Lesson 9: Manage Security and Privacy Flashcards
• Describe password types and use. • Manage secrets in Keychain. • Manage Secure Setup Utility. • Enable and manage iCloud Keychain. • Obtain User Approved MDM enrollment. • Manage system-wide security and user privacy. • Approve Kernel Extension Loading.
What are the different types of passwords you use to secure a Mac?
The different types of passwords you use to secure a Mac include:
- Local user account password: Used to log in to your Mac.
- Apple ID and password: For iCloud, iTunes, and the App Store.
- Keychain passwords: To protect authentication assets in encrypted keychain files.
- Resource passwords: Such as email, websites, file servers, apps, and encrypted disk images.
- Firmware password: Prevents your Mac from starting up from any disk other than your designated startup disk.
What types of items can you store in a keychain?
You use keychains to securely store:
- Resource passwords
- Certificates
- Keys
- Website forms
- Safari AutoFill information
- Secure text notes
How does Keychain Access help protect your information?
Keychain Access manages encrypted files that are used to securely save your items.
They are impenetrable unless you know the keychain password.
If you forget the keychain password, you lose the file contents forever.
Where are keychain files stored?
Keychain files are stored throughout macOS for different users and resources.
- Local login keychains are stored in
/Users/{username}/Library/Keychain/login.keychain-db - Other local keychains are stored in
/Users/{username}/Library/Keychains/others.keychain-db - iCloud keychains are stored in
/Users/{username}/Library/Keychains/{UUID}/ - System keychains are stored in
/Library/Keychains/System.keychain - System Root keychains for trusted networks do not appear by default, but they can be located here:
/System/Library/Keychains/ - Other keychains can be found throughout macOS
You should leave these files alone unless you’re instructed by a trusted source to resolve an issue.
What app should you use to manage keychain settings?
You should use Keychain Access to view and modify most keychain items.
How does two-factor authentication provide added security to your Apple ID?
With two-factor authentication, your Apple ID account can be accessed only on devices you trust, such as your iPhone, iPad, or Mac.
When and why would you use iCloud Security Code?
iCloud Security Code is a separate technology used to further protect your secrets in iCloud Keychain.
It is used when you enable iCloud Keychain with an Apple ID without two-factor authentication enabled.
When two-factor authentication is not enabled, macOS prompts you to either enter or create your iCloud Security Code so you can trust the device.
You can also use the iCloud Security Code to grant access to use your Apple ID on additional devices.
Which three macOS functions require management of security-sensitive settings and enrollment with User-approved MDM enrollment?
The following macOS functions require management of security-sensitive settings and enrollment with User Approved MDM enrollment:
- Kernel extension loading policy
- Autonomous single-app mode
- User consent for data access
In what three ways can you obtain User-approved MDM enrollment?
Three ways to obtain User-approved MDM enrollment include:
- Use Apple Business Manager or Apple School Manager to automatically enroll your Mac in an MDM solution. (Its enrollment is equivalent to User-approved.)
- Install macOS 10.13.4 or newer. If a Mac was enrolled in non-User-approved MDM before its update to macOS 10.13.4 or newer, it will be converted to a User-approved MDM enrollment.
- Follow the prompts in System Preferences to enroll in MDM. Download or email yourself an enrollment profile and double-click the enrollment profile.
Which macOS System-wide and personal settings can you manage in Security and Privacy?
macOS system-wide and personal settings that can be managed in Security and Privacy include:
- General Settings: Provides the option to choose to require a password to wake a Mac from sleep or screen saver mode and to define a delay before this requirement sets in. Also allows you to configure a custom message to show at the login window or when the screen is locked.
- Advanced Settings: Provides the option to choose to require users to automatically log out of accounts after a certain amount of inactivity and to require an administrator password to access system-wide preferences.
- FileVault Settings: Provides the option to enable and configure FileVault.
- Firewall Settings: Provides the option to enable and configure personal network firewall settings.
Which feature can you enable to find a lost Mac?
iCloud Find My Mac helps you find a lost Mac by allowing you to remotely access the Mac computer’s Location Services service.
How can you limit the use of Location Services?
You can use the Privacy pane of Security & Privacy preferences to configure app access to:
- Location Services
- Contacts
- Calendars
- Reminders
- Social network services
When a new app requests information that is considered personal, macOS asks you for permission.
How can you ensure that audio recordings used for Dictation service remain private?
To ensure that your voice recordings remain private, you can manage your Enhanced Dictation settings manually. The Enhanced Dictation option is enabled by default.
When you use Enhanced Dictation, your Mac immediately converts what you say into text without sending your dictated speech to Apple.
If you turn Enhanced Dictation off or use Siri, then things you say and dictate will be recorded and sent to Apple to be converted to text.
Along with this, Apple tracks other information such as your name, nickname, location and much of your user data sent from your device.
Which three categories do kernel extensions (KEXTs) typically belong to?
Kernel Extensions (KEXTs) typically belong to one of three categories:
- Low-level device drivers
- Network filters
- File system
