After copying EFS-encrypted files fromComp1 to Comp2, no one can open the filesand access the data on Comp2.Which can you do to give users access tofiles on Comp2? (Select two. Each answer isa complete solution.)
UseCipher.exe totransfer theencryptioncertificates.Use USMT totransfer theencryptioncertificates.
2. Consider the password policy settingsshown in the exhibit.You just created a new account for a usernamed Austin Hammer on a Windows 10system that is configured to use thepassword policy settings shown in theexhibit. The name of the user account isAHammer. You specified that the user mustchange the password on the first logon.Which of the following passwords wouldAHammer be allowed to use on this system?(Select two.)
0badBeef!PlymCud65#1
3. The D: drive in your computer has beenformatted with NTFS.The Sales group on your computer has beengiven Allow Modify to the D:Sales folder.The Mary user account is a member of theSales group. You want to accomplish thefollowing:• Mary should not be allowed access to theD:Sales12010sales.docfile.• Mary should be able to read, write, andcreate new files in the D:Salesfolder.• Your solution should not affect the abilitiesof other Sales group members to accessfiles in the D:Sales folder.What should you do?
Edit theproperties forthe file andassign Marythe Deny FullControlpermission.
4. Drag the authenticationfeature on the left to theappropriate description onthe right. (Not allauthentication features areused.)
A digital document thatidentifies a user or acomputer:CertificateA human trait or characteristicthat is unique among people:BiometricUsed for both authenticationand authorization and is thedefault authentication methodfor Windows:Kerberos v5Uses SSL and TSL forauthentication:Secure ChannelA physical object thatcontains a memory’ chipcontaining authenticationcredentials:Smart card
5. Drag the cipher command onthe left to its function on theright.
Adds a recovery agent key:cipher /uGenerates recovery agentkeys:cipher /rCreates a new file encryptionkey:cipher /kDisplays the encryption state:cipherChanges the certificate usedto encrypt files:cipher /rekey
Client Pro Chapter 5Study online at quizlet.com/_4oa4yy
6. Drag the description on the leftto its appropriate user right.(Note: Not all descriptions havecorrect a match.)
Allow log on locally:Determines which userscan log on to thecomputerLog on as a service:Allows a securityprincipal to log on as aserviceAccess this computerfrom the network:Determines which usersare allowed to connectto the computer over thenetworkDeny log on throughRemote DesktopServices:Determines which usersare prohibited fromlogging on using theRemote Desktop client.Deny log on locally:Determines which usersare not allowed to log onto the computer
7. Drag the description on the leftto its appropriate user right.(Note: Not all descriptions havecorrect a match.)
Shut down the system:Determines which locallylogged-on users can shutdown the systemChange the system time:Determines which userscan change the systemdateBack up files anddirectories:Determines which userscan bypass filepermissions whilebacking up the systemRestore files anddirectories:Determines which userscan bypass filepermissions whenrestoring files anddirectoriesPerform volumemaintenance tasks:Determines which userscan run maintenancetasks on drives
8. During the initial installation of yourWindows system, you elected to usea local user account forauthentication because you had notset up an online Microsoft account.You now realize that you want tosynchronize your desktop theme,browser settings, passwords, andother settings to other computersthat you use. To do this, you need tocreate an online Microsoft accountthat you can use when authenticatingto other computers.Which of the following steps can youuse to create the online account andbegin using it to sign in? (Select two.Each answer is part of the completesolution.)
Accesshttp://www.live.comand create a newMicrosoft useraccount.Open the Settingsapp and clickAccounts > Sign inwith a Microsoftaccount instead.
9. Each user profile has its own registrydatabase file that holds all userspecific registry settings.Enter the name of this file.
Ntuser.dat
10. An employee was just fired. Beforehe returned his Windows notebook,he assigned the Deny Full Controlpermission to Everyone to all thefiles and folders on the system. Allusers, including you, are now blockedfrom accessing these important files.As administrator, which can you do tomake these files available as quicklyas possible?
Take ownership ofthe files and changethe permissions.
11. For the D:ReportsFinances.xls fileon your Windows system, youexplicitly grant the Mary user accountthe Allow Modify NTFS permissions.You need to move the file from theexisting folder to the D:Confidentialfolder. You want to keep the existingNTFS permissions on the file.How can you accomplish this with theleast amount of effort?
Move the file to thenew folder.
12. Mary and Mark share a Windowssystem. Mary encrypts a file byusing Encrypting File System (EFS).When Mary attempts to grant Markaccess to the file, she sees thedialog shown in the image.How can you ensure that Mary cangrant Mark access to the file?
Instruct Mark to logon to the computerand encrypt a file.
13. Match the Credential Guardcomponent on the left with itsfunction on the right. (Eachcomponent may be used once,more than once, or not at all.)
Grants users accessto local and domainresources:Kerberos ticketsStores userauthenticationinformation:Local SecurityAuthorityTags runningprocesses asbelonging to a virtualmachine:Virtual Secure ModeProvidesvirtualizationfunctionality on aWindows system:Hyper-V
14. Previously, you configured thefollowing auditing settings on yourWindows desktop system:• You enabled the Audit objectaccess policy to log failed events.• You configured auditing on severalfiles, folders, and registry settingsfor a specific group for failed Readand Modify actions.Now you would like to audit onlyfailed attempts to view or modifyregistry settings. You no longerwant to log audit entries for fileaccess.How can you make the change withthe least amount of effort possible?
In the Local SecurityPolicy, stop auditingfor the Audit objectaccess policy. Enablethe Audit Registryadvanced auditpolicy.
15. Rodney, a user in the research department,uses a Windows notebook system with asingle NTFS volume. Rodney recently leftthe company on short notice. Rodney’smanager, Kate, wants access to all Rodney’sfiles. You make Kate’s account anadministrator for Rodney’s computer andgive her the computer. Later, Kate informsyou that she cannot open one of Rodney’sdocuments, receiving an access deniedmessage. You realize that Kate is trying toaccess a file that Rodney encrypted usingEFS.What can you do to let Kate open the file?
Log on tothe laptopusing anaccount withDRAprivileges.Clear theEncryptattribute onthe file.
16. Rodney, a user in the research department,uses a Windows notebook system with asingle NTFS volume. Rodney shares thenotebook system with his manager, Kate.Rodney stores private company documentsin the C:Data folder on his notebook. BothRodney and Kate access the documentswhen they are using the notebook. Rodneyis concerned about the documents fallinginto the wrong hands if his notebook isstolen. Rodney wants to protect the entirecontents of the C:Data folder.How can you encrypt the contents of theC:Data folder so that Kate and Rodney arethe only authorized users?
InstructRodney tolog on to hiscomputer,edit theproperties ofthe C:Datafolder, andenableencryption.Add Kate asauthorizeduser for eachfile in theC:Datafolder.
17. Sales team members use standard useraccounts to log on to a shared notebookcomputer. You want to allow users to changethe system time and time zone.How can you grant users this ability whilelimiting their ability to perform otheradministrative tasks?
Configureuser rightsfor the Salesgroup in theLocalSecurityPolicy.
18. Sam, an employee in Office 1, needs toperform administration tasks on theOffice1 workstation.In this lab, your task is to use theSettings app on Office1 to changeSam’s Local account to anAdministrator account.
Start > Settings >Accounts > OtherUsersClick Sam >“Change accounttype” button >Account type:Change fromStandard User toAdministrator
19. To increase security for your Windowsnotebook system while traveling, youdecide to require a smart card forlogon. You also want users to belogged off automatically when thesmart card is removed.Which administrative tool or featurecan you use to configure this type ofsecurity?
Local SecurityPolicy
20. What is the name of the process ofgranting or denying a user access to aresource based on identity?
Authorization
21. What is the name of the process ofsubmitting and checking credentials tovalidate or prove user identity?
Authentication
22. Which DAC component is used to scanfiles for specific information, such as atext string or a regular expression?
Classificationrules
23. Which DAC component is used to tagscanned files?
Resourceproperties
24. Which DAC component specifiesconditions that must be matched forpermission assignments to be made?
Central accessrules
25. Which of the following are trueconcerning the Password must meetcomplexity requirements accountpolicy? (Select three.)
Dictionary wordsare not allowed inpasswords.Users must createa password thatuses a minimumof three of fourtypes of specialcharacters.Passwords mustbe at least sixcharacters long.
26. Which of the following authenticationmethods does Windows Hello support?(Select three.)
FingerprintscanFacialrecognitionIris scan
27. Which of the following is a restriction orsetting applied to a user or computer?
Policy
28. Which of the following sign-in options mustbe set up before you can use Windows Helloto configure facial recognition or fingerprintauthentication?
PIN
29. Which of the following terms is the collectionof a user’s personal settings and data files?
Userprofile
30. Which type of user profile lets you save userspecific profile data to a central location forsimplified administration?
Roamingprofile
31. A Windows server has a shared folder namedHR. Within this folder, there is a file namedPerformanceReviews.docx. A user namedDCoughanour has the following permissionassignments to this file:• NTFS: Modify, Read & execute, Read, andWrite• DAC: ReadWhat is DCoughanour’s effective access to thePerformance-Reviews.docx file?
Read
32. You are configuring security settings that willidentify when people attempt to log on to aWindows desktop system with an incorrectpassword. You need the computer to note thefailed attempts in its own audit log.Which Local Security Policy setting can youenable to track failed logon attempts?
Enable theAuditaccountlogoneventssetting.
33. You are setting up a picture password for aWindows device with a touch screen.Which gestures can you use? (Select two.)
StraightlinesCircles
34. You attempt to execute a program in theC:Program FilesAccWiz directory on yourWindows system, but you receive a promptto elevate your privileges.How can you execute the program withoutreceiving a prompt for elevated privilegeswhile also preventing harmful applicationsfrom making unwanted changes to thesystem?
Use runas toexecute theprogram intheC:ProgramFilesAccWizdirectory.
35. You attempt to run an executable file in theC:Program FilesAccWiz directory on yourWindows system. Whenyou do, you receive a prompt to elevateprivileges. You need to execute the programwithout receiving a promptfor elevated privileges. You also need toprevent malicious applications from makingunwanted changes to thesystem if it becomes infected with malware.What should you do?
Userunas.exe torun theexecutable intheC:ProgramFilesAccWizdirectory.
36. You currently log on to your Windowsdesktop system using a local user account.However, you want to be able tosynchronize settings and files betweenyour desktop and your Windows tablet.To do this, you decide to associate yourlocal user account with an online Microsoftaccount.What should you do? (Select two. Eachanswer is part of the complete solution.)
Open theSettings appand clickAccounts >Your emailandaccounts.Click Add aMicrosoftaccount.
37. You currently log on to your Windowsdesktop system using a local user account.However, you want to be able tosynchronize settings and files betweenyour desktop system and your Windowstablet.To do this, you decide to associate yourlocal user account with an online Microsoftaccount. You want to use your existing emailaccount (myaccount@westsim.com). Youwant to assign your online account apassword of myP@ssw0rd.Will this configuration work?
Yes. Theonlineaccount canbe createdusing theparametersin thisscenario.
38. You have a computer running Windows 10Enterprise. The computer is a member of adomain. A file server on the networknamed Server1 runs Windows Server 2012R2. You log on to the computer using anaccount named Mary.With the least amount of effort possible,you need to ensure that every time youconnect to a shared folder on Server1, youauthenticate using a domain account namedAdmin.What should you do?
FromCredentialManager,select Add aWindowscredential.
39. You have a computer running Windows thatis a member of a domain.There is a file server on the network namedServer1. You log on to the computer usingan account called Mary. Using the leastamount of effort possible, you want toensure that every’ time you connect to ashared folder on Server1, you authenticateby using an account named Admin.What should you do to accomplish this?
FromCredentialManager,click Add aWindowscredential.
40. You have a team of desktop supportspecialists to help you manage the needsof a large department. You want a few ofthe less-experienced specialists to be ableto help you support users when they needtheir TCP/IP configuration modified or theirIP addresses released or renewed.You don’t want to give them theunrestricted access that comes with being amember of the Administrators group if youdon’t have to.Which built-in Windows group should theybe assigned to?
NetworkConfigurationOperators
41. You have a Windows system that is sharedby multiple users. Sally wants to access afile in the Reports folder. A group namedSales has been granted the Full Controlpermission to the Reports folder and allsubfolders and files.You add Sally as a member of the Salesgroup, but she still cannot access the filethat she needs.How can you let Sally access the Reportsfolder?
RemoveSally fromany othergroups thathave beenexplicitlydeniedaccess to theReportsfolder.
42. You have a Win notebook system that is sharedby three users. The computer is not a memberof a domain. Each user has been using EFS toencrypt their personal files on the laptop. Youwould like to add your user account as arecovery agent so you can recover any fileencrypted by any user on the laptop. You wouldlike to store the recovery keys on a smart card.What should you do first?
Runcipher /r
43. You have been encrypting files on yourWindows notebook system using EFS and aself-signed certificate. You not want to protectyour encrypted files using a certificate on asmart card. You install a smart card reader andobtain a smart card with a new certificate. Youwant to make sure that all encrypted files usethe certificate on the smart card. What shouldyou do first?
Runrekeywiz
44. You have connected a fingerprint reader to yourWindows computer and verified that it isworking properly.Click the option you would use in the Settingsapp to set up Fingerprint authentication.
Sign-inoptions
45. You have two Windows systems named Compland Comp2. Both computers are members of adomain.You have a domain user account named EFSRecovery. You use this user account to recoversome files on Comp1. You need to recover somefiles on Comp2, but are unsuccessful.What should you do?
ExporttherecoveryagentkeysfromComp1andimportthem toComp2
46. You have two Windows systems named Compland Comp2. Both computers are members of aHomeGroup; neither computer is a domainmember.On Comp1, you share the C:Files folder with theHomeGroup. The C:Filesdata.doc file isencrypted. From Comp2,you can access all of the files in the C:Filesfolder except for the data.doc file.What can you do that will allow you to accessthe data.doc file on Comp2?
Copyyourprivatekey fromComp1toComp2
47. You have used the runas commandwith the /savecred option to startan application on your Windowssystem.For security reasons, you havechanged you mind and don’t wantto keep the password in WindowsVault.How can you delete the storedpassword?
From CredentialManager, remove thecredential from theVault.
48. You manage a notebook systemrunning Windows.Which task can you perform to logall packets that are dropped by thefirewall on your computer?
In the Local SecurityPolicy, configureobject access policiesfor the WindowsFiltering Platform(WFP). View auditentries in the Securitylog in Event Viewer.
49. You manage a Windows 10 systemthat is used by several differentusers. You want to require eachuser to create a password that is atleast 10 characters long. You alsowant to prevent logon after threeunsuccessful logon attempts.Which account policies must youconfigure? (Select two. Eachanswer is a required part of thesolution.)
Account lockoutthresholdMinimum passwordlength
50. You manage a Windows system andneed to control access to theD:Reports folder as follows:• Members of the Accountinggroup should be able to open andview all files, but not modify them.• Mary needs to be able to modifyexisting files in the folder and addnew files to the folder, but shouldnot be able to delete or renamefiles. Mary is a member of theAccounting group.Making the fewest rightsassignments, how can you assignthese NTFS permissions?
Assign Allow Read &execute, List foldercontents, and Read tothe Accounting group.Assign Allow Write toMary.
51. You manage a Windowssystem and need tocontrol access to theD:Reports folder asfollows:• Members of theAccounting group shouldbe able to open and viewall files, edit them, addnew files, and renameand delete files.• Mary needs to be ableto open and view files,but should not be able tomodify, rename, ordelete them. Mary is amember of theAccounting group.Taking the least amountof actions possible andaffecting existingpermissions as little aspossible, how can youassign these NTFSpermissions?
Remove Mary from theAccounting group. Assign AllowRead & execute, List foldercontents, Read, and Modify tothe Accounting group. AssignAllow Read & execute, Listfolder contents, and Read toMary.
52. You manage a Windowssystem and need tocontrol access to theD:Reports folder asfollows:• Members of theAccounting group shouldbe able to open and viewall files, edit them, andadd new files. Theyshould not be able todelete or rename files.• Mary needs to be ableto open and view files,but should not be able tomodify them. Mary is amember of theAccounting group.Taking the least amountof actions possible andaffecting existingpermissions as little aspossible, how can youassign these NTFSpermissions?
Assign Allow Read & execute,List folder contents, Read, andWrite to the Accounting group.For the Mary user account, denythe Write permission.
53. You manage a Windows system that isshared by several users.Currently, the system is configured torequire password changes every 42 days;however, you are concerned that users arereusing their favorite passwords over andover. This violates your organization’ssecurity policy.Click on the policies you would use in theLocal Group Policy Editor to enforce this.(Select two.)
EnforcepasswordhistoryMinimumpasswordage
54. You manage a Windows system that isshared by several users.Currently, the system is configured torequire password changes every 42 days.However, you are concerned that users arereusing their favorite passwords over andover, which violates your organization’ssecurity policy.Click the policies you would use in the LocalGroup Policy Editor to enforce this. (Selecttwo.)
EnforcepasswordhistoryMinimumpasswordage
55. You manage a Windows system that is usedby several users. You want to prevent usersfrom reusing old passwords. You also wantto force them to use a new password for atleast five days before allowing them tochange it again.Which account policies must you configure?(Select two. Each answer is a required partof the solution.)
EnforcepasswordhistoryMinimumpasswordage
56. You manage several Windows systems thatare members of a domain.You are configuring security settings thatwill be distributed to all computers on yournetwork. You want to identify deniedattempts to change a user’s groupmembership in a computer’s local database.Click the audit policy that should be enabledto meet this requirement.
Auditaccountmanagement
57. You manage several Windows systems thatare members of a domain. You areconfiguring security settings that will bedistributed to all computers on your network.You want to identify denied attempts tomanipulate files on computers that havebeen secured through NTFS permissions.Click the audit policy that should be enabledto meet this requirement.
Audit objectaccess
58. You need to enable Credential Guard on aWindows 10 Enterprise system.Which Windows features need to be enabledto accomplish this? (Select two.)
IsolatedUser ModeHyper-VHypervisor
59. You need to reconfigure a Windows 10system to give the DNelson user rights tothe following:• Connect to shared resources on thecomputer (such as shared folders andprinters)• Access the system’s desktop using theRemote Desktop clientClick the user rights that must be modified toaccomplish this. (Select two. Each response isa part of the complete solution.)
Access thiscomputerfrom thenetworkAllow logon throughRemoteDesktopServices
60. You need to run the zip.exe executable onyour Windows system as the Admin user(which is a member of the Administratorsgroup) on your system.To accomplish this, which option should youuse with the runas command?
/user:Admin
61. You need to use the runas command to runthe coolap.exe executable on your Windowssystem as the local Admin user, which is amember of the Administrators group.Which option should you use with the runascommand to do this?
/user:Admin
62. You run runas with the /savecred option tostart an application on your Windowssystem.How can you delete the stored passwordfrom the Windows Vault?
FromCredentialManager,remove thecredentialfrom theVault.
63. Your Windows system has devices that arePersonal Identity Verification (PIV)compliant.What can you do to implement a form ofauthentication that takes advantage ofPIV?
Use smartcardauthentication.
64. Your Windows system has two hard drivesas shown in the Exhibit.The C:Finances folder and its contentshave been encrypted. You need to movethe C:FinancesReports.xls file to the D:drive. You want the file to remainencrypted.How can you accomplish this with the leastamount of effort possible?
Run theconvertcommandfollowed bythe xcopycommand.
65. Your Windows system has two hard drives,as shown in the image.The C: drive is running out of space. Youwould like to move the C:Finances folderto the D: drive. Existing NTFS permissionsshould be kept on the folder following themove.How can you accomplish this with the leastamount of effort?
Run theconvertcommandfollowed bythe xcopycommand.
66. Your Windows system has two hard drives,C: and D:.For the D:ReportsFinances.xls file, youexplicitly grant the Mary user account theAllow Modify NTFS permission.You need to move the file from theexisting folder to the C:Reports2 folder.You want to keep the existing NTFSpermissions on the file.How can you accomplish this with the leastamount of effort?
Use therobocopycommand tocopy the fileto theC:Reports2folder.
67. Your Windows system is used by severalpeople, so you want increase security byrequiring users to create passwords thatare at least ten characters long. You alsowant to prevent log on after threeunsuccessful attempts.What should you do in the Local SecurityPolicy administration tool to configurethese account policies? (Select two. Eachanswer is part of the complete solution.)
Set theminimumpasswordlength policy.Set theaccountlockoutthresholdpolicy.
68. You share a single Windows system with Judithand Dalton.You are the owner of the D:Reports folder.Judith needs to be able to see the files andsubfolders in theD:Reports folder. Dalton needs these abilitiesand the ability to delete folders.Which rights must you assign to each user togive them the necessary NTFS permissions tothe D:Reportsfolder?
GrantRead &Executeto JudithandModify toDalton.
69. You use a Windows notebook system that isshared by three users. The computer is amember of a domain. Each user has been EFSto encrypt their personal files on the system.You would like to add your user account as arecovery agent so you can recover any fileencrypted by any user on the laptop. Youwould like to store the recovery keys on asmart card. You install a smart car reader andobtain a new smart card with a certificate thatcan be used for EFS recovery. You add a datarecovery agent using Group Policy. Whatshould you do next?
Haveeach userrun cipher/u
70. You want to configure a picture password on aWindows computer.Click the option you would use in the Settingsapp to do this.
Sign-inoptions
71. You want to increase security as users log onto computers in the domain you administer.How can you implement the strongest form ofmulti-factor authentication?
Require apassword,a biometricscan, anda tokendevice.
72. You want to prevent users from reusing oldpasswords. You also want to force them to usea new password for at least five days beforechanging it again.What should you do in the Local SecurityPolicy administration tool to configure theseaccount policies? (Select two. Each answer ispart of the complete solution.)
Set theminimumpasswordagepolicy.Set theenforcepasswordhistorypolicy.
73. You want to set up a Windows device with a 4-digit PIN for authentication.Which should you do? (Select two. Each answer is part of the complete solution.)
Open the Settings app andclick Accounts > Sign-inoptionsClick Create a PIN
74. You work on a Windows desktop system that is shared by three other users. You notice thatsome of your documents have been modified, so you decide to use auditing to track anychanges to your documents.In the audit policy in the local security policy, you enable auditing of successful object accessevents. To test auditing, you make changes to some files. However, when you examine thecomputer’s Security Log, no auditing events are listed.How can you make sure an event is listed in the Security Log whenever one of your documentsis modified?
Edit the advanced securityproperties of the foldercontaining your documents.
75. You would like to configure your Windows desktop system so that an event is recorded anytime a user successfully or unsuccessfully logs on.How can you configure settings so you do not also record log off events?
Configure advanced auditpolicies in the Local SecurityPolicy.
Looking for a Similar Assignment? Order now and Get 10% Discount! Use Coupon Code “Newclient”
What Students Are Saying About Us
.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐"Honestly, I was afraid to send my paper to you, but splendidwritings.com proved they are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 14***| Rating: ⭐⭐⭐⭐⭐
"The company has some nice prices and good content. I ordered a term paper here and got a very good one. I'll keep ordering from this website."