C08.Managing Identity and Authorization

Question 1

1. You are the administrator for a large training company. You have decided that everyone needs to configure the Password Must Meet Complexity Requirements policy. Users are not sure what they can use. You decide to send an email out showing people examples of what types of passwords they can use. Which of the following passwords meet the minimum complexity requirements? (Choose all that apply.)

A. aBcdEfG1!
B. Abc-de!
C. Kl982!@#$%^&*
D. 123456789nA

Answer 1

A. aBcdEfG1!
D. 123456789nA

1. A, D. The password aBcdEfG1! meets complexity requirements because it is at least six characters long and contains an uppercase letter, lowercase letters, and a symbol. The password 123456789nA meets complexity requirements because it is at least six characters long
   and contains an uppercase letter, a lowercase letter, and numbers. Complex passwords must be at least six characters long and contain three of the four types of characters—uppercase letters, lowercase letters, numbers, and symbols.

Question 2

2. You are setting up a machine for a home user who does not know much about computers. You do not want to make the user a local administrator, but you do want to give this user the right to change Windows Updates manually. How can you configure this?

A. Modify the LGPO for Windows Update to allow the user to make changes manually.
B. Explain to the user how to log on as the Administrator account.
C. Set Windows Update modifications to anyone.
D. This can’t be done. Only administrators can change Windows Update.

Answer 2

A. Modify the LGPO for Windows Update to allow the user to make changes manually.

2. A. You do not want this user to have any administrator rights. To allow this user to change Windows Update manually, you must set this in an LGPO.

Question 3

3. You are the administrator for a large organization with multiple Windows Server 2012 R2 domain controllers and multiple domains. You have a Windows 10 machine that is set up for all users to access. You have an application called StellApp.exe that everyone on this Windows 10 computer can use except for the Sales group. How do you stop the Sales group from accessing this one application?

A. Deny the Everyone group the rights to the application.
B. Create an executable rule from the Application Control Policy.
C. Create a security role from the Application Control Policy.
D. Give the Everyone group full control to the application.

Answer 3

B. Create an executable rule from the Application Control Policy.

3. B. Application Control Policy (AppLocker) allows you to configure a Denied list and an Accepted list for applications or users. Applications that are configured on the Denied list will not run on the system or cannot be run by specific groups, and applications on the Accepted list will operate properly.

Question 4

4. You have a Windows 10 machine that multiple users access. All users have the rights to use USB removable devices, but you need to deny one user access to USB removable devices. How do you accomplish this?

A. Deny the one user from using the machine.
B. Set a USB rule on Hardware Manager.
C. Deny all users from using USB devices.
D. Create a removable storage access policy through an LGPO.

Answer 4

D. Create a removable storage access policy through an LGPO.

4. D. LGPOs are policies that you can set on a local Windows 10 machine to limit hardware and user usage. You also have the ability to control individual users within the Local Group Policy.

Question 5

5. You are the system administrator for a large organization. You have a Windows 10 machine that all users can access. There is a folder on the Windows 10 machine called Apps. You need to set up auditing on this folder. How do you accomplish this task?

A. From the Local Group Policy, enable Directory Service Access.
B. From the Local Group Policy, enable Audit Object Access.
C. From the Local Group Policy, enable Account Access.
D. From the Local Group Policy, enable File And Folder Access.

Answer 5

B. From the Local Group Policy, enable Audit Object Access.

5. B. Audit Object Access enables auditing of access to files, folders, and printers.

Question 6

6. Your company, Stormwind, requires that you implement security and you have been asked to define and implement a security policy. You have configured password policies so that users must change their passwords every month. Users are not allowed to use any of their previous 24 passwords. Which password policy would you implement if you want to prevent users from reusing passwords?

A. Passwords Must Be Advanced
B. Enforce Password History
C. Passwords Must Be Unique
D. Passwords Must Meet Complexity Requirements

Answer 6

B. Enforce Password History

6. B. The Enforce Password History policy allows the system to keep track of a user’s password history for up to 24 passwords. This prevents a user from using the same password over and over again.

Question 7

7. You are the network administrator for a large organization. You have a Windows 10 machine that needs to prevent any user from copying unencrypted files from the Windows 10 machine to any removable disk. How do you accomplish this task?

A. Within the System icon in Control Panel, set the BitLocker Drive Encryption.
B. Within the Hardware icon in Control Panel, set the BitLocker Drive Encryption.
C. Within the Device Manager icon in Control Panel, set the BitLocker Drive Encryption.
D. Within a Local Group Policy, set the BitLocker Drive Encryption.

Answer 7

D. Within a Local Group Policy, set the BitLocker Drive Encryption.

7. D. Windows 10 comes with a new feature called BitLocker Drive Encryption. BitLocker encrypts the entire system drive. New files added to this drive are encrypted automatically. To configure BitLocker, you must either use a Local Group Policy or use the BitLocker icon in Control Panel.

Question 8

8. In which editions of Windows 10 can you enable UAC? (Choose all that apply.)

A. Windows 10 Home edition
B. Windows 10 Education edition
C. Windows 10 Professional edition
D. Windows 10 Enterprise edition

Answer 8

A. Windows 10 Home edition
B. Windows 10 Education edition
C. Windows 10 Professional edition
D. Windows 10 Enterprise edition

8. A, B, C, D. UAC is available in all Windows 10 editions.

Question 9

9. A salesperson in your company purchases a new laptop with Windows 10 installed. She asks you to configure it for her. You create a standard local user account for her. Which of the following tasks can she perform by default?

A. Change date and time settings
B. Change time-zone settings
C. Check Device Manager
D. Enable parental controls

Answer 9

B. Change time-zone settings

9. B. As a standard user, the salesperson can change time-zone settings. Changing the date and time settings, checking Device Manager, and enabling parental controls require administrative privileges. Any action that requires administrative privileges will be marked with a shield icon.

Question 10

10. Your network’s security has been breached. You are trying to redefine security so that a user cannot repeatedly attempt user logon with different passwords. To accomplish this, which of the following items in the Local Security Policy box should you define?

A. Password Policy
B. Account Lockout Policy
C. Audit Policy
D. Security Options

Answer 10

B. Account Lockout Policy

10. B. Account Lockout Policy, a subset of Account Policies, is used to specify options that prevent a user from attempting multiple failed logon attempts. If the Account Lockout Threshold value is exceeded, the account will be locked. The account can be reset based on a specified amount of time or through administrator intervention.