Security: manage and configure basic security settings in the Microsoft Windows OS

Question 1

What does Windows use for Anti-Virus?

Answer 1

Microsoft Defender Antivirus

Microsoft Defender Antivirus is a built-in anti-malware program in Windows. It was first made available as a free anti-spyware download for Windows XP, and later came pre-installed with Windows Vista and Windows 7. It has matured into a comprehensive antivirus program that is included with Windows 8 and later editions, replacing Microsoft Security Essentials.

Defender Antivirus was a graphical desktop software prior to Windows 10. Users may now administer Defender Antivirus directly through the Windows Security app or PowerShell, starting with Windows 10 and Windows Server 2016. Microsoft Defender Antivirus is part of the Microsoft Defender for Endpoints suite of products.

Question 2

Why would you disable Anti-Virus Software for?

Answer 2

When installing another antivirus software onto the PC

Interference with other applications

Optimizing your PC performance

Concerns over privacy

Question 3

How can you turn/off the Microsoft Defender Anti-Virus?

Answer 3

Settings> Privacy & Security > Windows Security> Virus and Threat Protection. > Manage settings

You can toggle “Real -time protection off” - Turning off real-time protection will disable the Microsoft Defender Antivirus. You can temporarily disable this feature, but it will automatically turn back on after a short time.

Question 4

How can you update definitions on Windows Defender?

Answer 4

In the Windows Security - Virus & threat protection window, scroll down to the Virus & threat protection updates section. > Click Check for updates.

Question 5

What are the scan option in Windows Defender Anti-Virus?

Answer 5

Quick scan - This is a fast scan that checks the folder in your system for common threats.

Full scan - It’s an in-depth scan that checks all files and running programs on your computer. It can sometimes take longer than an hour to perform, depending on the number of files that needs to be checked.

Custom scan - Allows the user to specify the files and folders to be scanned.

Microsoft Defender Offline scan - This will restart your device and help to remediate the system with up-to-date threat definitions. The estimated time will be about 15 minutes.

Question 6

What does windows use to filter traffic in and out of the network?

Answer 6

Windows Firewall is a host-based firewall that applies security on a computer by blocking unauthorized access to its services and decreasing its exposure to potentially destructive network probes when connected to the Internet or a local intranet.

Windows Firewall is managed using two applications. Namely, Windows Firewall (known as Windows Defender Security Center in Windows 10) and Windows Defender Firewall with Advanced Security. Windows Defender Firewall with Advanced Security includes features for creating rules for granular control of Inbound and Outbound traffic. It has Connection Security Rules for creating IPsec policies and network isolation. It has been available in versions of Windows dating back to Windows Vista.

Question 7

What does Windows Firewall support?

Answer 7

Internet Protocol security (IPsec) is supported by Windows Defender Firewall, allowing you to require authentication from any device attempting to communicate with your device. Devices that can’t be authenticated as trusted devices can’t communicate with your device when authentication is required. You can also use IPsec to encrypt particular network traffic to prevent it from being read by network packet analyzers that a malicious user could use to connect to the network.

Question 8

What are the advantages of using Windows Firewall?

Answer 8

Defend against network security attacks. The Windows Defender Firewall minimizes the device’s attack surface, adding another layer to the defense-in-depth approach. Reducing a device’s attack surface improves manageability and reduces the chances of a successful attack.

Protects sensitive information and intellectual property.

Increases the value of current investments. There is no need for additional hardware or software because Windows Defender Firewall is a host-based firewall that comes with the operating system.

Question 9

How can you Activate and Deactivate Windows Defender firewall?

Answer 9

Settings> Privacy & Security > Windows Security > Firewall & Network Protection>

Question 10

What Profiles can you set on rules for in Windows Defender Firewall?

Answer 10

Domain - The domain profile is used in networks where the host system may connect to a domain controller and authenticate.

Private - It’s a user-assigned profile. The private profile is used to designate private or home networks.

Pubic/Guest - This is the default profile and is used to identify public networks like Wi-Fi hotspots at coffee shops, airports, and other places.

Question 11

Why would you deactivate the firewall?

Answer 11

If you have another software firewall installed on your computer that you would like to use over the Windows Defender Firewall.

When you’re trying software installations, networking, and other things and can’t get them to work, deactivating the firewall can be used as a troubleshooting step because everything could be perfect except for a particular firewall rule.

You want to set up a honeypot. A honeypot is a controlled and safe environment for showing how attackers work and examining different types of threats. With a honeypot, security staff won’t be distracted by real traffic using the network - they’ll be able to focus 100% on the threat. Honeypots can also catch internal threats.

Question 12

How to create a rule Blocking a Port via Windows Firewall?

Answer 12

wf.msc> Windows Defender Firewall> Windows Firewall with Advanced Security >

You can set rules through:

Inbound Rules - Used to configure rules for traffic coming into the system

Outbound Rules - Used to configure rules for traffic leaving the system

Connection Security Rules - Used to configure extra layers of authentication and security

Monitoring - Shows each profile along with pertinent information to logging and monitoring

You can go to the Action pane (On the right) right click > New Rule > You can follow the prompts from Wizard to select radio button

Question 13

How to block a Program Through Windows Defender Firewall?

Answer 13

wf.msc> Windows Defender Firewall> Windows Firewall with Advanced Security >

You can set rules through: You can go to the Action pane (On the right) right click > New Rule > You can follow the prompts from Wizard to select rule type Programs

Question 14

How to Allow a Program through the Windows Defender Firewall?

Answer 14

firewall.cpl > (this will go through control panel) >

Question 15

What does windows use for encryption?

Answer 15

BitLocker Drive Encryption is an encryption feature provided by Windows to protect your data, particularly when lost or stolen. Windows has a long history of providing solutions for at-rest data protection. BitLocker has recently added encryption for both full drives and portable drives. Windows consistently improves data security by improving existing options and introducing new ones.

BitLocker provides the most protection when combined with a Trusted Platform Module (TPM) version 1.2 or later. TPM is a hardware component included in many newer computers by computer manufacturers. It works with BitLocker to protect user data and ensure that a computer was not tampered with while the system was turned off.

Question 16

What is BitLocker To Go?

Answer 16

BitLocker To Go is BitLocker Drive Encryption for portable storage devices. This feature encrypts the following data: USB flash drives, external hard disk drives, SD memory cards, and other drives that have been formatted with the NTFS, FAT16, FAT32, or exFAT file systems. As with BitLocker, you can open BitLocker To Go encrypted drives on another computer by using a password or smart card.

Question 17

What is the EFS function do?

Answer 17

The Encrypted File System, or EFS, adds another layer of security to files and directories. It uses a public-key system to provide cryptographic protection for individual files on NTFS file system volumes.

Note that the following items cannot be encrypted:

System files

Transactions

System directories

Root directories

Files that are compressed

Question 18

How to activate BitLocker To Go?

Answer 18

File Explorer > This PC> Right Click Drive > Devices and Drives Section > Select Turn on BitLocker

Here you will enable the Use a password to unlock the drive checkbox.

Note: Ensure you choose the correct encryption based on the recommended settings in a real-life situation.

Question 19

How can we utilize Microsoft OS Security using Permissions?

Answer 19

Users are an identity with a set of attributes and assigned permissions

Groups - by creating groups admins can combine users together based on the role they perform in the company (role-based access control) and the level of access needed to a resource or group of resources.

Question 20

How can you access NTFS Permissions on a file or folder?

Answer 20

Right Click Properties> NTFS Permissions (show security tab >edit > add > add group/user credentials)

Question 21

What are the basic Permissions for an NTFS Folder/File?

Answer 21

Read - Permits viewing and listing of files and subfolders
Permits viewing or accessing of the file’s contents
Write - Permits adding of files and subfolders
Permits writing to a file

Read & Execute - Permits viewing and listing of files and subfolders
as well as executing of files; inherited by files and
folders
Permits viewing and accessing of the file’s contents
as well as executing the file

List Folder Contents - Permits viewing and listing of files and
subfolders as well as executing of files;

Modify - Permits reading and writing of files and subfolders; allows deletion of the folder Permits reading and writing of the file; allows deletion of the file

Full Control - Permits reading, writing, changing, and deleting of files
and subfolders

Question 22

For NTFS configuration what does Inherited Permissions do?

Answer 22

After selecting OK note that some permission checkmarks are darker than others

Lighter - Inherited or Implict Permissions

Darker - Explict permissions (Caution Explict Deny if the most restrictive permission use sparingly)

All permissions are considered when a user accesses a file or folder. If the user is a part of multiple groups assigned to a resource the least restrictive NTFS permission applies

Question 23

What is the difference between explicit permissions and inherited permissions?

Answer 23

Explicit vs. Inherited Permissions - NTFS.com

Explicit permissions are permissions that are set by default when the object is created, or by user action.

Inherited permissions are permissions that are given to an object because it is a child of a parent object.

Question 23

What can you do with Shared Permissions?

Answer 23

Apply to folders than are made available to other users over a network connection

Accessing a shared resource over the network will apply both shared permissions and NTFS permission

The most restrictive permission will be the effective permission

Question 24

NTFS vs Shared Permissions?

Answer 24

NTFS permissions govern access to folders and files on Windows drives. Unlike share permissions, NTFS permissions apply both for local access to the file server and network access. That is the main difference between NTFS permissions and share permissions: The latter only apply when access is made via the network.

Question 25

What is the feature of the EFS?

Answer 25

The EFS feature in Windows allows you to easily encrypt and decrypt files on your NTFS drives. If you use this tool to encrypt files, no one else will be able to access them unless they have your password.

One of the tool’s benefits is that you can encrypt a specific folder rather than the entire hard drive partition. In addition, if you move a file to an EFS-encrypted folder, the file will be encrypted automatically.

Question 26

What happens when Transferring encrypted folders or files to unencrypted folders (NTFS volumes)?

Answer 26

The copies are encrypted regardless of the destination folder’s encryption setting. When copying to another computer, the objects are encrypted only if the destination computer allows it. Remote encryption is not enabled by default in a domain environment, so the destination computer must be trusted for delegation.

Question 27

What happens when Transferring unencrypted folders or files to encrypted folders (NTFS volumes)?

Answer 27

When folders or files are copied or moved using the Explorer interface, they are encrypted. This applies to copies made on the same computer as well as copies made on a remote computer that supports encryption. The COPY console command encrypts the destination file, whereas the MOVE command simply renames it.

Question 28

What happens when Transferring encrypted and unencrypted files to FAT volumes?

Answer 28

Windows displays a prompt informing you that the files cannot be encrypted and offers you the option of copying or moving the files, thereby losing the encryption. When you use the Backup utility to back up the files to a Backup file (BKF) on a FAT volume, this is an exception. The file remains encrypted in the backup set in this case.

Question 29

What happens when the encryption attribute is unaffected by renaming a folder or file?

Answer 29

As a result, you can rename an encrypted folder or file while it is still encrypted. Furthermore, you can rename the encrypted folder or file in a different location (essentially a move operation), and the folder or file will remain encrypted, even if it is renamed in an unencrypted NTFS folder.

Question 30

What is the purpose of users and groups?

Answer 30

Windows provides different user accounts and groups that allow you to control the type of permissions a particular type of user or group can have. For example, you can control the types of files and folders that can be accessed, the tasks that a particular user or group is authorized to perform and the devices or resources that can be used.

Question 31

If you have an account with Microsoft as user, what features can you use ?

Answer 31

When you sign in to your Microsoft account, you gain access to all of Microsoft’s premier services. You should already have a Microsoft account if you use any of the following services: Outlook.com, Office, Skype, OneDrive, Xbox Live, Bing, Microsoft Store, Windows, or MSN. Your Microsoft account allows you to manage everything in one location.

You can update your privacy and security settings, track the health and safety of your devices, and earn rewards by keeping track of your subscriptions and order history. Everything is saved in the cloud and is accessible across devices, including iOS and Android. All the services offered by Microsoft can be accessed through a single account.

Question 32

What is a Default Local User Accounts Windows OS?

Answer 32

They are pre-installed accounts on the PC that are created when you install Windows. The default local user accounts cannot be removed or deleted after Windows is installed. Furthermore, default local user accounts do not grant access to network resources. They are used to manage access to the resources of the local server based on the rights and permissions assigned to the account. The Users folder in Windows contains the default local user accounts as well as the local user accounts that you create. In the local Computer Management Microsoft Management Console, the Users folder is located in the Local Users and Groups folder (MMC)

Question 33

What is Administrator Account in Local Users?

Answer 33

It is the default local Administrator account. Every computer has a user account called Administrator, which is created during the Windows installation process. The account has complete access to the local computer’s files, directories, services, and other resources. It also has the ability to create additional local users, assign user rights, and assign permissions. By changing the user rights and permissions, the Administrator account can take control of local resources at any time. Although the default Administrator account cannot be deleted or locked out, it can be renamed or disabled.

Question 34

What is Guest Account in Local Users?

Answer 34

During installation, the Guest account is disabled by default. The Guest account allows infrequent or one-time users who do not have an account on the computer to temporarily sign in with limited user rights to the local server or client computer. The Guest account does not have a password. This account is supposed to be used by guests, and if there were a password, they would be able to log in anytime. Due to this, there is an inherent risk because there is no authentication to prove a user’s identity. As a best practice, this account should be disabled.

Question 35

What is Help Assistant Account in Local Users?

Answer 35

The Help Assistant account is a default local account that is activated when you launch a Remote Assistance session. The purpose of the account is to enable remote users to be able to help resolve users’ issues. The Remote Assistance session, which is requested by a user, is used to connect to another computer running the Windows operating system. To request remote assistance, a user sends an invitation from their computer, via e-mail or as a file, to a person they seek help from. When the user accepts the invitation to a Remote Assistance session, the default Help Assistant account is created to give the person providing assistance limited access to the computer. If not in use, the best practice is to have the account disabled.

Question 36

What is a Default Account in Local Users?

Answer 36

The Default Account, also known as the Default System Managed Account (DSMA), is a built-in account that first appeared in Windows 10 version 1607 and Windows Server 2016. The DSMA is a well-known type of user account. It is a user-agnostic account that can be used to run processes that are multi-user aware or user-agnostic.

Question 37

What is the main goal of creating User groups?

Answer 37

The main goal of creating User Groups in Windows is to make managing multiple users in a large and complex computing environment easier. Medium and large companies will each have different structures, but there will be some similarities. Likely there are going to be different divisions in the company. For instance, there may be an HR department, a sales department, a production department, Senior management, etc. Groups can be made for each of these departments, and each of our user accounts can be applied to the group.

So can computer workstations. Groups allow us the ability to make the process more manageable and apply restrictions to what users can do. Instead of manually configuring New User account settings, System Administrators can simply add new employees to existing User Groups, and New User Accounts will automatically inherit the privileges and security settings of their assigned User Group.

Question 38

What are the type of users in User Groups can be modified?

Answer 38

Similarly, whenever changes to privileges or security settings are required, system administrators will be able to make

Administrators - Administrators have complete and unrestricted access to the computer/domain.

Guests - Users in this group are infrequent or one-time users who do not have an account on the computer. They can temporarily sign in with limited user rights to the local server or client computer.

Power Users - Members of this group have similar permissions to the administrator’s group but would require authorization from a member of the administrator’s group to perform any changes to the system.

Standard Users - Members of this group have restricted permissions that affect only the user’s computer. For example, they can change their password and desktop settings and view or modify files and folders stored in their personal and public folders. The administrators set the permissions for standard users.

Question 39

What are the login Options for Windows System?

Answer 39

Windows provides different types of login options for users. The following login options can be used:

Username and password

Personal identification number (PIN)

Fingerprint

Facial recognition

Single sign-on (SSO)

Question 40

What are the features of Windows Hello?

Answer 40

Windows Hello allows Windows 10 & Windows 11 users to authenticate themselves securely using biometrics such as fingerprint, iris scan, or facial recognition. The sign-in mechanism is essentially an alternative to passwords, and it is widely regarded as a more user-friendly, secure, and dependable method of accessing critical devices, services, and data than traditional password logins.

To enable Windows Hello in Windows 10, navigate to Start > Settings > Accounts > Sign-in options, choose the Windows Hello method you want to use, and then click Set up. If you don’t see Windows Hello in the Sign-in options, it’s possible that it’s not available for your device.

Question 41

What Does the PIN do in terms of logging in Windows?

Answer 41

Personal Identification Number (PIN)

A PIN is a code that can be used to sign in to Windows. It should at least have 4 characters and usually contains digits. However, you can configure Windows 10 to accept PINs that contain letters (both uppercase and lowercase) and special characters such as! or? When you set a PIN, Windows checks to see if you’re using easy-to-guess patterns like 1234 or 0000, and it doesn’t let you use them as your PIN. The PIN is linked to your user account and can be used instead of the password to authenticate. However, before you can use a PIN to log in to Windows, you must first create a password.

Question 42

What is the SSO Feature in terms of logging in?

Answer 42

Single Sign-On (SSO)

Single sign-on (SSO) is a method that allows a user to log on to a network once, authenticate themselves and then use various network services and applications without having to log in again. The user is authenticated with a directory service, such as Active Directory, which is also integrated with the various applications and services on the network. Therefore, being authenticated once, the user need not log on separately to these services and applications.

When SSO is implemented, the users will not need a different set of credentials to log on to different applications or web applications, and a single user account from a centralized directory can be used. This is more secure than storing a different account on the collaboration tool itself.

Question 43

What features do you need to consider when using “Username and Password?

Answer 43

To authenticate users, usernames and passwords are combined. There are some features that can be enabled to aid in password security:

• Password History - This security setting is used to determine how many unique new passwords should a particular account have before a previously used password can be reused. The value must be between 0 and 24 passwords. This ensures that the old password is not reused constantly and aids in security.
• Maximum Password Age - Here, you can specify the period (in days) a password can be used before it can expire. The passwords can be set to expire for days between 1 and 999. If the number of days is set to 0, the password will never expire.
• Minimum Password Age - This setting is used to specify the number of days a password should be used before you can change it.
• Minimum Password Length - In this security setting, you can specify the minimum number of characters your password should contain.
• Password Complexity - When this security setting is enabled, passwords should meet the following minimum criteria:

     Should not contain parts of the user’s name or user ID 
  
     Should at least be 6 characters long 
  
      Contains at least three characters from the following 
      categories - uppercase characters, lowercase characters, 
      numbers, and special characters.

Question 44

What is UAC?

Answer 44

User Account Control (UAC) is an important part of Microsoft’s overall security strategy. UAC lessens the impact of malware. To make changes, each app that requires the administrator access token must ask for permission. When UAC is enabled, Windows 10 or Windows 11 prompts for consent or credentials from a valid local administrator account before beginning a program or task that requires a full administrator access token. This prompt ensures that no malicious software is installed silently.

When a user attempts to perform a task that requires the user’s administrative access token, the consent prompt appears. Making your primary user account a standard user account is the recommended and more secure method of running Windows 10 or Windows 11 without having to overuse the administrator account as the primary account. Running as a standard user contributes to the overall security of a managed environment.

Question 45

Run as Administrator vs. Standard User

Answer 45

Windows, like other operating systems, will require an administrator account to perform system setting modifications on a computer, such as installing a new program, managing disk volumes, creating users or groups, and other tasks that will affect your computer’s performance.

When you select “Run as Administrator,” UAC is bypassed, and the application is launched with full administrator access to your entire system. Due to the access that is given to the administrator account in the operating system, the account has access and the ability to change things normal users can’t. Some applications and built-in programs in Windows require this access. In order to combat this, a feature was created, Run as Administrator. It allows administrators to use a standard account for their everyday