Client Pro Chapter 5
| After copying EFS-encrypted files from Comp1 to Comp2, no one can open the files and access the data on Comp2. Which can you do to give users access to files on Comp2? (Select two. Each answer is a complete solution.) | Use Cipher.exe to transfer the encryption certificates. Use USMT to transfer the encryption certificates. |
| 2. Consider the password policy settings shown in the exhibit. You just created a new account for a user named Austin Hammer on a Windows 10 system that is configured to use the password policy settings shown in the exhibit. The name of the user account is AHammer. You specified that the user must change the password on the first logon. Which of the following passwords would AHammer be allowed to use on this system? (Select two.) | 0badBeef! PlymCud65#1 |
| 3. The D: drive in your computer has been formatted with NTFS. The Sales group on your computer has been given Allow Modify to the D:\Sales folder. The Mary user account is a member of the Sales group. You want to accomplish the following: • Mary should not be allowed access to the D:\Sales12010sales.docfile. • Mary should be able to read, write, and create new files in the D:\Salesfolder. • Your solution should not affect the abilities of other Sales group members to access files in the D:\Sales folder. What should you do? | Edit the properties for the file and assign Mary the Deny Full Control permission. |
| 4. Drag the authentication feature on the left to the appropriate description on the right. (Not all authentication features are used.) | A digital document that identifies a user or a computer: Certificate A human trait or characteristic that is unique among people: Biometric Used for both authentication and authorization and is the default authentication method for Windows: Kerberos v5 Uses SSL and TSL for authentication: Secure Channel A physical object that contains a memory’ chip containing authentication credentials: Smart card |
| 5. Drag the cipher command on the left to its function on the right. | Adds a recovery agent key: cipher /u Generates recovery agent keys: cipher /r Creates a new file encryption key: cipher /k Displays the encryption state: cipher Changes the certificate used to encrypt files: cipher /rekey |
Client Pro Chapter 5
Study online at quizlet.com/_4oa4yy
| 6. Drag the description on the left to its appropriate user right. (Note: Not all descriptions have correct a match.) | Allow log on locally: Determines which users can log on to the computer Log on as a service: Allows a security principal to log on as a service Access this computer from the network: Determines which users are allowed to connect to the computer over the network Deny log on through Remote Desktop Services: Determines which users are prohibited from logging on using the Remote Desktop client. Deny log on locally: Determines which users are not allowed to log on to the computer |
| 7. Drag the description on the left to its appropriate user right. (Note: Not all descriptions have correct a match.) | Shut down the system: Determines which locally logged-on users can shut down the system Change the system time: Determines which users can change the system date Back up files and directories: Determines which users can bypass file permissions while backing up the system Restore files and directories: Determines which users can bypass file permissions when restoring files and directories Perform volume maintenance tasks: Determines which users can run maintenance tasks on drives |
| 8. During the initial installation of your Windows system, you elected to use a local user account for authentication because you had not set up an online Microsoft account. You now realize that you want to synchronize your desktop theme, browser settings, passwords, and other settings to other computers that you use. To do this, you need to create an online Microsoft account that you can use when authenticating to other computers. Which of the following steps can you use to create the online account and begin using it to sign in? (Select two. Each answer is part of the complete solution.) | Access http://www.live.com and create a new Microsoft user account. Open the Settings app and click Accounts > Sign in with a Microsoft account instead. |
| 9. Each user profile has its own registry database file that holds all user specific registry settings. Enter the name of this file. | Ntuser.dat |
| 10. An employee was just fired. Before he returned his Windows notebook, he assigned the Deny Full Control permission to Everyone to all the files and folders on the system. All users, including you, are now blocked from accessing these important files. As administrator, which can you do to make these files available as quickly as possible? | Take ownership of the files and change the permissions. |
| 11. For the D:\Reports\Finances.xls file on your Windows system, you explicitly grant the Mary user account the Allow Modify NTFS permissions. You need to move the file from the existing folder to the D:\Confidential folder. You want to keep the existing NTFS permissions on the file. How can you accomplish this with the least amount of effort? | Move the file to the new folder. |
| 12. Mary and Mark share a Windows system. Mary encrypts a file by using Encrypting File System (EFS). When Mary attempts to grant Mark access to the file, she sees the dialog shown in the image. How can you ensure that Mary can grant Mark access to the file? | Instruct Mark to log on to the computer and encrypt a file. |
| 13. Match the Credential Guard component on the left with its function on the right. (Each component may be used once, more than once, or not at all.) | Grants users access to local and domain resources: Kerberos tickets Stores user authentication information: Local Security Authority Tags running processes as belonging to a virtual machine: Virtual Secure Mode Provides virtualization functionality on a Windows system: Hyper-V |
| 14. Previously, you configured the following auditing settings on your Windows desktop system: • You enabled the Audit object access policy to log failed events. • You configured auditing on several files, folders, and registry settings for a specific group for failed Read and Modify actions. Now you would like to audit only failed attempts to view or modify registry settings. You no longer want to log audit entries for file access. How can you make the change with the least amount of effort possible? | In the Local Security Policy, stop auditing for the Audit object access policy. Enable the Audit Registry advanced audit policy. |
| 15. Rodney, a user in the research department, uses a Windows notebook system with a single NTFS volume. Rodney recently left the company on short notice. Rodney’s manager, Kate, wants access to all Rodney’s files. You make Kate’s account an administrator for Rodney’s computer and give her the computer. Later, Kate informs you that she cannot open one of Rodney’s documents, receiving an access denied message. You realize that Kate is trying to access a file that Rodney encrypted using EFS. What can you do to let Kate open the file? | Log on to the laptop using an account with DRA privileges. Clear the Encrypt attribute on the file. |
| 16. Rodney, a user in the research department, uses a Windows notebook system with a single NTFS volume. Rodney shares the notebook system with his manager, Kate. Rodney stores private company documents in the C:\Data folder on his notebook. Both Rodney and Kate access the documents when they are using the notebook. Rodney is concerned about the documents falling into the wrong hands if his notebook is stolen. Rodney wants to protect the entire contents of the C:\Data folder. How can you encrypt the contents of the C:\Data folder so that Kate and Rodney are the only authorized users? | Instruct Rodney to log on to his computer, edit the properties of the C:\Data folder, and enable encryption. Add Kate as authorized user for each file in the C:\Data folder. |
| 17. Sales team members use standard user accounts to log on to a shared notebook computer. You want to allow users to change the system time and time zone. How can you grant users this ability while limiting their ability to perform other administrative tasks? | Configure user rights for the Sales group in the Local Security Policy. |
| 18. Sam, an employee in Office 1, needs to perform administration tasks on the Office1 workstation. In this lab, your task is to use the Settings app on Office1 to change Sam’s Local account to an Administrator account. | Start > Settings > Accounts > Other Users Click Sam > “Change account type” button > Account type: Change from Standard User to Administrator |
| 19. To increase security for your Windows notebook system while traveling, you decide to require a smart card for logon. You also want users to be logged off automatically when the smart card is removed. Which administrative tool or feature can you use to configure this type of security? | Local Security Policy |
| 20. What is the name of the process of granting or denying a user access to a resource based on identity? | Authorization |
| 21. What is the name of the process of submitting and checking credentials to validate or prove user identity? | Authentication |
| 22. Which DAC component is used to scan files for specific information, such as a text string or a regular expression? | Classification rules |
| 23. Which DAC component is used to tag scanned files? | Resource properties |
| 24. Which DAC component specifies conditions that must be matched for permission assignments to be made? | Central access rules |
| 25. Which of the following are true concerning the Password must meet complexity requirements account policy? (Select three.) | Dictionary words are not allowed in passwords. Users must create a password that uses a minimum of three of four types of special characters. Passwords must be at least six characters long. |
| 26. Which of the following authentication methods does Windows Hello support? (Select three.) | Fingerprint scan Facial recognition Iris scan |
| 27. Which of the following is a restriction or setting applied to a user or computer? | Policy |
| 28. Which of the following sign-in options must be set up before you can use Windows Hello to configure facial recognition or fingerprint authentication? | PIN |
| 29. Which of the following terms is the collection of a user’s personal settings and data files? | User profile |
| 30. Which type of user profile lets you save user specific profile data to a central location for simplified administration? | Roaming profile |
| 31. A Windows server has a shared folder named HR. Within this folder, there is a file named PerformanceReviews.docx. A user named DCoughanour has the following permission assignments to this file: • NTFS: Modify, Read & execute, Read, and Write • DAC: Read What is DCoughanour’s effective access to the Performance-Reviews.docx file? | Read |
| 32. You are configuring security settings that will identify when people attempt to log on to a Windows desktop system with an incorrect password. You need the computer to note the failed attempts in its own audit log. Which Local Security Policy setting can you enable to track failed logon attempts? | Enable the Audit account logon events setting. |
| 33. You are setting up a picture password for a Windows device with a touch screen. Which gestures can you use? (Select two.) | Straight lines Circles |
| 34. You attempt to execute a program in the C:\Program Files\AccWiz directory on your Windows system, but you receive a prompt to elevate your privileges. How can you execute the program without receiving a prompt for elevated privileges while also preventing harmful applications from making unwanted changes to the system? | Use runas to execute the program in the C:\Program Files\AccWiz directory. |
| 35. You attempt to run an executable file in the C:\Program Files\AccWiz directory on your Windows system. When you do, you receive a prompt to elevate privileges. You need to execute the program without receiving a prompt for elevated privileges. You also need to prevent malicious applications from making unwanted changes to the system if it becomes infected with malware. What should you do? | Use runas.exe to run the executable in the C:\Program Files\AccWiz directory. |
| 36. You currently log on to your Windows desktop system using a local user account. However, you want to be able to synchronize settings and files between your desktop and your Windows tablet. To do this, you decide to associate your local user account with an online Microsoft account. What should you do? (Select two. Each answer is part of the complete solution.) | Open the Settings app and click Accounts > Your email and accounts. Click Add a Microsoft account. |
| 37. You currently log on to your Windows desktop system using a local user account. However, you want to be able to synchronize settings and files between your desktop system and your Windows tablet. To do this, you decide to associate your local user account with an online Microsoft account. You want to use your existing email account (myaccount@westsim.com). You want to assign your online account a password of myP@ssw0rd. Will this configuration work? | Yes. The online account can be created using the parameters in this scenario. |
| 38. You have a computer running Windows 10 Enterprise. The computer is a member of a domain. A file server on the network named Server1 runs Windows Server 2012 R2. You log on to the computer using an account named Mary. With the least amount of effort possible, you need to ensure that every time you connect to a shared folder on Server1, you authenticate using a domain account named Admin. What should you do? | From Credential Manager, select Add a Windows credential. |
| 39. You have a computer running Windows that is a member of a domain. There is a file server on the network named Server1. You log on to the computer using an account called Mary. Using the least amount of effort possible, you want to ensure that every’ time you connect to a shared folder on Server1, you authenticate by using an account named Admin. What should you do to accomplish this? | From Credential Manager, click Add a Windows credential. |
| 40. You have a team of desktop support specialists to help you manage the needs of a large department. You want a few of the less-experienced specialists to be able to help you support users when they need their TCP/IP configuration modified or their IP addresses released or renewed. You don’t want to give them the unrestricted access that comes with being a member of the Administrators group if you don’t have to. Which built-in Windows group should they be assigned to? | Network Configuration Operators |
| 41. You have a Windows system that is shared by multiple users. Sally wants to access a file in the Reports folder. A group named Sales has been granted the Full Control permission to the Reports folder and all subfolders and files. You add Sally as a member of the Sales group, but she still cannot access the file that she needs. How can you let Sally access the Reports folder? | Remove Sally from any other groups that have been explicitly denied access to the Reports folder. |
| 42. You have a Win notebook system that is shared by three users. The computer is not a member of a domain. Each user has been using EFS to encrypt their personal files on the laptop. You would like to add your user account as a recovery agent so you can recover any file encrypted by any user on the laptop. You would like to store the recovery keys on a smart card. What should you do first? | Run cipher /r |
| 43. You have been encrypting files on your Windows notebook system using EFS and a self-signed certificate. You not want to protect your encrypted files using a certificate on a smart card. You install a smart card reader and obtain a smart card with a new certificate. You want to make sure that all encrypted files use the certificate on the smart card. What should you do first? | Run rekeywiz |
| 44. You have connected a fingerprint reader to your Windows computer and verified that it is working properly. Click the option you would use in the Settings app to set up Fingerprint authentication. | Sign-in options |
| 45. You have two Windows systems named Compl and Comp2. Both computers are members of a domain. You have a domain user account named EFS Recovery. You use this user account to recover some files on Comp1. You need to recover some files on Comp2, but are unsuccessful. What should you do? | Export the recovery agent keys from Comp1 and import them to Comp2 |
| 46. You have two Windows systems named Compl and Comp2. Both computers are members of a HomeGroup; neither computer is a domain member. On Comp1, you share the C:\Files folder with the HomeGroup. The C:\Files\data.doc file is encrypted. From Comp2, you can access all of the files in the C:\Files folder except for the data.doc file. What can you do that will allow you to access the data.doc file on Comp2? | Copy your private key from Comp1 to Comp2 |
| 47. You have used the runas command with the /savecred option to start an application on your Windows system. For security reasons, you have changed you mind and don’t want to keep the password in Windows Vault. How can you delete the stored password? | From Credential Manager, remove the credential from the Vault. |
| 48. You manage a notebook system running Windows. Which task can you perform to log all packets that are dropped by the firewall on your computer? | In the Local Security Policy, configure object access policies for the Windows Filtering Platform (WFP). View audit entries in the Security log in Event Viewer. |
| 49. You manage a Windows 10 system that is used by several different users. You want to require each user to create a password that is at least 10 characters long. You also want to prevent logon after three unsuccessful logon attempts. Which account policies must you configure? (Select two. Each answer is a required part of the solution.) | Account lockout threshold Minimum password length |
| 50. You manage a Windows system and need to control access to the D:\Reports folder as follows: • Members of the Accounting group should be able to open and view all files, but not modify them. • Mary needs to be able to modify existing files in the folder and add new files to the folder, but should not be able to delete or rename files. Mary is a member of the Accounting group. Making the fewest rights assignments, how can you assign these NTFS permissions? | Assign Allow Read & execute, List folder contents, and Read to the Accounting group. Assign Allow Write to Mary. |
| 51. You manage a Windows system and need to control access to the D:\Reports folder as follows: • Members of the Accounting group should be able to open and view all files, edit them, add new files, and rename and delete files. • Mary needs to be able to open and view files, but should not be able to modify, rename, or delete them. Mary is a member of the Accounting group. Taking the least amount of actions possible and affecting existing permissions as little as possible, how can you assign these NTFS permissions? | Remove Mary from the Accounting group. Assign Allow Read & execute, List folder contents, Read, and Modify to the Accounting group. Assign Allow Read & execute, List folder contents, and Read to Mary. |
| 52. You manage a Windows system and need to control access to the D:\Reports folder as follows: • Members of the Accounting group should be able to open and view all files, edit them, and add new files. They should not be able to delete or rename files. • Mary needs to be able to open and view files, but should not be able to modify them. Mary is a member of the Accounting group. Taking the least amount of actions possible and affecting existing permissions as little as possible, how can you assign these NTFS permissions? | Assign Allow Read & execute, List folder contents, Read, and Write to the Accounting group. For the Mary user account, deny the Write permission. |
| 53. You manage a Windows system that is shared by several users. Currently, the system is configured to require password changes every 42 days; however, you are concerned that users are reusing their favorite passwords over and over. This violates your organization’s security policy. Click on the policies you would use in the Local Group Policy Editor to enforce this. (Select two.) | Enforce password history Minimum password age |
| 54. You manage a Windows system that is shared by several users. Currently, the system is configured to require password changes every 42 days. However, you are concerned that users are reusing their favorite passwords over and over, which violates your organization’s security policy. Click the policies you would use in the Local Group Policy Editor to enforce this. (Select two.) | Enforce password history Minimum password age |
| 55. You manage a Windows system that is used by several users. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before allowing them to change it again. Which account policies must you configure? (Select two. Each answer is a required part of the solution.) | Enforce password history Minimum password age |
| 56. You manage several Windows systems that are members of a domain. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to change a user’s group membership in a computer’s local database. Click the audit policy that should be enabled to meet this requirement. | Audit account management |
| 57. You manage several Windows systems that are members of a domain. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to manipulate files on computers that have been secured through NTFS permissions. Click the audit policy that should be enabled to meet this requirement. | Audit object access |
| 58. You need to enable Credential Guard on a Windows 10 Enterprise system. Which Windows features need to be enabled to accomplish this? (Select two.) | Isolated User Mode Hyper-V Hypervisor |
| 59. You need to reconfigure a Windows 10 system to give the DNelson user rights to the following: • Connect to shared resources on the computer (such as shared folders and printers) • Access the system’s desktop using the Remote Desktop client Click the user rights that must be modified to accomplish this. (Select two. Each response is a part of the complete solution.) | Access this computer from the network Allow log on through Remote Desktop Services |
| 60. You need to run the zip.exe executable on your Windows system as the Admin user (which is a member of the Administrators group) on your system. To accomplish this, which option should you use with the runas command? | /user:Admin |
| 61. You need to use the runas command to run the coolap.exe executable on your Windows system as the local Admin user, which is a member of the Administrators group. Which option should you use with the runas command to do this? | /user:Admin |
| 62. You run runas with the /savecred option to start an application on your Windows system. How can you delete the stored password from the Windows Vault? | From Credential Manager, remove the credential from the Vault. |
| 63. Your Windows system has devices that are Personal Identity Verification (PIV) compliant. What can you do to implement a form of authentication that takes advantage of PIV? | Use smart card authentication. |
| 64. Your Windows system has two hard drives as shown in the Exhibit. The C:\Finances folder and its contents have been encrypted. You need to move the C:\Finances\Reports.xls file to the D: drive. You want the file to remain encrypted. How can you accomplish this with the least amount of effort possible? | Run the convert command followed by the xcopy command. |
| 65. Your Windows system has two hard drives, as shown in the image. The C: drive is running out of space. You would like to move the C:\Finances folder to the D: drive. Existing NTFS permissions should be kept on the folder following the move. How can you accomplish this with the least amount of effort? | Run the convert command followed by the xcopy command. |
| 66. Your Windows system has two hard drives, C: and D:. For the D:\Reports\Finances.xls file, you explicitly grant the Mary user account the Allow Modify NTFS permission. You need to move the file from the existing folder to the C:\Reports2 folder. You want to keep the existing NTFS permissions on the file. How can you accomplish this with the least amount of effort? | Use the robocopy command to copy the file to the C:\Reports2 folder. |
| 67. Your Windows system is used by several people, so you want increase security by requiring users to create passwords that are at least ten characters long. You also want to prevent log on after three unsuccessful attempts. What should you do in the Local Security Policy administration tool to configure these account policies? (Select two. Each answer is part of the complete solution.) | Set the minimum password length policy. Set the account lockout threshold policy. |
| 68. You share a single Windows system with Judith and Dalton. You are the owner of the D:\Reports folder. Judith needs to be able to see the files and subfolders in the D:\Reports folder. Dalton needs these abilities and the ability to delete folders. Which rights must you assign to each user to give them the necessary NTFS permissions to the D:\Reports folder? | Grant Read & Execute to Judith and Modify to Dalton. |
| 69. You use a Windows notebook system that is shared by three users. The computer is a member of a domain. Each user has been EFS to encrypt their personal files on the system. You would like to add your user account as a recovery agent so you can recover any file encrypted by any user on the laptop. You would like to store the recovery keys on a smart card. You install a smart car reader and obtain a new smart card with a certificate that can be used for EFS recovery. You add a data recovery agent using Group Policy. What should you do next? | Have each user run cipher /u |
| 70. You want to configure a picture password on a Windows computer. Click the option you would use in the Settings app to do this. | Sign-in options |
| 71. You want to increase security as users log on to computers in the domain you administer. How can you implement the strongest form of multi-factor authentication? | Require a password, a b iometric scan, and a token device. |
| 72. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again. What should you do in the Local Security Policy administration tool to configure these account policies? (Select two. Each answer is part of the complete solution.) | Set the minimum password age policy. Set the enforce password history policy. |
| 73. You want to set up a Windows device with a 4-digit PIN for authentication. Which should you do? (Select two. Each answer is part of the complete solution.) | Open the Settings app and click Accounts > Sign-in options Click Create a PIN |
| 74. You work on a Windows desktop system that is shared by three other users. You notice that some of your documents have been modified, so you decide to use auditing to track any changes to your documents. In the audit policy in the local security policy, you enable auditing of successful object access events. To test auditing, you make changes to some files. However, when you examine the computer’s Security Log, no auditing events are listed. How can you make sure an event is listed in the Security Log whenever one of your documents is modified? | Edit the advanced security properties of the folder containing your documents. |
| 75. You would like to configure your Windows desktop system so that an event is recorded any time a user successfully or unsuccessfully logs on. How can you configure settings so you do not also record log off events? | Configure advanced audit policies in the Local Security Policy. |
Looking for a Similar Assignment? Order now and Get 10% Discount! Use Coupon Code "Newclient"
