Lesson 9: Manage Security and Privacy

Question 1

What are the different types of passwords you can use to secure a Mac?

Answer 1

The different types of passwords you can use to secure a Mac are listed below:

• Local user account password: Used to log in to your Mac
• Apple ID and password: For iCloud, iTunes Store, and the App Store
• Keychain passwords: To protect authentication assets in encrypted keychain files
• Resource passwords: Such as for email, websites, file servers, apps, and encrypted disk images
• Firmware password: Prevents your Intel-based Mac from starting up from any disk other than your designated startup disk

Question 2

What types of items can you store in a keychain?

Answer 2

Keychains securely store your resource passwords, certificates, keys, website forms, Safari AutoFill information, and secure text notes.

Question 3

How does Keychain Access help protect your information?

Answer 3

Keychain Access manages encrypted files that are used to securely save your items.

These files are impenetrable unless you know the keychain password.

If you forget the keychain password, you lose the file contents forever.

Question 4

Where are keychain files stored?

Answer 4

Keychain files are stored throughout macOS for different users and resources:

• A user’s login keychain is stored in: /Users/{username}/Library/Keychain/login.keychain-db
• Other local keychains are stored in: /Users/{username}/Library/Keychains/others.keychain
• A user’s Local Items or iCloud keychain (depending on if iCloud keychain is turned on) is stored in: /Users/{username}/Library/Keychains/UUID/
• A system keychain with authentication assets that aren’t user specific is stored in /Library/Keychains/System.keychain. Examples include Wi-Fi wireless network passwords, 802.1X network passwords, self-signed certificates, and intermediate and root certificate authorities (CAs) that you installed
• Most of the items in /System/Library/Keychains/ don’t appear by default, with the exception of System Roots, which contains root certificates that Apple provides as part of macOS that are used to identify trusted network services.
• macOS contains other keychains, but you should leave these files alone unless you’re told by a trusted source to resolve an issue.

Question 5

What app should you use to manage keychain settings?

Answer 5

You should use Keychain Access to view and modify most keychain items.

Question 6

How does two-factor authentication provide added security to your Apple ID?

Answer 6

With two-factor authentication, your Apple ID account can be accessed only after you approve a sign-in with a device you trust, such as your iPhone, iPad, or Mac.

Question 7

Which macOS system-wide and personal settings can you manage in Security & Privacy preferences?

Answer 7

macOS system-wide and personal settings that you can manage in Security & Privacy preferences are listed below:

• General settings: Provides the option to require a password to wake a Mac from sleep or screen saver mode and to define a delay before this requirement sets in. Also allows you to configure a custom message to show at the login window or when the screen is locked.
• Advanced settings: Provides the option to require users to automatically log out of accounts after a certain amount of inactivity and to require an administrator password to access system-wide preferences.
• FileVault settings: Provides the option to enable and configure FileVault.
• Firewall settings: Provides the option to enable and configure personal network firewall settings.

Question 8

Which feature can you enable to find a lost Mac?

Answer 8

Find My helps you find a lost Mac by allowing you to remotely access the Mac computer’s Location Services service.

Question 9

How can you limit the use of Location Services?

Answer 9

You can use the Privacypane of Security & Privacy preferences to configure app access to Location Services, Contacts, Calendars, Reminders, and social network services.

When a new app requests information that’s considered personal, macOS asks you for permission.

Question 10

How can you ensure that audio recordings used for Dictation service remain private?

Answer 10

To ensure that your voice recordings remain private, you can manage your Enhanced Dictation settings manually. (The Enhanced Dictation option is enabled by default.)

When you use Enhanced Dictation, your Mac immediately converts what you say into text without sending your dictated speech to Apple.

If you turn Enhanced Dictation off or use Siri, what you say and dictate will be recorded and sent to Apple to be converted to text.

(Apple also tracks other information such as your name, nickname, location, and much of the user data sent from your device.)

Question 11

What are the three conditions that must be met before a standard user account can install a legacy system extension on a Mac with Apple silicon?

Answer 11

Before a standard user account can install a legacy system extension on a Mac with Apple silicon:

1. The Security Policy for that macOS must be configured with Reduced Security
2. The “Allow user management of kernel extensions from identified developers” checkbox must be selected
3. The legacy system extension must be notarized

See: Kernel extensions in macOS

Question 12

If your Mac is lost or stolen and you previously setup Find My, how can you remotely lock your Mac?

Answer 12

If you set up Find My Mac before your Mac went missing, you can use Find My to help locate and protect it.

1. Open Find My.
   
   • In the Find My app on another Apple device, select the Devices tab.
   • On the web, sign in to iCloud.com/find, then click All Devices.
2. Select your Mac to view its location on a map.
3. If your Mac is nearby, you can have it play a sound to help you or someone nearby find it.
4. Remotely lock your Mac with a passcode to help prevent unauthorized access. Tap Activate under Mark As Lost in the Find My app, or select Lock on iCloud.com. You can display a custom message with your phone number on your missing device’s Lock screen in case someone finds your Mac. (You can still track your device’s location while it’s locked as long as it’s connected to the internet. If it’s offline, the actions take effect the next time your Mac is online.)
5. If you don’t think you can recover your missing Mac, you can erase it remotely. This deletes all of your data from your Mac and prevents anyone else from accessing that information. When you erase your Mac, all of your information is deleted from the device, and you won’t be able to find it using Find My.

To continue with the remote lock, you must provide a six-digit passcode (also referred to as a PIN), then verify the passcode. This PIN applies only to an Intel-based Mac computer; it’s ignored for a Mac with Apple silicon.