Windows OS Security Settings

Question 1

Which of the following answers refers to a built-in MS Windows account with complete and unrestricted system access?

Answer 1

Admin

Question 2

Which user group in Windows (applies to Windows 7 and earlier versions) had rights and permissions that allowed its members to perform specific administrator-level tasks?

Answer 2

Power users

Question 3

In MS Windows environments, Guest account is an account for users who do not have a permanent account on a Windows computer or domain. People using this type of account cannot install software or hardware, change settings, create passwords, or access protected files and folders. However, because the Guest account allows the user to log on to a network, browse the Internet, and shut down the computer, it is recommended to keep it disabled when it isn’t being used.

Answer 3

True

Question 4

Which of the default local groups in Microsoft Windows has the least amount of system access privileges?

Answer 4

Guests

Question 5

Which of the user groups in Windows 7/8/8.1/10 can use most software and change system settings that don’t affect other users or computer’s security?

Answer 5

Standard Users

Question 6

What statement describe NTFS permissions in MS Windows? [2]

Answer 6

• Apply to both network and local users

- Can be applied to a folder or individual file

Question 7

What statements describe share permissions in MS Windows? [2]

Answer 7

• Apply only to network users

- Can be set on a folder level

Question 8

A Windows resource with conflicting NTFS and share permissions applied to it will assume:

Answer 8

The most restrictive permission

Question 9

The share permissions on a shared Windows folder grant the user Read access and the local NTFS permissions grant the user Modify access. Which of the following are the effective user permission levels? [2]

Answer 9

• Read when accessing the share remotely

- Modify when accessing the folder locally

Question 10

The share permissions on a shared Windows folder grant the user Full Control access and the local NTFS permissions grant the user Read access. Which of the following are the effective user permission levels? [2]

Answer 10

• Read when accessing the share remotely

- Read when accessing the folder locally

Question 11

In NTFS, permissions inherited from a parent object (e.g. a folder or user group) take precedence over permissions applied directly to an object (explicit permissions).

Answer 11

False

Question 12

What is the correct hierarchy of precedence for permissions settings in NTFS?

Answer 12

Explicit Deny -> Explicit Allow -> Inherited Deny -> Inherited Allow

Question 13

In NTFS, a folder or file moved from one location to another on the same volume inherits the permissions of its new parent folder.

Answer 13

False

Question 14

In NTFS, a folder or file copied from one location to another on the same volume retains its original permissions.

Answer 14

False

Question 15

In NTFS, a folder or file copied or moved from one location to another on a different volume inherits permissions of its new parent folder.

Answer 15

True

Question 16

In MS Windows, the attrib command is used to display or change file attributes. Some of the available options for this command include read-only (R), archive (A), system (S), and hidden (H). With attrib, the “+” symbol sets an attribute for a file, the “-“ sign removes the attribute.

Answer 16

True

Question 17

Which of the following answers lists the correct syntax for applying the read-only attribute to a file?

Answer 17

attrib +R [drive:] [path] [filename]

Question 18

In the context of MS Windows system management, the term “Administrative share” refers to a hidden network share on a local computer designed to be accessed remotely by network administrators.

Answer 18

True

Question 19

Which of the following are examples of administrative share names in Windows? [2]

Answer 19

• print$

- IPC$

Question 20

Permission propagation occurs when a folder or file created inside another folder takes on (inherits) permissions applied to that folder (permissions applied to the so-called parent folder propagate down to its child objects, i.e. folders and files created inside the parent folder).

Answer 20

True

Question 21

A type of critical file that a computer system depends on to operate properly is known as a system file. In Microsoft Windows, system files are hidden by default; they might also have Read-only attribute turned on to prevent accidental changes to the file contents. Windows system files can be permanently displayed in Windows Explorer (Windows 7), or File Explorer (Windows 8/8.1/10) after modifying file and folder settings in the Folder Options applet in Windows 7 Control Panel, or File Explorer Options applet in Windows 8/8.1/10 Control Panel.

Answer 21

True

Question 22

Which of the following steps enable displaying protected system files in Windows 7? [2]

Answer 22

• Control Panel -> Folder Options -> View tab -> Advanced settings -> clear the checkbox next to Hide protected operating system files
• Control Panel -> Folder Options -> View tab -> Advanced settings -> select Show hidden files, folders, and drives

Question 23

Which of the following steps enable displaying protected system files in Windows 8/8.1/10? [2]

Answer 23

• Control Panel -> File Explorer Options -> View tab -> Advanced settings -> select Show hidden files, folders, and drives
• Control Panel -> File Explorer Options -> View tab -> Advanced settings -> clear the checkbox next to Hide protected operating system files

Question 24

An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login on only one of the components is known as:

Answer 24

SSO

Question 25

Which of the following authentication protocols can be used to enable SSO in Windows-based network environments?

Answer 25

Kerberos

Question 26

The “Run as administrator” option in MS Windows allows users with lower-level permissions to perform tasks reserved for system administrators. This feature requires providing Administrator account credentials and temporarily elevates the current user’s privileges to perform a given task. It also simplifies common system tasks, such as installation of new software, which would otherwise require logging out and switching to an admin account.

Answer 26

True

Question 27

Which of the following actions in Windows allow to invoke the User Account Security (UAC) access control feature and run an application with administrator account permissions? [3]

Answer 27

• Right-click on an application icon -> select Run as administrator from the pop-up menu
• In Windows Start menu press and hold Control + Shift keys -> Left-click on an application icon
• Launch Windows Run dialog box (Windows logo key + R) -> type in the application’s name -> press Control + Shift + Enter

Question 28

What is the name of a Microsoft Windows feature that allows for encrypting entire drives?

Answer 28

Bitlocker

Question 29

A Microsoft Windows feature specifically designed to enable encryption of removable drives is known as:

Answer 29

BitLocker To Go

Question 30

Premium versions of the Microsoft OS contain a built-in component that enables encryption of individual files. This feature is known as:

Answer 30

Encrypting File System (EFS)