Studied by 8 people
Looks like no one added any tags here yet for you.
When configuring a GPO linked to a domain, which policy configuration setting would you use to control the following?
Password settings
Account lockout settings
Kerberos settings
Account Policies
There are Registry-based settings that can be configured within a GPO to control the computer and the overall user experience, such as:
Use of Windows features such as BitLocker, offline files, and Parental Controls
Customize the Start menu, taskbar, or desktop environment
Control notifications
Restrict access to Control Panel features
Configure Internet Explorer features and options
What are these settings known as?
Administrative Templates
Drag each GPO category on the left to the associated policy on the right.
Software that should be installed on a specific computer
Computer Configuration policies
Internet Explorer user settings
User Configuration policies
Scripts that should run at logon or logoff
User Configuration policies
Network communication security settings
Computer Configuration policies
Password restrictions that must be met for all user accounts
Computer Configuration policies
Software that should be installed for a specific user
User Configuration policies
Scripts that should run at startup or shutdown
Computer Configuration policies
You manage a large number of workstations that belong to a Windows domain. You want to prevent anyone that might try to gain access to a computer from guessing login information by trying multiple passwords.
Which GPO contains a policy you can enable to guard all computers in the domain against this security breach?
Default Domain Policy
You have several computers running Windows 11. The computers are members of a domain.
For all computers, you want to remove access to administrative tools from the Start menu and hide notifications from the System Tray.
What should you do?
Use Group Policy
You are managing a workstation that is not part of a Windows domain. Users on this computer should not be permitted to download applications from the Windows Store.
Which administration tool can you use to enable a policy that turns off the Store application for all users on this computer?
Local Group Policy Editor
A user has complained about being unable to remove a program that is no longer needed on a computer. The Programs and Features page is not available in Control Panel.
You suspect that a policy is enabled that hides this page from the user. But after opening the Local Group Policy Editor, you see that the Hide Programs and Features page is set to Not configured. You know that other users in this domain can access the Programs and Features page.
To determine whether the policy is enabled, where should you look next?
GPOs linked to organizational units that contain this user's object.
The Hide Programs and Features page setting is configured for a specific user as follows:
Policy | Setting |
Local Group Policy | Enabled |
Default Domain Policy GPO | Not configured |
GPO linked to the user's organizational unit | Disabled |
After logging in, the user is able to see the Programs and Features page. Why does this happen?
The GPO linked to the user's organizational unit is applied last so this setting takes precedence.
Which of the following includes the Policy Analyzer?
Security Compliance Toolkit (SCT)
Drag each Group Policy setting on the left to the description of how the setting is enforced on the right.
Causes the policy to be enforced.
Enabled
Does not change the current setting for the policy.
Not configured
Prevents the policy from being enforced.
Disabled
Which of the following is a valid Azure AD password?
My Password
Which of the following is a password restriction that applies to Azure AD?
There is a global banned password list.
Which setting would you set to 0 to allow all users to reset their password immediately?
Minimum password age
How many old passwords can Windows remember?
24
Which of the following is the option provided by Azure AD for users that forget their password or get locked out of their account?
SSPR
How many characters can be entered before the "@" symbol, and how many characters can be entered after the "@" symbol in a UPN?
64 before and 48 after the "@" symbol
Which of the following character types are allowed in a UPN? (Select two.)
!
#
When a user creates a new password, the strength of the password goes through a series of evaluation steps, then is compared to the banned password lists. The second step in the evaluation checks the password to determine if it should be banned.
Which of the following checks the password to see if it matches any passwords on the global or custom lists?
Fuzzy matching
Your company recently implemented the Banned Passwords List for the domain. You want to ensure that all active passwords are checked against the lists. Which of the following would be the BEST way to accomplish this?
Require all users to change their passwords.
Which group is the Allow log on locally right assigned to by default for workstations and member servers?
Administrators
Which of the following can be configured using permissions?
Deny access to files
Click on the user right policy that is used to grant a user local access to the desktop of a Windows server.
Allow log on locally
You are managing rights on a standalone server. You want to make changes to the settings of the Restore files and directories policy.
Which of the following is the tool you must use to make changes to this policy?
Local Group Policy Editor
Permissions give you the ability to do which of the following?
Access a printer
Which of the following requires rights to perform the action?
Allow members of the IT group to back up the files in the Sales folder on the SalesData server.
Select the policy node you would choose to configure who is allowed to manage the auditing and security logs.
User Rights Assignment
You have several servers running Windows Server 2022 and a corporate domain controller. Which of the following is part of a strategy to manage user credential exposure using non-configurable protections?
Protected Users security group
Which of the following can be added to the Protected Users group?
User accounts
Which of the following are deployment requirements for using protected accounts? (Select two.)
Domain functional level of Windows 2012 R2 or later
Windows 8.1 or Windows Server 2012 R2 or later
You are the network administrator for your company. Rodney, a user in the research department, shares a computer with two other users. One day, Rodney notices that some of his documents have been deleted from the computer's local hard drive. You restore the documents from a recent backup. Rodney now wants you to configure the computer, so he can track all users who delete his documents in the future.
You enable auditing of successful object access events in the computer's local security policy. Rodney then logs on and creates a sample document. To test auditing, you then log on and delete the document. However, when you examine the computer's security log, no auditing events are listed.
How can you make sure an event is listed in the security log whenever one of Rodney's documents is deleted?
Edit the advanced security properties of the folder containing Rodney's documents. Configure an auditing entry for the Everyone group. Configure the entry to audit the success of the Delete permission.
You are the security administrator for your organization. Your multiple-domain Active Directory forest uses Windows servers for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. Computer accounts for workstations are located in the Workstations OU.
You are creating a security template that you plan to import into a GPO.
What should you do to log whenever a user is unable to log on to any computer using a domain user account? (Select two. Each choice is a required part of the solution.)
Enable the logging of failed account logon events.
Link the GPO to the Domain Controllers OU.
You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information.
You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its security database.
How can you create a policy that meets these requirements?
Select Audit Failure for the enabled audit policy.
You are an administrator for a company that uses Windows servers. In addition to Active Directory, you provide file and print services, DHCP, DNS, and email services. There is a single domain and a single site. There are two member servers, one that handles file and print services only and one database server. You are considering adding additional servers as business increases.
Your company produces mass mailings for its customers. The mailing list and contact information provided to your company by its clients are strictly confidential. Because of the private information sometimes contained in the data (one of your clients is a hospital) and because of the importance of the data to your operation, the data can also be considered a trade secret.
You want to ensure the data stored on your member servers is only accessed by authorized personnel for business purposes. You've set file permissions to restrict access, but you want to track the authorized users.
How should you configure your security policy to track access to the data files?
Configure Object Access auditing in a GPO and link it to the domain.
You are consulting with the owner of a small network with a Windows server functioning as a workgroup server. There are six Windows desktop computers. There is no internet connectivity.
The server contains possibly sensitive information, so the owner wants to ensure that no unauthorized access occurs. You suggest that auditing be configured so that access to sensitive files can be tracked.
What can you do to ensure that the files generate audit results? (Select three. Each correct answer is part of the required solution.)
Make sure the correct users and groups are listed in the auditing properties of the files.
Make sure the files to be audited are on NTFS partitions.
Make sure the Object Access auditing policy is configured for success and failure.
You suspect that sensitive information has been leaked. Which audit logs could you review to track who opened a file containing the sensitive data?
Object Access
You manage a single domain named widgets.com.
This morning, you noticed that a trust relationship you established with another forest has changed. You reconfigured the trust, but you want to be able to identify if this change happens again in the future. You want to configure auditing to track this event.
Which auditing category should you enable?
Policy Change events
You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shut down.
You would like to use auditing to track who performs these actions.
What should you do only to monitor the necessary events and no others? (Select two. Each choice is a required part of the solution.)
Audit successful system events.
Create a GPO to configure auditing. Link the GPO to the domain.
Privilege use tracks which of the following? (Select two.)
When an administrator takes ownership of an object.
When a user exercises a user right.
You have been asked to troubleshoot a Windows workstation that is a member of your domain.
The director who uses the machine said he can install anything he wants and change system settings on demand. He has asked you to figure out why User Account Control (UAC) is not being activated when he performs a sensitive operation.
You verify that the director's user account is a standard user and not a member of the local Administrators group. You want the UAC prompt to show.
What should you do?
Enable the Run all administrators in Admin Approval Mode setting in the Group Policy.
You manage 20 Windows workstations in your domain network.
You want to prevent the sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change.
What should you do?
Configure the User Account Control: Behavior of the elevation prompt for standard users setting in Group Policy to prompt for credentials.
Under which security option category would you enable a prompt for users to change their password before it expires?
Interactive logon
You have a computer running Windows.
Prior to installing some software, you turn off User Account Control (UAC), reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions.
You want the protection of UAC, but it is not working at all.
What should you do?
Reboot the machine.
You manage several Windows workstations in your domain. You want to configure a GPO that will make them prompt for additional credentials whenever a sensitive action is taken.
What should you do?
Configure User Account Control (UAC) settings.
If a standard user tries to perform an administrative task, they will be prompted to enter administrative credentials. Which security option is responsible for this prompting?
User Account Control
Which UAC level is recommended as the most secure configuration option because it will always provide a standard user the option to log in as an administrator?
Always notify
Group Policies can be used to set the same notification levels at the domain level that can be set for local machines using the User Account Control (UAC) tool. You need to configure the Notify me only when programs try to make changes to my computer notification level using Group Policy.
Which of the following Group Policies must be set to complete this configuration?
The Behavior of the elevation prompt for administrators in Admin Approval Mode policy setting is set to Prompt for consent for non-Windows binaries.
The User Account Control: Switch to the secure desktop when prompting for elevation policy setting is enabled.
Which of the following UAC levels prompts the user only when a program tries to change the computer or a program not included with Windows attempts to modify Windows settings?
Notify me only when apps try to make changes to my computer (do not dim my desktop)
User Account Control (UAC) is a tool that generates an alert when a task or operation needs administrative privileges. You use the UAC settings in Control Panel to configure the sensitivity of UAC.
Drag the UAC notification level on the left to the appropriate description of what it does on the right.
The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is not displayed.
Notify me only when apps try to make changes to my computer (do not dim the desktop)
A UAC prompt and the secure desktop are displayed for 150 seconds. The user cannot perform any other actions until they respond to the prompt.
Always notify
The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is displayed for 150 seconds.
Notify me only when apps try to make changes to my computer
If logged on as a standard user, all actions requiring privilege elevation are automatically denied.
Never notify
You have just deployed a new Windows Server 2022 domain controller and want to configure it to apply application allowlisting. Which of the following should be enabled?
Device Guard
You are the administrator of several branch offices. The locations are not large enough to provide adequate physical security for a local domain controller. You plan to deploy Read-only domain controllers (RODCs).
Which of the following would facilitate faster logins for the branch staff?
Enable credential caching.
When hardening a domain controller, it is important to configure network communications to help protect the domain controller from an outside attack.
Which of the following actions should be taken?
Prevent domain controllers from directly communicating with hosts on the internet.
As part of a new installation, you are deploying a domain controller. To prevent malicious actors from trying to gain access to the domain controller, you want to take all the necessary steps to harden the domain controller.
Which of the following installation options for Windows Server 2022 should be used?
Server Core
Due to a recent acquisition, your company now has several small branch offices. The physical security for the local server is minimal, and you need to provide Active Directory Domain Services for the branch users.
Which of the following should you deploy at the branch office?
Read-only domain controller (RODC)
When configuring access to your domain controllers, you want to provide a more secure method that limits which accounts or groups can have access. You also want to limit the time an account or group can access the domain controller using Kerberos Ticket Granting Ticket (TGT). Move the correct actions from the left to the right, and then place them in the order.
Create an authentication policy.
Create an authentication policy silo.
Assign the authentication policy silo to the user, computer, or managed service accounts.
Which of the following would you link to an authentication policy silo to only allow specific accounts access to particular sensitive servers?
silo claim
Authentication policy silos provide a way to define high-privilege credentials between the user, computer, and managed service accounts. Which of the following is true about authentication policy silos?
Each account can only belong to one silo.
Kerberos single sign-on authentication is made up of several components. Match the component on the left with the definition on the right. (Each item may be used once, more than once, or not at all.)
Provides or holds network resources
Service server (SS)
Grants tickets that are valid for specific resources on specific servers
Ticket-granting server (TGS)
A single entity that combines the authentication server and ticket-granting server
Empty
Accepts and processes authentication requests
Authentication server (AS)
Which of the following is a single sign-on authentication and authorization service based on a time-sensitive, ticket-granting system that is used in conjunction with authentication policies?
Kerberos
An anti-malware program uses a heuristic-based analysis to detect which of the following? (Select two.)
Zero-day attacks
Second-generation malware
The very best security measures can be rendered useless by a simple misconfiguration error. Missing a setting or forgetting to check a box can create a vulnerability. To prevent this type of error, ensure that the server implementation is well thought out. Plan your configuration, accounts, permissions, restrictions, and policies. Test your configurations both before and after implementation.
Which of the following should be considered to avoid misconfigurations that can create vulnerabilities?
Implement secure administrative hosts.
Microsoft releases patches for their operating systems and other software products on the second Tuesday of every month - "Patch Tuesday."
Which of the following is a patch management best practice?
Test the results of the update by applying it first in a test environment before applying it to servers on the network.
To ensure the overall security of a system when applications are installed and configured to use an Active Directory account, what principle should be applied?
Least privilege
Custom applications and databases can be susceptible to certain web attacks and should be configured to prevent attacks such as SQL injection. Which of the following is a type of SQL injection where malicious code is saved onto an otherwise benign site?
Cross-site Scripting (XSS)
Microsoft Defender for Identity uses an AD DS account with read permission to all AD DS objects.
Which of the following would be included?
Deleted Objects container
Defender for Identity highlights malicious behavior when an attacker gains control over a domain, such as executing remote code on the domain controller, using techniques such as DC Shadow, replicating the domain controller with malicious intent, data exfiltration, and suspicious group modifications.
Domain Dominance
Defender for Identity uses Lateral Movement Paths to help provide a visual on how an attacker could move within your organization and target valuable accounts.
Lateral Movement
Microsoft Defender for Identity is a tool that keeps a watchful eye on all the activity and data within your network. It can track user permissions and group membership to create a baseline for each user. By using adaptive technology, it is able to identify unusual activity, providing you with insights into potential security threats such as advanced attacks, user compromise, and insider threats.
Reconnaissance
Defender for Identity helps to minimize your company's vulnerability to attacks through the use of security reports and analysis of user profiles. This results in a smaller attack surface and makes it more difficult for attackers to access user information and carry out successful attacks.
Compromised Credential
When deploying Defender for Identity, a special AD DS account should be used so Defender for Identity can perform various functions, such as querying a domain controller for information on various events that have been discovered.
Which of the following should be created?
Group Managed Service Account (gMSA)
Microsoft Defender for Identity is a cloud-based security solution that protects identities and data within an organization by identifying, detecting, and investigating advanced threats by utilizing on-premise Active Directory sensors.
Defender for Identity is designed to detect potential threats across the entire cyber-attack kill chain.
Given the following description:
By using adaptive technology, it can identify unusual activity, providing insights into potential security threats such as advanced attacks, user compromise, and insider threats.
Which of the following threats matches the description?
Reconnaissance
What Microsoft cloud-based security solution includes Azure Active Directory, Windows Defender Advanced Threat Protection (ATP), and Microsoft Cloud App Security?
Microsoft Defender for Identity
Which of the following SIEM components is responsible for gathering all event logs from the configured devices and securely sending them to the SIEM system?
Collectors
Microsoft Sentinel is an enterprise cloud solution that utilizes SIEM and SOAR systems with Azure services and on-premise environments. Which of the following Sentinel features can integrate non-Microsoft solutions such as Syslog and Common Event Format (CEF) and third-party services such as Amazon Web Services and Google Workspaces?
Sentinel data connectors
Microsoft Sentinel is a cloud-based solution that provides which of the following? (Select two.)
Security orchestration, automation, and response (SOAR)
Security information and event management (SIEM)
Sentinel components include data connectors, log retention, workbooks, automation playbooks, analytic alerts, incident response, and threat investigation with artificial intelligence.
Which of the following describes Azure workbooks?
Helps you get an overall visualization of your data.
What must be done before Sentinel can begin to provide security analytics and threat intelligence and response throughout an enterprise?
Must be successfully added to a workspace.
You are the administrator for 122 Azure Windows virtual machines and 14 Azure Arc-enabled Windows servers. To ensure your server resources are secure, Microsoft Defender for Cloud uses the Azure Monitor Agent (AMA) to send information about the servers to Defender for Cloud.
Which of the following can be enabled to deploy the agent to your servers without disruption?
Defender for Server
Many attacks attempt to modify system files, critical data files, registry settings, and application software.
Which of the following is a Defender for Cloud feature that addresses these types of attacks?
File Integrity Monitoring (FIM)
Microsoft Defender for Cloud has features that help reduce the attack surface.
As the administrator for multiple locations, you occasionally need to access a virtual machine remotely.
Which of the following can you use to provide access to management ports without leaving these ports open all the time?
Use just-in-time (JIT) VM access.
As the administrator for 43 Azure virtual machines running Windows Server, you have onboarded all systems to Microsoft Defender for Cloud.
Microsoft Defender for Cloud utilizes a feature called workflow automation to provide alerts and recommendations.
During the process of adding a workflow automation in Azure, what can you configure that allows the grouping of workflows as logical units so they can be easily managed?
Logic App
Microsoft Defender for Cloud continually assesses resources for security issues and provides a secure score.
The secure score is part of the Security posture. To improve the secure score, Defender for Cloud makes recommendations on how to resolve security issues.
When viewing a recommendation, which of the following are provided as part of the recommendation? (Select four.)
Affected resources
Remediation steps
Description
Related recommendations
Which of the following BEST describes the role of an access control list within a Windows firewall?
Permits or denies network traffic through a firewall.
You use a Windows desktop system. You need to configure Windows Firewall to allow traffic for a newly installed application that dynamically opens multiple ports as-needed.
What should you do?
Add an exception for the application.
When should you disable the Windows firewall?
Only if the computer is protected by a different firewall program.
Which of the following predefined exceptions in Windows Firewall allow users to view and control remote desktops?
Remote Assistance
Which statements are true regarding firewalls? (Select two.)
Host-based firewalls are implemented using software and reside on the individual hosts within the network.
Network firewalls are typically implemented using hardware and positioned at the network's perimeter.
You have installed a new Windows system and have not changed the default configuration of the Windows Firewall.
How will the Windows Firewall handle inbound responses to requests sent from the local system?
All such traffic is allowed by default.
You have installed a new Windows 11 system and have not changed the default configuration of the Windows Firewall.
How will the Windows Firewall handle inbound traffic initiated from an external server that a hacker is using to spread a worm?
All such traffic is blocked by default.
Windows provides several interfaces that can be used to configure the Windows Defender Firewall.
Drag the Windows Firewall interface on the left to its appropriate description on the right. (Each tool may be used once, more than once, or not at all.)
Allows you to create rules based on ports.
Windows Defender Firewall with Advanced Security
Lets you add, change, or remove ports that are allowed through the firewall.
Allowed apps
Allows you to turn a firewall on or off for a specific profile or network.
Firewall & Network Protection
Allows you to create rules based on authentication.
Windows Defender Firewall with Advanced Security
The main interface and starting point for the other two interfaces.
Firewall & Network Protection
You have a Windows system with wired and wireless network connections. The wired connection is on the internal private network, but the wireless connection is used for public connections.
You need to allow help desk users to use Remote Assistance to help you while working on the wired network, but you want to block any such access from the wireless network.
How can you configure Windows Firewall to allow and deny access as described?
Enable the Remote Assistance exception only on the private profile.
You need to change how Windows provides notifications when the firewall blocks a new program.
Click the links that you would choose to make this change. (Select two.)
Change notification settings
Turn Windows Defender Firewall on or off
You have a system that has BitLocker enabled. You run the cmdlet Get-BitLockerVolume with the appropriate options to retrieve information on the MountPoint for the system volume (C) and the data volume (D).
You determine that the data volume (D) does not unlock automatically when the server restarts.
What command or cmdlet should you run to ensure the data volume (D) will unlock automatically when the server starts?
manage-bde -autounlock -enable D:
Manage-bde is a command line tool that can administer BitLocker settings. Which of the following can be done using Manage-bde? (Select two.)
Configure recovery methods.
Encrypt and decrypt drives.
Encrypting File System (EFS) was added to the NTFS file system with the release of Windows 2000. EFS is exclusive to the Windows Operating System. EFS encrypts individual files and folders. Which of the following does EFS use for symmetric encryption?
File Encryption Key (FEK)
In an enterprise environment, which of the following tools is used to manage keys, automate encryption, and check compliance for BitLocker?
Microsoft BitLocker Administration and Monitoring (MBAM)
You are the administrator of an Active Directory network. Due to recent security concerns, it is now required to use Bitlocker to encrypt all volumes. You have several hundred servers and need to manage the BitLocker recovery keys.
Which of the following is the BEST option to store the recovery keys?
Active Directory
To decrypt any encrypted data, the encryption key is needed. The encryption key method is combined with different algorithms to encrypt the data fully. Which of the following are common methods of using encryption keys? (Select two.)
Asymmetric
Symmetric
You had a system that experienced a graphics card failure. You installed the graphics card, and the system would no longer boot. After checking, you discovered the operating system volume was encrypted with BitLocker.
Which of the following can be used to recover the system and boot to the encrypted system volume?
Use the BitLocker recovery key.
Which of the following can be used to access BitLocker encrypted data from a hard disk drive that has been critically damaged?
Repair-bde
Which of the following allows a Windows Server with TPM enabled and a pre-boot network connection to automatically unlock a BitLocker-encrypted operating system volume without user intervention?
Network Unlock
BitLocker is used to encrypt an entire volume, not just individual files and folders. Which of the following does BitLocker utilize for encryption? (Select two.)
Advanced Encryption Standard (AES)
Trusted Platform Module (TPM)
Once Azure Key Vault has been set up and configured, you can utilize Azure Disk Encryption to activate BitLocker on IaaS VMs. Which of the following does the server need access to?
Azure storage endpoint
You have deployed client-side encryption for your on-premises Windows servers. Where are encryption keys stored in client-side encryption?
Locally
Note
Flashcard