2.5 – Windows Security - Defender Antivirus

Questions and Answers

A user has full control share permissions and read-only NTFS permissions on a shared folder. What is the effective permission level for the user?

• Full control
• Read-only (correct)
• Change
• Modify

What is the primary purpose of User Account Control (UAC) in Windows?

• To limit application capabilities requiring explicit approval. (correct)
• To manage network share permissions.
• To provide single sign-on functionality.
• To encrypt the entire Windows volume.

Which of the following is NOT a typical sign-in option for Windows?

• Personal Identification Number (PIN)
• Picture Password
• Security Key
• Voice Recognition (correct)

What happens to NTFS permissions when a file is moved to a different folder on the same volume?

The file retains its original permissions. (C)

Why might a user choose to use Encrypting File System (EFS) instead of BitLocker?

EFS allows for encryption of specific files and folders, offering more granular control. (D)

When connecting to a shared folder over the network, which set of permissions is checked first?

Share Permissions (B)

Which action requires a user to have elevated privileges or administrator rights in Windows?

Installing a new printer driver. (A)

What is the main advantage of using a Microsoft Account to log into a Windows device compared to a local account?

It seamlessly integrates with other Microsoft services like Skype and OneDrive. (B)

If a user is a member of both the 'Remote Management Users' and 'Administrators' groups, which of the following is true?

They have administrative access to the device. (C)

What is the purpose of BitLocker To Go?

To encrypt data stored on a USB flash drive. (C)

When does Windows prompt the User Account Control (UAC) window?

When a standard user attempts to change their password. (D)

What is the difference between explicit and inherited permissions in NTFS?

Explicit permissions are manually assigned, while inherited permissions are derived from the parent folder. (D)

Why might a user not be able to access EFS encrypted files after an administrator resets their password?

The EFS encryption key is based on the user's original password, and resetting it can lead to data loss. (A)

Which of the following is NOT a permission available for share permissions?

Modify (A)

Under which circumstance would an administrator most likely use the 'Run as administrator' option?

To install a program that requires access to system files. (D)

Which type of Windows account is associated with a specific device, and logs in only to that device?

Local Account (C)

How can a user grant temporary elevated rights to an application?

By right-clicking the application and selecting 'Run as administrator'. (C)

Which is the primary reason to encrypt a Windows volume with BitLocker?

To prevent unauthorized access to data if the device is lost or stolen. (B)

What does the Secure Desktop accomplish when the User Account Control (UAC) window appears?

It provides a secure environment to review and approve changes, minimizing potential risks. (B)

What should be considered before elevating permissions using User Account Control (UAC)?

All of the above (D)

What happens when a user logs into a Windows Domain?

They can connect to other resources without re-entering credentials. (B)

Which permission level grants users the ability to read, write, modify, and delete files and subfolders?

Full Control (D)

If a folder has inherited permissions from a parent folder, how can you prevent a subfolder from inheriting those same permissions?

By disabling inheritance and converting inherited permissions to explicit permissions. (B)

Which of the following is a characteristic of NTFS permissions?

They offer a detailed set of permissions including 'Full Control', 'Modify', and 'Read'. (B)

Why are NTFS permissions important for securing data on a local Windows device?

They control which users and groups can access specific files and folders. (B)

Flashcards

Local Accounts

Accounts stored on a local device, used to log in to that specific Windows device.

Microsoft Account Login

Logging in using your Microsoft account integrates services like Skype, Office, and OneDrive.

Local Users and Groups

Details on users who can log in and their rights/permissions on the device.

Username and Password

A common login method requiring a username and corresponding password.

Personal Identification Number (PIN)

Instead of a password, use a numeric code for login.

Biometric Login

Uses facial recognition for login.

Windows Domain Single Sign-On

Single sign-on allows access to other resources without re-entering credentials.

NTFS Permissions

Permissions associated with a file or folder in NTFS.

Share Permissions

Permissions associated with accessing a shared resource over a network.

Restrictive Permissions

When NTFS and share permissions conflict, the most restrictive permission applies.

Inherited NTFS Permissions

NTFS permissions are inherited from the parent folder.

Explicit Permissions

Permissions assigned to a file or folder directly, overriding inherited permissions.

Elevated Account

Requires administrator rights to perform certain functions.

Run as Administrator

Right-click application and select 'Run As Administrator.

User Account Control (UAC)

A Windows features that limits user capabilities unless explicitly approved.

Secure Desktop

A Windows screen to understand changes.

BitLocker

Encrypts the entire Windows volume.

BitLocker To Go

Encrypts data written to USB.

Encrypting File System (EFS)

Encrypts individual files and folders in NTFS.

EFS Encryption Key

Based on your username and password.

Study Notes

• To use most operating systems, you must log in and Windows is no exception.
• There are different options for logging in.

Login Options

• One option is with accounts stored on the local device, referred to as local accounts, providing access to that specific Windows device.
• Alternatively, a Microsoft account, configured on the Microsoft Cloud, can be used to log in to the local device.
• Microsoft account logins integrate with Microsoft technologies like Skype, Office, and OneDrive.
• In offices or enterprises, users log in with their Windows domain credentials.

Account Storage

• Local account details are stored under local users and groups.
• This includes a list of users who can log in to the device, along with their rights and permissions.
• Users can be added to groups to grant them specific rights and permissions.
• Adding a user to the administrators group grants them administrative access on the device.
• Other groups include event log readers and remote management users.
• The most common login credentials are a username and password.

Authentication Options

• After logging into Windows, other authentication options are available, like a personal identification number (PIN).
• Windows includes biometrics for logging in, such as facial recognition if the device has a camera.
• On a Windows domain, single sign-on eliminates the need to re-enter credentials when connecting to other resources.

Managing Login Methods

• To add or change login methods, access the settings under accounts and sign-in options.
• Options include facial recognition, fingerprint recognition, PIN, security key with USB, password, or picture password.

NTFS Permissions

• On a local device, file rights and permissions are based on the permissions associated with NTFS.
• Every file or folder in NTFS has a Security tab to specify the groups/users with access and their associated rights/permissions.

Share Permissions

• When connecting across a network, access is subject to share permissions and NTFS permissions.
• Share permissions are associated with access to a share across the network.
• The most restrictive access between share permissions and NTFS permissions takes priority.
• If a share has full access, but NTFS permissions are set to read-only, access will be read-only.

Inheritance

• NTFS permissions are inherited from the parent folder.
• Assigning permissions to a folder applies those permissions to its subfolders and files, unless otherwise specified.
• Moving an NTFS file/folder to a different folder on the same volume retains its original permissions.

Permission Types

• NTFS permissions offer configuration options like full control, modify, read and execute, and list folder contents.
• Share permissions allow assigning users and groups with options for full control, change, and read.
• Explicit permissions are assigned to objects in the file system.
• Inherited permissions are automatically associated with an object based on its parent.

Elevated Accounts

• By default, not every user has access to every part of the operating system.
• Elevated or administrator rights are needed to edit system files, install services, and perform enhanced functions.
• Even with assigned administrator rights, they take effect only when explicitly requested.
• To run an application with elevated rights, right-click and choose "Run As Administrator."

User Account Control

• Windows includes User Account Control (UAC), which limits user capabilities until approval is granted.
• Standard users may see a UAC window to use the network or change a password.
• Administrators may see a UAC window when installing applications or updating device drivers.
• The secure desktop UAC window provides information about changes and potential risks.
• An unexpected UAC window for a normal application requires careful consideration.

BitLocker

• A powerful security feature in Windows is the ability to encrypt an entire volume using BitLocker.
• BitLocker encrypts everything, including personal files and the operating system.
• Encrypting safeguards data if a laptop is lost or stolen, even if the storage drive is moved to another system.
• BitLocker To Go encrypts data written to a USB flash drive.

Encrypting File System

• Encrypting File System (EFS) can encrypt specific files or folders.
• EFS only exists in NTFS meaning most versions of Windows have the feature
• EFS works in all Windows editions except the home editions.
• The encryption key used for EFS is based on the user's username and password.
• Resetting a user's password administratively may cause loss of access to EFS encrypted data.