their customers. Microsoft Security Essentials protects against some malware that Windows Defender does not.
Applying Security Settings
Gigantic Life Insurance has thousands of insurance brokers selling their services. The Security Officer has recently identified a list of security settings that she wants configured on all Windows 7 computers used by the insurance brokers. What is the best way to apply these security settings?
The best way to apply security settings for Windows 7 is to create a security template that contains those settings. If you were applying the security template to just a single computer, you could use the Security Configuration and Analysis snap-in. However, in this case, there are thousands of computers to update and it is not realistic to visit each one to apply the security template.
You need to automate the application of the security template. This can be done by using a script that runs secedit on each computer or by using a Group Policy. Using a Group Policy is faster and easier than creating a scripting solution.
Data Encryption
The salespeople at Hyperactive Media sales all use laptop computers so they can have easy access to important data on the road. The salespeople regularly take customer lists and other sensitive company information with them. Occasionally a laptop is lost or stolen. Which data encryption features in Windows 7 can prevent hard drive data from being used after a laptop is stolen? Which features would you implement and why?
Windows 7 includes both EFS and BitLocker Drive Encryption to protect data. EFS is primarily used to protect individual files, while BitLocker Drive Encryption is used to protect an entire partition.
For laptops that are leaving the office, BitLocker Drive Encryption is the best choice for protecting data, because it protects the entire partition, not just individual files. This means that all temporary files, data files, and operating system files are encrypted and protected without any user intervention.
As part of your BitLocker implementation, you need to create a recovery plan in case the certificate used for decryption is lost. You document the recovery password for BitLocker on each laptop. In addition, you should configure a recovery agent on each laptop that can be used to recover BitLocker encrypted data.