17-A

Question 1

What are common security controls that should be installed and configured on each workstation?

Answer 1

• Antivirus
• Firewall
• Encryption
• Account policies

These controls help protect systems against unauthorized access and malware.

Question 2

What is a key requirement for effective user security?

Answer 2

Strong credential management

This includes implementing best practices for passwords and account policies.

Question 3

What is the minimum password length recommended for ordinary user accounts?

Answer 3

12+ characters

Longer passwords are recommended for administrative accounts.

Question 4

What types of information should not be used in passwords?

Answer 4

• Significant dates
• Family names
• Usernames
• Job titles
• Company names
• Pet names
• Quotations
• Song lyrics

Any personal information that a threat actor could guess or discover should be avoided.

Question 5

True or False: Password complexity requirements are always recommended for security.

Answer 5

False

Some standards bodies have deprecated complexity requirements due to their potential to encourage poor password practices.

Question 6

What is the purpose of a system user password configured in BIOS or UEFI?

Answer 6

Required before any operating system can boot

This password adds an extra layer of security for standalone computers.

Question 7

What is a lunchtime attack?

Answer 7

Accessing a computer that has been left unlocked

Users should always log off or lock their computers when not in use.

Question 8

What should users do to protect critical hardware like laptops?

Answer 8

• Use cable locks
• Keep devices in sight in public

Physical theft is a significant risk for portable computers.

Question 9

What principle should account management policies follow?

Answer 9

Least privilege

This means assigning the minimum necessary rights and privileges to users.

Question 10

What is the role of file permissions in an operating system?

Answer 10

Control whether a user can read or modify a data file or folder

Configuring file permissions is the responsibility of the data owner or administrator.

Question 11

What should be done with the default administrator account after OS installation?

Answer 11

Change the default password

The new password should be kept secure and known by one person only.

Question 12

What is the purpose of disabling the guest account?

Answer 12

To prevent unauthenticated access to the computer

The Guest account is disabled by default in current versions of Windows.

Question 13

What tools can be used to configure account policies on a standalone workstation?

Answer 13

• Local Security Policy snap-in (secpol.msc)
• Group Policy Editor snap-in (gpedit.msc)

These tools are not available in the Home edition of Windows.

Question 14

What does the failed attempts lockout policy do?

Answer 14

Disables an account after a maximum number of incorrect sign-in attempts

This mitigates the risk of unauthorized access through brute force attacks.

Question 15

What is execution control in the context of workstation security?

Answer 15

Logical security technologies designed to prevent malicious software from running

Execution control does not solely rely on user behavior.

Question 16

What is the role of digital certificates in application security?

Answer 16

To perform code signing and prove authenticity and integrity of an installer package

This helps prevent the installation of unapproved software.

Question 17

What is the purpose of Windows Defender Antivirus?

Answer 17

Detect malware and prevent it from executing

It uses a database of known virus patterns and heuristic identification techniques.

Question 18

What types of updates are necessary for antivirus software?

Answer 18

• Definition/pattern updates
• Scan engine/component updates

Regular updates are critical for maintaining effective malware protection.

Question 19

What happens to Windows Defender Antivirus when a third-party antivirus product is installed?

Answer 19

It is replaced by the third-party product

The third-party software can also be disabled via group policy.

Question 20

What is the function of Windows Defender Firewall?

Answer 20

Filters inbound and outbound network traffic

It helps protect against unauthorized network access.

Question 21

What does the Advanced Firewall allow you to configure?

Answer 21

• Custom inbound and outbound filtering rules
• Default policies for traffic
• Block or allow actions for specific ports, applications, and addresses

This level of control enhances network security.

Question 22

What is the difference between Block and Allow policies in Windows Defender Firewall?

Answer 22

• Block: Stops traffic unless a specific rule allows it
• Allow: Accepts all traffic unless a specific rule blocks it

These policies help manage network access effectively.

Question 23

What is the purpose of Windows Defender Firewall?

Answer 23

To control inbound and outbound traffic based on specified rules.

The firewall can be turned on or off, and users can switch the default policy for traffic between Block and Allow.

Question 24

What does the Block policy in Windows Defender Firewall do?

Answer 24

Stops traffic unless a specific rule allows it.

This is the opposite of the Allow policy, which accepts all traffic unless a specific rule blocks it.

Question 25

What is the Encrypting File System (EFS)?

Answer 25

A feature of NTFS that supports file and folder encryption. ## Footnote EFS is not available in the Home edition of Windows.

Question 26

How can data-at-rest be protected?

Answer 26

By applying encryption to individual files or folders. ## Footnote Data-at-rest refers to information stored on persistent storage devices.

Question 27

What happens when a file is encrypted using EFS?

Answer 27

The file cannot be opened by other users, even administrators. ## Footnote Users receive an 'Access Denied' error when trying to access encrypted files they do not own.

Question 28

What is the risk associated with losing a user's encryption key?

Answer 28

Data loss if the key is lost or damaged. ## Footnote This can occur due to profile damage, password resets, or Windows reinstallation.

Question 29

What is Windows BitLocker?

Answer 29

A full disk encryption product available in all editions of Windows except the Home edition. ## Footnote BitLocker encrypts the entire drive, including swap files and temporary files.

Question 30

What is a Trusted Platform Module (TPM)?

Answer 30

A chip that can securely store encryption keys and ensure the integrity of the OS. ## Footnote TPM ties the use of a fixed disk to a specific motherboard.

Question 31

What should be done with the recovery key generated during BitLocker setup?

Answer 31

Store it on removable media or write it down and keep it securely. ## Footnote This key is essential for recovering an encrypted drive if the startup key is lost.

Question 32

True or False: An organization should rely on automatic screen savers to prevent lunchtime attacks.

Answer 32

False. ## Footnote Organizations should implement multiple layers of security rather than relying solely on screen savers.

Question 33

What type of account management policy can protect against password-guessing attacks?

Answer 33

Implementing account lockout policies. ## Footnote This policy limits the number of failed login attempts before an account is locked.

Question 34

What checks should monitoring of antivirus software perform?

Answer 34

Check for updates, scan logs, and detection reports. ## Footnote Regular monitoring helps ensure that antivirus software is functioning effectively.

Question 35

Fill in the blank: To protect workstation security, you should enable _______.

Answer 35

Windows Update, Windows Defender Antivirus, and Windows Defender Firewall. ## Footnote These features are essential for maintaining security against threats.

Question 36

What are best practices for password management?

Answer 36

Use strong, unique passwords and change them regularly. ## Footnote Implementing password policies can help mitigate unauthorized access risks.

Question 37

What should be done to the default administrator's user account?

Answer 37

Change the default administrator’s user account/password. ## Footnote This reduces the risk of unauthorized access to administrative functions.

Question 38

What is the purpose of disabling AutoRun/AutoPlay?

Answer 38

To prevent unauthorized execution of programs from external media. ## Footnote This is a key security measure to avoid malware infections.