Win 7 Config Study Guide Chapter 6 Flashcards
You have a user who has access to the Applications folder on your network server. This user belongs to the following groups: NTFS o Sales (Read) o Marketing (Full Control) Shared permissions o Sales (Read) o Marketing (Change) When this user logs into the Applications folder from their Windows 7 machine, what are their effective permissions? A. Full Control B. Read C. Change D. Read and Write
C. To figure out a user’s permissions, you must first add up what their effective NTFS rights are and their effective Shared permissions. Then, the most restrictive set takes precedence. So, in this example, the user’s NTFS permissions are Full Control and the Shared permissions are Change, so Change would be the effective permission.
You are setting up a machine for a home user who does not know much about computers. You do not want to make the user a local administrator, but you do want to give this user the right to change Windows Updates manually. How can you configure this?
A. Modify the LGPO for Windows Update to allow the user to make changes manually.
B. Explain to the user how to log on as the Administrator account.
C. Set Windows Update modifications to anyone.
D. This can’t be done. Only administrators can change Windows Update.
A. You do not want this user to have any administrator rights. To allow this user to change Windows Update manually, you must set this in an LGPO.
You are the administrator for a large organization with multiple Windows Server 2008 R2 domain controllers and multiple domains. You have a Windows 7 machine that is set up for all users to access. You have an application called StellApp.exe that everyone on this Windows 7 computer can use except for the Sales group. How do you stop the Sales group from accessing this one application?
A. Deny the Everyone group the rights to the application.
B. Create an executable rule from the Application Control Policy.
C. Create a security role from the Application Control Policy.
D. Give the Everyone group full control to the application.
B. Application Control Policy (AppLocker) allows you to configure a Denied list and an Accepted list for applications or users. Applications that are configured on the Denied list will not run on the system or cannot be run by specific groups, and applications on the Accepted list will operate properly.
You have a Windows 7 machine that multiple users access. All users have the rights to use USB removable devices, but you need to deny one user access to USB removable devices. How do you accomplish this?
A. Deny the one user from using the machine.
B. Set a USB rule on Hardware Manager.
C. Deny all users from using USB devices.
D. Create a removable storage access policy through an LGPO.
D. LGPOs are policies that you can set on a local Windows 7 machine to limit hardware and user usage. You also have the ability to control individual users within the Local Group Policy.
You are the system administrator for a large organization. You have a Windows 7 machine that all users can access. There is a folder on the Windows 7 machine called Apps. You need to set up auditing on this folder. How do you accomplish this task?
A. From the Local Group Policy, enable Directory Service Access.
B. From the Local Group Policy, enable Audit Object Access.
C. From the Local Group Policy, enable Account Access.
D. From the Local Group Policy, enable File And Folder Access.
B. Audit Object Access enables auditing of access to files, folders, and printers.
You have a user named Will who has access to the Finance folder on your network server. Will belongs to the following groups: NTFS o Admin (Full Control) o Finance (Modify) Shared Permissions o Admin (Full Control) o Finance (Change) When Will logs into the Finance folder from his Windows 7 machine, what are his effective permissions? A. Full Control B. Read C. Change D. Read and Write
A. Will’s NTFS rights are Full Control and the Shared permissions are Full Control, so Full Control would be the effective permission.
You are the network administrator for a large organization. You have a Windows 7 machine that needs to prevent any user from copying unencrypted files from the Windows 7 machine to any removable disk. How do you accomplish this task?
A. Within the System icon in Control Panel, set the BitLocker Drive Encryption.
B. Within the Hardware icon in Control Panel, set the BitLocker Drive Encryption.
C. Within the Device Manager icon in Control Panel, set the BitLocker Drive Encryption.
D. Within a Local Group Policy, set the BitLocker Drive Encryption.
D. Windows 7 comes with a new feature called BitLocker Drive Encryption. BitLocker encrypts the entire system drive. New files added to this drive are encrypted automatically. To configure BitLocker, you must either use a Local Group Policy or use the BitLocker icon in Control Panel.
In which editions of Windows 7 can you enable BitLocker? (Choose all that apply.) A. Windows 7 Home edition B. Windows 7 Basic edition C. Windows 7 Ultimate edition D. Windows 7 Enterprise edition
C, D. BitLocker Drive Encryption is a data-protection feature available in Windows Enterprise and Ultimate editions of Windows 7.
A salesperson in your company purchases a new laptop with Windows 7 installed. She asks you to configure it for her. You create a standard local user account for her. Which of the following tasks can she perform by default? A. Change date and time settings B. Change time-zone settings C. Check Device Manager D. Enable parental controls
B. As a standard user, the salesperson can change time-zone settings. Changing the date and time settings, checking Device Manager, and enabling parental controls require administrative privileges. Any action that requires administrative privileges will be marked with a shield icon.
Your network’s security has been breached. You are trying to redefine security so that a user cannot repeatedly attempt user logon with different passwords. To accomplish this, which of the following items in the Local Security Policy dialog box shown here should you define?
A. Password Policy
B. Account Lockout Policy
C. Audit Policy
D. Security Options
B. Account Lockout Policy, a subset of Account Policies, is used to specify options that prevent a user from attempting multiple failed logon attempts. If the Account Lockout Threshold value is exceeded, the account will be locked. The account can be reset based on a specified amount of time or through administrator intervention.
You are the network administrator for a Fortune 500 company. The Accounting department has recently purchased a custom application for running financial models. To run properly, the application requires that you make some changes to the computer policy. You decide to deploy the changes through a Local Group Policy setting. You suspect that the policy is not being applied properly because of a conflict somewhere with another Local Group Policy setting. What command should you run to see a list of how the group policies have been applied to the computer and the user? A. gpresult B. gporesult C. gpaudit D. gpinfo
A. The Group Policy Result Tool is accessed through the GPResult command-line utility. The gpresult command displays the resulting set of policies that were enforced on the computer and the specified user during the logon process.
You have a Windows 7 computer that is located in an unsecured area. You want to track usage of the computer by recording user logon and logoff events. To do this, which of the following auditing policies must be enabled? A. Audit Account Logon Events B. Audit Account Management C. Audit Process Tracking D. Audit System Events
A. Audit Account Logon Events is used to track when a user logs on, logs off, or makes a network connection. You can configure auditing for success or failure, and audited events can be tracked through Event Viewer.
You are the administrator for a printing company. After you configure the Password Must Meet Complexity Requirements policy, several users have problems when changing their passwords. Which of the following passwords meet the minimum complexity requirements? (Choose all that apply.) A. aBc-1 B. Abcde! C. 1247445Np D. !@#$%∧&*(−[]
B, C. The password Abcde! meets complexity requirements because it is at least six characters long and contains an uppercase letter, lowercase letters, and a symbol. The password 1247445Np meets complexity requirements because it is at least six characters long and contains an uppercase letter, a lowercase letter, and numbers. Complex passwords must be at least six characters long and contain three of the four types of characters—uppercase letters, lowercase letters, numbers, and symbols.
You are the system administrator for Stellacon Corp. You have a computer that is shared by many users. You want to ensure that when users press Ctrl+Alt+Del to log on, they do not see the name of the last user. What do you configure?
A. Set the security option Clear User Settings When Users Log Off.
B. Set the security option Interactive Logon: Do Not Display Last User Name In Logon Screen.
C. Set the security option Prevent Users From Seeing Last User Name.
D. Configure nothing; this is the default setting.
B. The security option Interactive Logon: Do Not Display Last User Name In Logon Screen is used to prevent the last username in the logon screen from being displayed in the logon dialog box. This option is commonly used in environments where computers are used publicly.
Mary has access to the R&D folder on your network server. Mary's user belongs to the following groups: NTFS o Sales (Read) o Marketing (Read) Shared Permissions o Sales (Read) o Marketing (Change) When Mary logs into the R&D folder from her Windows 7 machine, what are her effective permissions? A. Full Control B. Read C. Change D. Read and Write
B. Mary’s NTFS rights are Read and the Shared permissions are Change, so Read would be the effective permission.
