3.4 Flashcards
Rodney, a user in the research department, uses a Windows 8 laptop computer with a single NTFS volume.
Rodney recently left the company on short notice. Rodney’s manager, Kate, wants access to all of Rodney’s files.
You grant Kate administrative privileges for Rodney’s computer and give her the computer. Later, Kate
informs you that she cannot open one of Rodney’s documents, receiving an access denied message.
You realize that Kate is trying to access a file that Rodney encrypted using EFS. You want to let Kate open the file.
What should you do?
Log on to the laptop using an account with DRA privileges. Clear the Encrypt attribute on the file.
Log on to the laptop using an account with KRA privileges. Clear the Encrypt attribute on the file.
Give Kate the Allow Full Control permission to the problem file. Have her clear the Encrypt attribute for the file.
Instruct Kate to use the Robocopy command to copy the file to a FAT32 partition to remove the encryption.
Log on to the laptop using an account with DRA privileges. Clear the Encrypt attribute on the file.
Rodney stores private company documents on his laptop and is concerned about the documents falling into
the wrong hands if his laptop is stolen. Rodney wants you to protect the entire contents of his Documents
folder.
You log on to Rodney’s computer using your administrative account and enable the Encrypt attribute for
Rodney’s Documents folder and apply the change to all subfolders and files. You then return Rodney’s laptop
to him. Rodney soon informs you that he cannot access any documents in his Documents folder.
You want to let Rodney access the documents in his Documents folder. You also want to ensure that the
documents are encrypted.
What should you do? (Choose two. Each correct choice is part of the solution.)
Instruct Rodney to log on to his computer. Have him set the Encrypt attribute to the Documents folder. Apply the change to all subfolders and files.
Log on using your administrative account. Add Rodney as an authorized user for Rodney’s Documents folder. Apply the change to all subfolders and files.
Import an EFS certificate and private key for Rodney on his computer.
Log on using your administrative account. Clear the Encrypt attribute on Rodney’s Documents folder.
Apply the change to all subfolders and files.
Instruct Rodney to log on to his computer. Have him set the Encrypt attribute to the Documents folder. Apply the change to all subfolders and files.
Log on using your administrative account. Clear the Encrypt attribute on Rodney’s Documents folder. Apply the change to all subfolders and files.
Rodney, a user in the research department, uses a Windows 8 laptop computer with a single NTFS volume.
Rodney shares the laptop with his manager, Kate.
Rodney stores private company documents in the C:\Data folder on his laptop. Both Rodney and Kate access
the documents when they are using the laptop. Rodney is concerned about the documents falling into the
wrong hands if his laptop is stolen. Rodney wants to protect the entire contents of the C:\Data folder.
You want to help Rodney encrypt the contents of the C:\Data folder so that Kate and Rodney are the only
authorized users.
What should you do?
Log on to Rodney’s computer using your administrative account. Remove all NTFS permissions on the C:
Data folder except Rodney’s user account and Kate’s user account. Grant them Full Control to the C:
Data folder.
Instruct Rodney to log on to his computer, edit the properties of the C:\Data folder, and enable the
Encrypt attribute. Add Kate as an authorized user for each file in the C:\Data folder.
Instruct Rodney to log on to his computer, edit the properties of the C:\Data folder, and remove all NTFS
permissions except for his user account and Kate’s user account. Grant his user account and Kate’s user
account Full Control to the C:\Data folder.
Log on to Rodney’s computer using your administrative account. Edit the properties of the C:\Data folder
and enable the Encrypt attribute. Add Rodney and Kate as authorized users for each file in the C:\Data
folder.
Instruct Rodney to log on to his computer, edit the properties of the C:\Data folder, and enable the
Encrypt attribute. Add Kate as an authorized user for each file in the C:\Data folder.
Rodney, a user in the research department, uses a Windows 8 laptop computer with a single NTFS volume.
Rodney’s computer is running out of space, so its volume is compressed.
Rodney stores a private company document named Stats.dat on his laptop and is concerned about the
document falling into the wrong hands if his laptop is stolen. Rodney stores the Stats.dat file in the root of his
Documents folder. Rodney’s program for editing the Stats.dat file stores temporary data in the same folder
where the file being edited is located.
You want to encrypt the Stats.dat file so that Rodney is the only authorized user. You also want to make sure
that any temporary copies of the file while it is open are also encrypted. No other files should be encrypted.
What should you do? (Choose two. Each correct choice is a required part of the solution.)
Instruct Rodney to encrypt the Stats.dat file and his Documents folder.
Instruct Rodney to uncompress his computer’s NTFS volume and all folders and files on the volume.
Instruct Rodney to uncompress the Stats.dat file.
Instruct Rodney to create a new folder for the Stats.dat file, move the file to the folder, then encrypt the folder and all its contents.
Instruct Rodney to encrypt his computer’s NTFS volume and all folders and files on the volume.
Instruct Rodney to uncompress the Stats.dat file.
Instruct Rodney to create a new folder for the Stats.dat file, move the file to the folder, then encrypt the folder and all its contents.
Members of the sales team use laptop computers while traveling. You have configured EFS for all sales team
members and used Group Policy to require that all documents in their My Documents folders is encrypted.
You recently learn of an attack that allows hackers to read the contents of the system paging file. You would
like to protect the contents of the pagefile with EFS.
What should you do?
Log in to each computer as an administrator. Manually encrypt the pagefile.sys file.
Create a script that uses the Cipher command to encrypt the pagefile. Configure the script to run each time the computer boots.
Instruct each user how to encrypt the pagefile. Have them encrypt the pagefile immediately after logging on.
In the GPO for the sales team computers, enable pagefile encryption.
In the GPO for the sales team computers, enable pagefile encryption.
Members of the sales team use laptop computers while traveling. All laptops run Windows 8. All computers in
the domain use smart cards for authentication. You have configured EFS in your domain to use the
certificates on the smart card for encryption.
To protect the data on each laptop, you want the contents of each user’s Documents folder to be encrypted.
All sensitive documents are to be saved in this folder. You also want to ensure that any temporary files used
by applications while the files are open are also encrypted.
If possible, you want to enforce encryption so that users cannot disable encryption.
What should you do?
Create a Group Policy Object (GPO) that applies to all sales laptop computers. Configure the GPO to encrypt the Documents folder. Configure the GPO to create a caching-capable user key from the smart card.
Create a Group Policy Object (GPO) that applies to all sales laptop computers. Configure the GPO to encrypt the Documents folder. Have each user manually encrypt all temporary directories used by applications.
Have each user encrypt their Documents folder and all temporary directories used by applications.
Log on to each laptop with your account. Encrypt the Documents folder for the user. Encrypt all temporary directories used by applications.
Create a Group Policy Object (GPO) that applies to all sales laptop computers. Configure the GPO to encrypt the Documents folder. Have each user manually encrypt all temporary directories used by applications.
Members of the sales team use laptop computers while traveling. All laptops run Windows 8. You have
enabled EFS in your domain, and have configured a Group Policy Object (GPO) to enforce encryption of the
Documents folder on each of the sales computers.
You would like to use certificates stored on smart cards to increase the security of EFS for each laptop
computer. You want to require these certificates to be used for EFS on the laptop computers.
You add a smart card reader for each laptop and configure smart cards for each sales team member. You
configure the GPO to require a smart card for EFS.
What else must you do to complete the configuration? (Select two. Each choice is a required part of the
solution.)
Have each user run Robocopy for all encrypted files.
Configure the GPO to create a caching-capable user key from the smart card.
Install Windows 8 SP1 on all laptops.
Have each user run Rekeywiz for all existing encrypted files.
Have each user run Rekeywiz for all existing encrypted files.
You have a Windows 8 laptop that is shared by three users. The computer is not a member of a domain.
Each user has been using EFS to encrypt their personal files on the laptop.
You would like to add your user account as a recovery agent so you can recover any encrypted file encrypted
by any user on the laptop. You would like to store the recovery keys on a smart card.
What should you do first?
Run cipher /rekey.
Run cipher /r.
Add a Data Recovery Agent to the Encrypting File System policy.
Have each user run cipher /u.
Run cipher /r.
You have a Windows 8 laptop that is shared by three users. The computer is a member of a domain.
Each user has been using EFS to encrypt their personal files on the laptop.
You would like to add your user account as a recovery agent so you can recovery any encrypted file
encrypted by any user on the laptop. You would like to store the recovery keys on a smart card.
You install a smart card reader and obtain a new smart card with a certificate that can be used for EFS
recovery. You add a data recovery agent using Group Policy.
What should you do next?
Have each user add your user account as an authorized user.
Have each user run cipher /rekey.
Run cipher /r.
Have each user run cipher /u.
Run rekeywiz.
Have each user run cipher /u.
You have a laptop running Windows 8.
You have been encrypting files on your computer using EFS and a self-signed certificate.
You now want to protect your encrypted files using a certificate on a smart card. You install a smart card
reader and obtain a smart card with a new certificate.
You want to make sure that all encrypted files use the certificate on the smart card.
What should you do first?
Run rekeywiz.
Unencrypt all encrypted files.
Add a data recovery agent using the smart card certificate to the local security policy.
Run cipher /r.
Run rekeywiz.
You have two computers that run Windows 8: Compl and Comp2. Both computers are members of a domain.
You have a domain user account named EFS-Recovery. You use the user account to recover some files on
Compl. You need to recover some files on Comp2, but are unsuccessful.
What should you do?
Copy the file from Comp2 to a FAT32 partition.
Export the recovery agent keys from Compl and import them to Comp2.
On Comp2, run cipher /rekey.
Take ownership of the file on Comp2.
Export the recovery agent keys from Compl and import them to Comp2.
