6.0 Securing Windows Quiz

Windows Hello includes several alternative methods for authentication. Which of the following is not included in the Windows Hello authentication options?

Which of the following is true of an organizational unit (OU)?

Explanation

An organizational unit (OU) is like a folder that subdivides and organizes network resources within a domain.

OUs can be created, moved, renamed, or deleted. They have several editable properties.

Built-in containers (not OUs) have very few editable properties.

An OU can contain other OUs.

Members of the Domain Users can sign into all of the following except:

Explanation

Members of the Domain Users group are able to sign into any resource within the domain except for the domain controllers. Workstations, Network shares they are given permissions for, and member servers can all be logged into by a member of the Domain Users group.

In enterprise environments using Windows Hello for Business, what is the minimum number of characters required for a Windows PIN?

Explanation

In enterprise-managed environments using Windows Hello for Business, PINs are typically required to be between 6 and 8 digits long. On personal or unmanaged systems, a 4-digit PIN may still be permitted by default.

Which of the following switches would automatically restart a computer system as needed after running the gpupdate command?

The /Boot switch is used to automatically reboot a computer after applying any group policy changes. /Logoff logs the user off after running the update of the GPOs. /Force reapplies all policy settings. /Reboot is not a valid switch for the gpupdate command.

What is the purpose of SAML?

Allows a user to access multiple applications using the same credential.

SAML is used to facilitate SSO, thus allowing a user to login once and access multiple applications without the need to re-authenticate.

SAML does not require a user to login to each application separately.

SAML does not control the security policies of a workstation and is not used to log into multiple workstations at the same time.

What is true of a domain controller?

A domain controller is a Windows server that holds a copy of the Active Directory database.

A domain controller is a member of only one domain.

A domain can contain multiple domain controllers. Each domain controller holds a copy of the Active Directory database.

Any domain controller can make changes to the Active Directory database.

Which of the following are common login types supported by the Windows operating system? (Select three).

Local, Network, and Remote logins are authorized configurations for login within the Windows operating system.

Kerberos is an authentication system protocol used by Windows network login environments, not a login type.

What is the name of the service included with the Windows Server operating system that manages a centralized database containing user accounts and security information?

Active Directory

A user calls to report a problem. She is trying to install an application on her new Windows 11 system, but the installation will not proceed. Her user account is a member of the Users group.

What is MOST likely causing the installation issue?

Her group membership does not allow her to install new software.

Correct Answer:

You manage the two folders listed below on your computer.

• C:\Confidential

• D:\PublicReports

The C:\ drive is formatted with NTFS, and the D:\ drive is formatted with FAT32. On the C:\Confidential folder, you edit the properties for the following two files and assign the Deny Read permission to the Users group:

• Reports.doc

• Costs.doc

You then take the following actions. You:

• Move Reports.doc from C:\Confidential to D:\PublicReports.

• Copy Costs.doc from C:\Confidential to D:\PublicReports.

Which of the following BEST describes what happens to the permissions for both files as they are created in the D:\PublicReports folder?

Permissions will be removed from both files. Moving or copying files to a non-NTFS partition removes all permissions (FAT32 does not support NTFS permissions).

Moving files to the same NTFS partition preserves the permissions. Copying files to another partition (NTFS or otherwise) removes existing permissions. Copied files on an NTFS partition inherit the permissions assigned to the drive or folder, and copied files on a non-NTFS partition do not inherit permissions because no permissions exist.

A help desk technician determines that a user's issue is caused by a corrupt file on their computer.

Which of the following would be the FASTEST way to transfer a good file to the computer?

The C$ administrative share (\\computername\C$) is available to technicians with administrator privileges. This share is the fastest way to transfer a file.

It takes extra steps to have users create local shares, and the user may not have permissions for the folder where the file should be copied.

There are several steps to creating an email and attaching a file. In addition, depending on the file type, the file could be blocked by email filtering.

The C$ administrative share is available to the technician. Setting up a remote assist session would add extra steps.

Which of the following statements are true regarding administrative shares?

By default, Windows automatically creates an administrative share for every volume.

Because administrative shares are not visible when browsing the network, you must use the UNC path to connect to an administrative share. Only members of the Administrators group can access default administrative shares.

Adding a $ sign (not a !) to the end of a share name creates an administrative share.

You have a folder on your Windows computer that you would like to share with members of your development team. Users should be able to view and edit any file in the shared folder. You share the folder and give everyone the Full Control permission for the shared folder. Users connect to the shared folder and report that they can open the files, but they cannot modify any of the files.

Access to shared folders on a Windows system is controlled through the combination of share and NTFS permissions. Even though the necessary share permissions have been granted, you need to verify that the NTFS permissions also allow access.

Modifying users and groups will not affect the ability to access the files unless the NTFS permissions are also modified.

You use Samba to share folders on a Linux system.

Bob is a member of the Accounting group. The Accounting group has been granted the Read and Write NTFS permissions for the WeeklyReport.xls file.

Bob is also a member of the Everyone group, which has been given the Full Control permission for the WeeklyReport.xls file.

Which of the following statements MOST correctly describes Bob's ability to access the WeeklyReport.xls file?

Explanation

When you evaluate the interaction between Full Control and NTFS permissions, remember that the most restrictive set of permissions takes precedence. In this case, the NTFS permissions (Read and Write) are more restrictive than the Full Control permission granted to the Everyone group through the share, so the effective permissions are Read and Write.

A server administrator wants to connect to a user's computer. They are trying to get their patching numbers up and discover that users must pull the updates, so the administrator wants to push a script that forces the pull. The administrator wants to copy the file to users' automatically hidden shares. Which of the following could the administrator use? (Select two.)

In addition to any local shares created by a user, Windows automatically creates hidden administrative shares. This includes the root folder of any local drives (C$). It also includes the system folder (ADMIN$). Administrative shares can only be accessed by members of the local Administrators group. C:\Windows$ is not automatically created. If the administrator wanted to connect, they could first connect to C$ and then navigate to the Windows folder. C:\Users$ is also not automatically created but could also be accessed by first accessing the hidden C$ share.

The D:\ drive in your computer has been formatted with NTFS. The Sales group on your computer has been granted Allow Full Control for the D:\Sales folder. The Rachel user account is a member of the Sales group.

Which of the following will BEST prevent Rachel from accessing the D:\Sales\2010sales.doc file without affecting her ability to access any other files in that folder and without affecting the abilities of any other users?

Edit the file properties and assign Rachel the Deny Full Control permission

To prevent Rachel from accessing the singular file, you should assign the user account the Deny Full Control permission for the file. Deny permissions override Allow permissions.

Removing Rachel from the group or denying permissions to the folder would prevent her from accessing all files in the folder. Denying permissions for the group would affect all group members, not just the one user.

Evan, an employee in the human resources department, has created several important PDF documents on his computer that all office managers in his building must read. He would like to make locating these files simple and maintain them as little as possible. It is important that no other users are permitted to view these documents.

As the IT technician for your company, Evan has asked you to make this possible.

Which of the following would MOST likely fulfill Evan's request?

By creating a network share for Evan's folder that contains her documents, you can grant the managers the ability to see and read these documents. All other employees will not have access if the rights are granted appropriately. If a manager forgets the path, they will still be able to easily find the folder by looking for shared folders on her computer.

A hidden share is a form of network share that cannot be viewed by others when they are searching for the shared location. These shares are created by adding a dollar sign ($) to the end of the share when it is created. Although this could work for Evan's files, it would require that Evan give the path to each manager. Since Evan wanted to make this process as simple as possible, using a network share would be easier.

A user has a problem accessing several shared folders on the network. After determining that the issue is not from his computer's IP configuration, you suspect that the shared folders are not currently connected.

Which of the following commands will MOST likely confirm your suspicions?

Use the net use command to list the currently connected shared folders and drive letters.

Susan has left the company and has been replaced by Manuel. You create a user account for Manuel on Susan's computer. Manuel calls you and says that he can't open a specific file on the computer.

Which of the following will MOST likely correct the problem?

Edit the Local Security Policy and modify user rights.

Correct: Make Manuel the file owner.

Delete Susan's user account from the system.

Make Manuel's user account a member of the Power Users group.

You manage two folders on your computer as follows:

C:\Confidential

D:\PublicReports

Both the C:\ and D:\ drives are formatted with the NTFS file system. In the C:\Confidential folder, you edit the properties for the following two files and assign the Deny Read permission to the Users group:

Reports.doc

Costs.doc

The D:\ drive grants the Full Control permission to the Users group. There are no other permissions assigned except for the default permissions. You then take the following actions. You:

Move Reports.doc from C:\Confidential to D:\PublicReports.

Copy Costs.doc from C:\Confidential to D:\PublicReports.

Which of the following BEST describes the permission the members of the Users group will have for the two files in the D:\PublicReports folder?

Users will have Allow Full Control for both files. Moving or copying files to a different NTFS partition removes any existing NTFS permissions so that only inherited permissions apply.

You have a folder that you would like members of your development team to access. You want to restrict network and local access to only specific users. All other users must not be able to view or modify the files in the folder.

Which of the following would be the BEST actions for you to take next? (Select two.)

Place the files on an NTFS partition.

Configure both share and NTFS permissions.