106 Questions
What is the primary function of authentication in computer security?
To prove an individual's identity
In a Windows domain, what is responsible for handling authentication?
Active Directory (AD)
What does authorization determine in a system?
What an individual can do in the system after authentication
Which of the following is advisable when creating user accounts?
Assigning a password to each account and allowing users to change them
What is the role of Active Directory (AD) in a Windows domain?
To handle authentication of users
Which of the following is a criterion for creating a strong password?
Use 16 or more characters
Which of the following is NOT advisable when creating a strong password?
Using consecutive letters or numbers
Which of these is a recommended element to include in a strong password?
At least one symbol
Which practice should be avoided when creating a strong password?
Using adjacent keyboard keys
What is one of the criteria for creating a strong password?
Combining letters, numbers, and symbols
Which tool works in Active Directory (AD) on a Windows domain to control the privileges of computers and users?
Group Policy
What is the primary function of the Local Security Policy (secpol.msc)?
To apply Windows security settings to the local computer
Which tool contains a subset of policies in Local Group Policy that specifically apply to Windows security settings?
Local Security Policy
Which editions of Windows provide access to Local Group Policy and Local Security Policy editors?
Business and Professional
What is the main difference between Group Policy and Local Group Policy?
Group Policy works domain-wide in AD; Local Group Policy applies only to the local computer or user
Which editor includes a broader set of policies for managing security and settings?
Local Group Policy editor
What is the primary function of the Local Security Policy editor?
To edit a subset of policies available in the Local Group Policy editor
In which scenario would you use the Local Security Policy editor instead of the Local Group Policy editor?
When modifying a limited set of security policies
Which of the following is NOT a function of the Local Group Policy editor?
Handling Active Directory user accounts
What does Figure 7-2 illustrate about the relationship between the Local Group Policy editor and the Local Security Policy editor?
The Local Security Policy editor contains a subset of policies from the Local Group Policy editor
What is the purpose of the Credential Manager applet in Control Panel?
To manage user credentials
Which of the following credentials can be managed using the Credential Manager?
Web credentials
What can be edited or deleted in the Windows Credentials section of Credential Manager?
Windows user names, passwords, and digital certificates
Which of the following actions can be performed with credentials for accessing websites using Credential Manager?
Edit user name and password
Where can you find the Credential Manager applet in a Windows system?
Control Panel
Which password is specifically required to change the BIOS/UEFI setup?
Supervisor password
What is the primary function of the drive lock password in BIOS/UEFI firmware?
To control access to the hard drive
Where is the drive lock password stored?
On the hard drive
Which BIOS/UEFI password is required to use the system?
User password
What happens to the drive lock password if the hard drive is removed?
It remains effective
Which key can be pressed to open the Internet Explorer menu bar?
Alt
What should you look for in the browser address box to confirm that HTTPS is being used?
A padlock icon and https
Which tool can be used to disable Internet Explorer?
Program and Features, Turn Windows features on or off
Which of the following can you try if you have a problem with Internet Explorer 11?
Installing Windows updates
Which version of Internet Explorer comes with Windows 10/8/7?
Internet Explorer 11
Which option in the Delete Browsing History settings allows you to keep cookies and temporary Internet files from your favorite websites?
Preserve Favorites website data
What is stored in the Temporary Internet files and website files option?
Copies of webpages, images, and media for faster viewing
Which setting should you delete if you want to clear the list of websites you have visited?
History
What type of data is stored under the 'Form data' option?
Information typed into forms
Which option specifically stores passwords to automatically fill in when signing into websites?
Passwords
Tracking Protection in Internet Explorer helps to:
Reduce the risk of automatic sharing of visit details by some websites
Which tab would you use to change the home page in Internet Explorer?
General tab
Where can you block cookies that might invade your privacy?
Privacy tab
Which tab is used for configuring proxy server settings in Internet Explorer?
Connections tab
Add-ons in Internet Explorer are managed through which tab?
Programs tab
If you need to access miscellaneous settings to control Internet Explorer, which tab would you use?
Advanced tab
Which file system is required for using Windows Encrypted File System (EFS)?
NTFS
How is the encryption status of files and folders visually represented in Windows Explorer?
Green text
What happens to an encrypted file if it is moved to an unencrypted folder?
It remains encrypted
Which editions of Windows support Windows Encrypted File System (EFS)?
Professional
What are the steps to encrypt a file or folder using EFS?
Right-click it, open Properties, click General tab, check Encrypt in Advanced Attributes
What component on the motherboard holds the BitLocker encryption key during computer authentication?
TPM
Which method of BitLocker authentication requires a USB drive?
User authentication
What is required during every startup in the Computer and User Authentication method?
A PIN or password
What is BitLocker primarily designed to encrypt?
The entire Windows volume and other volumes on the drive
What happens if a hard drive encrypted with BitLocker is stolen and the startup key is not available?
The data remains unreadable
What is one of the risks associated with using BitLocker?
TPM failure
What should you do to mitigate the risks when using BitLocker?
Store an extra copy of the startup key and/or password in a safe location
Where do you enable the TPM chip to start BitLocker Drive Encryption?
BIOS/UEFI setup
When is it advisable to use BitLocker?
When the benefit of encrypting data exceeds the risk of losing the BitLocker key
What is the first step in starting BitLocker Drive Encryption?
Enabling the TPM chip in BIOS/UEFI setup
What type of firewall is a router considered to be?
Hardware firewall
Which type of firewall might a large corporation use?
Corporate firewall
What is another name for a personal firewall?
Host firewall
What is Windows Firewall?
A personal firewall
What happens to Windows Firewall when you set up a new network connection?
It is automatically configured
What is one method of managing shared resources?
Assigning permissions to user accounts
In the context of folder and file management, what is assigned to control access?
User permissions
What else, besides user accounts, can be assigned permissions to manage shared resources?
Folders, files, and printers
Which of the following is a direct way to control access to shared folders?
Assigning permissions to folders, files, and printers
Which process involves assigning specific rights to users for accessing shared resources?
Permission assignment
What does the principle of least privilege entail?
Assigning computer users only the rights required to perform their job
How can privileges be altered after a user account is created?
By changing the user groups the account belongs to
Which tool can be used to create user accounts?
User Accounts applet in Control Panel
Where else can user accounts be managed apart from the User Accounts applet in Control Panel?
Local Users and Groups utility in the Computer Management console
When are rights or privileges for a user account first established?
When an account is created
Which console is used to create a user account in Windows?
Computer Management console
Which user account type in Windows has administrative privileges?
Administrator account
What is the first step to create a user account using Computer Management console?
Open the Computer Management console
Where do you right-click to add a new user in the Computer Management console?
Users
What must be done after entering the information for a new user in the Computer Management console?
Click Create
Which user group has limited privileges and gets a temporary profile that is deleted upon logoff?
Guests group
Which user group is retained in Windows 10/8/7 primarily for backward compatibility?
Power Users group
Which user group in older editions could install apps and perform limited administrator tasks?
Power Users group
What is a characteristic of the Guests group in built-in user groups?
Given a temporary profile that is deleted when user logs off
Which of the following describes the Power Users group?
Can read from and write to parts of the system and perform limited administrator tasks
Which user group includes all user accounts except the Guest account?
Authenticated Users group
What is the key advantage of using customized user groups?
Simplifies permission management for multiple users
In which console can custom user groups be created in business editions of Windows?
Management Console
Which group includes both the Authenticated Users group and the Guest account?
Everyone group
Who do anonymous users refer to?
Users who have not been authenticated on a remote computer
Which folder is recommended for placing data that all users can share?
C:\Users\Public
What is the primary benefit of workgroup sharing?
Offers better security than a homegroup
Where should private data for individual users be stored?
C:\Users folder for that user
Who manages security if a computer belongs to a domain?
Network administrator
Which practice offers the best security for shared data?
Creating a separate folder with assigned permissions
Which type of permissions in Windows only apply to network users and not to local users?
Share permissions
What types of permissions apply to both folders and individual files?
NTFS permissions
Where can NTFS permissions be configured in Windows?
Security tab in the Properties box
Which permissions apply to a folder and its contents but not to individual files?
Share permissions
On what type of volume do NTFS permissions work?
NTFS volumes
What happens to an object's permissions when it is moved to a different folder on the same volume?
The object retains its permissions from the original folder
If an object is copied to a new folder, what permissions does it inherit?
Permissions from the destination folder
How are conflicting NTFS permissions resolved?
The more liberal permission applies
What describes inherited permissions?
Permissions that come from a parent object
Which principle applies when both share and NTFS permissions are used?
The most restrictive permission applies
Study Notes
Controlling Access to Computer Resources
- Controlling access to computer resources involves two key processes: Authentication and Authorization.
Authentication
- Defines the process of verifying an individual's identity to ensure they are who they claim to be.
- In a Windows domain, Active Directory (AD) is responsible for authentication.
Authorization
- Determines the actions an individual can perform within the system after successful authentication.
Password Management
- Each user account should be assigned a password for secure access.
- It's recommended to give users the ability to change their own passwords.
Creating Strong Passwords
- A strong password should be resistant to being guessed by both humans and computer programs
- Strong password criteria:
- Must have at least 16 characters
- Combination of:
- Uppercase and lowercase letters
- Numbers
- Symbols
- At least one symbol must be included
- Avoid using:
- Consecutive letters or numbers
- Adjacent keyboard keys
- Sign-in name
- Words in any language
- Do not reuse passwords across multiple systems
Windows Authentication Tools
- Three tools control user and computer privileges:
- Group Policy: works in Active Directory (AD) on a Windows domain
- Local Group Policy (gpedit.msc): applies only to local computer or user, contains a subset of Group Policy settings
- Local Security Policy (secpol.msc): applies only to local computer's Windows security settings, contains a subset of Local Group Policy settings
Availability of Local Policy Editors
- Local Group Policy and Local Security Policy editors available with:
- Business editions of Windows
- Professional editions of Windows
Windows Authentication Policy Management
- Two windows are used to manage security policies and settings: Local Group Policy editor and Local Security Policy editor.
- These windows have different available settings.
- The Local Security Policy editor is used to edit a subset of policies available in the Local Group Policy editor.
- The Local Group Policy editor has more comprehensive policy settings compared to the Local Security Policy editor.
Managing User Credentials in Windows
- To access Credential Manager, open the applet in Control Panel
- Credential Manager allows management of: • Web credentials • Windows credentials
- In Web Credentials, you can: • Edit user name and password to access websites • Delete website login credentials
- In Windows Credentials, you can: • Edit Windows user names • Edit Windows passwords • Edit and delete digital certificates installed on the system
BIOS/UEFI Passwords
- BIOS/UEFI firmware on the motherboard offers three types of power-on passwords:
Types of Power-on Passwords
- Supervisor password: required to change BIOS/UEFI setup, providing an additional layer of security
- User password: required to use the system or view BIOS/UEFI setup, restricting access to system and setup
- Drive lock password: required to access the hard drive, adding an extra layer of security to data stored on the drive
Securing Internet Explorer
- Internet Explorer 11 is the default browser in current releases of Windows 10/8/7
- Windows 10 features Microsoft Edge as a replacement browser for Internet Explorer
Internet Explorer 11 Tips
- To open the menu bar, press the Alt key or right-click a blank area in the title bar and check Menu bar in the shortcut menu
- Verify HTTPS (HTTP Secure) by looking for https and a padlock icon in the browser address box
- Troubleshooting IE 11 issues:
- Install Windows updates
- Apply a restore point
- Refresh Windows 10/8
- Internet Explorer can be disabled by using Program and Features, Turn Windows features on or off
Deleting Browsing History
- Preserve Favorites website data: Allows cookies and temporary Internet files to retain preferences and display faster for favorite websites.
- Temporary Internet files and website files: Copies of webpages, images, and media saved for faster viewing.
- Cookies and website data: Files or databases stored on your computer by websites to save history, preferences, or improve website performance.
- Components of browsing history: Includes history, download history, form data, passwords, and tracking protection.
- History: A list of websites you have visited.
- Download History: A list of files you have downloaded.
- Form data: Saved information that you have typed into forms.
- Passwords: Stored passwords that are automatically filled in when you sign in to a website you have previously visited.
- Tracking Protection, ActiveX Filtering, and Do Not Track: A list of websites excluded from tracking data, used to detect when sites might automatically be sharing details about your visit, and exceptions to Do Not Track requests.
Internet Options Box
- General tab: allows changing the home page or adding a secondary home page tab, and protects identity and surfing records
- Security tab: enables setting a zone security level
Configuring Privacy and Security
- Privacy tab: blocks cookies that might invade privacy or steal identity
Network and Proxy Settings
- Connections tab: configures proxy server settings and creates a VPN connection
Managing Add-ons
- Programs tab: manages add-ons (also called plug-ins)
Miscellaneous Settings
- Advanced tab: contains various settings to control Internet Explorer
File and Folder Encryption in Windows
- Windows Encrypted File System (EFS) enables file and folder encryption
- EFS is compatible with NTFS file system and business/professional editions of Windows
- Encrypting a folder ensures all files created in or copied to the folder are automatically encrypted
- Encrypted files remain encrypted even when moved to an unencrypted folder
Encrypting a Folder or File
- Right-click the folder or file and open its Properties box
- Click Advanced on the General tab
- Check Encrypt contents to secure data and click OK in the Advanced Attributes box
Identifying Encrypted Files and Folders
- Encrypted file and folder names are displayed in green by default in File Explorer or Windows Explorer
BitLocker Drive Encryption
- Encrypts the entire Windows volume and any other volume on the drive
- Restricts access by requiring one or two encryption keys
- Works in partnership with file and folder encryption
Ways to Use BitLocker Encryption
-
Computer Authentication
- Requires a Trusted Platform Module (TPM) chip on the motherboard
- Stores the BitLocker encryption key (startup key) in the TPM
- Prevents access to the hard drive if it's stolen without the startup key
-
User Authentication
- Stores the startup key on a USB drive
-
Computer and User Authentication
- Requires a PIN or password at every startup
- Example of multifactor authentication (MFA)
BitLocker Encryption Considerations
- BitLocker provides great security, but it comes with two significant risks: TPM failure and losing all copies of the BitLocker startup key.
- Use BitLocker only if the risks of data theft outweigh the risks of using the encryption.
Protecting BitLocker Keys
- Make extra copies of the startup key and/or password to mitigate the risk of losing access.
- Keep the extra copies in a safe and secure location.
Enabling BitLocker
- Enable the TPM chip in the BIOS/UEFI setup to start using BitLocker.
- Open the BitLocker Drive Encryption applet in Control Panel to access the encryption feature.
Firewall Types and Functions
- A router can serve as a hardware firewall
- A corporate firewall is a software firewall installed on a computer between the Internet and the network, often used by large corporations
- A personal firewall (also known as a host firewall) is software that protects an individual computer
Windows Firewall Settings
- Windows Firewall is a personal firewall that protects a computer
- Windows Firewall is automatically configured when setting up a new network connection
- Windows Firewall settings can be customized
Managing User Credentials
- The Credential Manager applet in Control Panel allows you to manage web credentials and Windows credentials.
- You can edit or delete user names and passwords to access websites.
- You can also edit and delete Windows user names, passwords, and digital certificates installed on the system.
Using BIOS/UEFI Passwords to Authenticate Users
- BIOS/UEFI firmware on the motherboard offers power-on passwords, including:
- Supervisor password: required to change BIOS/UEFI setup.
- User password: required to use the system or view BIOS/UEFI setup.
- Drive lock password: required to access the hard drive, stored on the hard drive.
Securing Internet Explorer
- The Internet Options dialog box can be used to secure Internet Explorer.
- Tips for using Internet Explorer 11:
- Press the Alt key or right-click a blank area in the title bar to open the menu bar.
- Look for https and a padlock icon in the browser address box when HTTPS is used.
- Try installing Windows updates, applying a restore point, or refreshing Windows 10/8 if you have a problem with IE 11.
Deleting Browsing History
- Options for deleting browsing history in Internet Explorer:
- Preserve Favorites website data: keeps cookies and temporary Internet files for favorite websites.
- Temporary Internet files and website files: copies of webpages, images, and media saved for faster viewing.
- Cookies and website data: files or databases stored on your computer by websites.
- History: list of websites you have visited.
- Download History: list of files you have downloaded.
- Form data: saved information typed into forms.
- Passwords: stored passwords automatically filled in when signing in to a website.
- Tracking Protection, ActiveX Filtering, and Do Not Track: list of websites excluded from tracking data.
File and Folder Encryption
- Windows Encrypted File System (EFS) can be used to encrypt files and folders.
- EFS only works with the NTFS file system and business/professional editions of Windows.
- An encrypted file remains encrypted if moved to an unencrypted folder.
- To encrypt a folder or file, right-click it, open its Properties box, and check Encrypt contents to secure data.
BitLocker Encryption
- BitLocker Drive Encryption encrypts the entire Windows volume and any other volume on the drive.
- BitLocker works in partnership with file and folder encryption.
- Three ways to use BitLocker Encryption:
- Computer Authentication: uses a TPM chip on the motherboard to hold the BitLocker encryption key.
- User Authentication: stores the startup key on a USB drive.
- Computer and User Authentication: requires a PIN or password at every startup, an example of multifactor authentication.
Windows Firewall Settings
- A router can serve as a hardware firewall.
- A personal firewall, such as Windows Firewall, protects a computer.
- Windows Firewall is automatically configured when setting up a new network connection and can be customized.
Controlling Access to Folders and Files
- Managing shared resources is accomplished by:
- Assigning permissions to user accounts.
- Assigning permissions to folders, files, and printers.
Using Windows to Authenticate Users
- Controlling access to computer resources is done by:
- Authentication: proves that an individual is who they say they are.
- Authorization: determines what an individual can do in the system after authentication.
- Create strong passwords by using 16 or more characters, combining uppercase and lowercase letters, numbers, and symbols, and avoiding common patterns.
User Account Management
- The principle of least privilege is an approach to assigning users the minimum rights required to perform their job tasks.
- User rights or privileges are initially established during user account creation, which determines the account type.
- Privileges can be modified later by changing the user groups associated with the account.
- User accounts can be created using two methods:
- Through the User Accounts applet in the Control Panel.
- Through the Local Users and Groups utility in the Computer Management console.
Classifying User Accounts
- There are two main types of user accounts: Administrator account and Standard user account
Creating a User Account using Computer Management
- To create a user account, open the Computer Management console (compmgmt.msc)
- To create a new user, right-click Users under Local Users and Groups and select New User in the shortcut menu
- Enter required information for the new user and click Create to complete the process
Built-in User Groups
- There are three main built-in user groups in Windows: Administrators, Users, and Guests.
- The Guests group has limited privileges and is assigned a temporary profile that is deleted when the user logs off.
- The Power Users group is available in older editions of Windows and allows users to read from and write to parts of the system, install apps, and perform limited administrator tasks.
- In Windows 10, 8, and 7, the Power Users group is only available for backward compatibility.
Classifying User Accounts and User Groups
Built-in User Groups
- Windows automatically assigns built-in user groups to an account, including:
- Authenticated Users group, which includes all user accounts except the Guest account
- Everyone group, which includes the Authenticated Users group as well as the Guest account
- Anonymous users are users who have not been authenticated on a remote computer
Customized User Groups
- Custom user groups can be created using:
- Management Console
- Local Users and Groups console in business and professional editions of Windows
- Creating custom user groups makes it:
- Easier to assign permissions to user groups rather than to individual accounts
- Useful when several users need the same permissions
Managing Shared Folders and Files in Windows
- There are two general strategies for managing shared folders and files in Windows: Workgroup sharing and Domain Controlling
- Workgroup sharing offers better security than a homegroup
- Domain Controlling is used when a computer belongs to a domain, and all security is managed by the network administrator for the entire network
Organizing Shared Data
- Private data for individual users should be kept in the C:\Users folder for that user
- Data for all users to share should be placed in the C:\Users\Public folder
- For best security, create a folder outside of the above folders and assign permissions to that folder and its subfolders
- This allows control over access, granting permissions to:
- All users
- Certain users or user groups
Methods to Assign Permissions to Folders and Files
Workgroup Sharing Methods
- Windows offers two methods to share a folder using workgroup sharing
Share Permissions
- Grant permissions only to network users, not to local users
- Apply to a folder and its contents, not to individual files
NTFS Permissions
- Apply to both local users and network users
- Apply to both folders and individual files
- Work only on NTFS volumes
- Configured using the Security tab in a file or folder's Properties box
Implementing Permissions
- When both share and NTFS permissions are used, the most restrictive permission is applied.
- When NTFS permissions conflict, the more liberal permission is applied.
Permission Propagation
- Permission propagation occurs when permissions are passed from parent to child.
Inherited Permissions
- Inherited permissions are permissions attained from a parent object.
Moving and Copying Objects
- When an object is moved or copied to a folder, it takes on the permissions of that folder.
- Exception: When an object is moved (not copied) from one location to another on the same volume, it retains its original permissions from the original folder.
Learn about the basics of controlling access to computer resources, including authentication and authorization, and how Windows Active Directory handles user authentication.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free