Configure Workstation Security

Question 1

Answer 1

Using the local Group Policy editor to view password policies.

Question 2

Answer 2

Using the Properties dialog box to unlock a user account.

Question 3

Answer 3

Configuring AutoPlay. D3300 is a digital camera that has been connected to the computer previously.

Question 4

Answer 4

Windows Defender Antivirus configuration page within the Windows Security app.

Question 5

Answer 5

The Real-time protection setting can be toggled off to disable Windows Defender Antivirus temporarily.V

Question 6

Answer 6

Windows Defender Firewall with Advanced Security—Profile Settings.

Question 7

Answer 7

Configuring inbound filtering rules in Windows Firewall with Advanced Security.

Question 8

Answer 8

Applying encryption to a folder using EFS.

Question 9

Answer 9

A file that has been encrypted cannot be opened by other users—even administrators.

Question 10

Answer 10

Configuring BitLocker and BitLocker To Go via the Control Panel.

Question 11

Answer 11

Removable drive protected with BitLocker To Go. (Screenshot courtesy of Microsoft.)

Question 12

Length & Complexity: A strong password

Answer 12

• should be at least 12-16 characters long, incorporating uppercase and lowercase letters, numbers, and special symbols.

Question 13

passwords

Avoid Common Words:

Answer 13

-Using dictionary words, personal information, or predictable sequences (like 123456 or password) makes passwords highly vulnerable to brute-force attacks.

Question 14

password

• Unique Passwords Per Account:

Answer 14

Reusing passwords across multiple accounts increases the risk—if one password is compromised, all linked accounts become accessible.

Question 15

passwords

• Password Managers:

Answer 15

These tools help generate and store complex passwords, eliminating the need for users to remember multiple credentials manually.

Question 16

passwords

• Regular Updates:

Answer 16

Changing passwords periodically reduces the risk of long-term exposure in case of a breach.

Question 17

passwords

• Multifactor Authentication (MFA):

Answer 17

Even if a company can’t universally implement MFA, using it where possible significantly strengthens security by requiring a secondary authentication factor.

Question 18

passwords

• Monitoring for Breaches:

Answer 18

Keeping an eye on password breaches using services like Have I Been Pwned can alert users if their credentials have been exposed.

Question 19

BIOS/UEFI passwords

Answer 19

restrict system access before booting, with UEFI potentially supporting pre-boot authentication for network credential verification.

Question 20

End-user security best practices

Answer 20

involve locking workstations when unattended, securing devices against theft, and protecting personal and confidential information from exposure or unauthorized access.

Question 21

Account management

Answer 21

follows the principle of least privilege, limiting user permissions and minimizing admin accounts to reduce security risks, with protections like UAC and sudo.

Question 22

Default administrator accounts

Answer 22

should be disabled if possible; otherwise, they must be secured with unique passwords, monitored for usage, and restricted to prevent unauthorized access or privilege misuse.

Question 23

Guest accounts

Answer 23

allow unauthenticated access, so they should be disabled unless required for specific functions like passwordless file sharing, and monitored across systems to ensure compliance with security policies.

Question 24

Account policies

Answer 24

enforce security controls through OS settings like Local Security Policy and Group Policy Objects, implementing login time restrictions, failed attempt lockouts, concurrent session limits, and automatic screen locking to enhance protection against unauthorized access.

Question 25

Execution control

Answer 25

strengthens security by preventing malicious software from running, ensuring protection beyond user authentication and authorization policies.

Question 26

Restricting untrusted software

Answer 26

execution prevents malware spread, with Windows enforcing controls via UAC and system policies, Linux using cryptographic key signing, mobile OS vendors adopting store-based security, and third-party suites enabling allowlists or blocklists for application control.

Question 27

AutoRun and AutoPlay

Answer 27

AutoRun in legacy Windows versions allowed automatic execution of files, posing a security risk, while modern Windows mitigates this by prompting users through AutoPlay and requiring explicit permission via User Account Control (UAC). autorun.inf file stored in the root of the drive

Question 28

Windows Defender Antivirus

Answer 28

is a built-in security solution for Windows that detects and prevents malware execution using signature-based detection and heuristic analysis, reinforcing workstation security against social engineering attacks, exploits, and various forms of malicious software.

Question 29

Windows Defender Antivirus updates

Answer 29

relies on frequent updates, including virus definitions to detect new threats and scan engine updates to improve performance, both delivered through Windows Update or third-party updaters.

Question 30

Windows Defender Antivirus Deactivation

Answer 30

can be temporarily disabled via the Real-time protection toggle but will reactivate automatically, while permanent deactivation requires group policy changes or third-party antivirus installation; exclusions can be set for performance or false-positive concerns.

Question 31

Windows Defender Firewall Console

Answer 31

filters inbound and outbound network traffic, allowing configuration of port, application, and address-based security triggers through the Advanced Security console or group policy.

Question 32

End of Life (EOL)

Answer 32

signifies the stage when a product or software is no longer manufactured, sold, or supported by the vendor

Question 33

BYOD

Answer 33

bring your own device

Question 34

DoS (Denial-of-Service)

Answer 34

This can be done by flooding the network with traffic, sending illegitimate service requests, or exploiting vulnerabilities in the target system.

Question 35

Account management policies

Answer 35

define user rights and privileges, ensuring access is restricted based on the principle of least privilege to minimize security risks.

Question 36

Restricting user permissions

Answer 36

minimizes security risks by limiting file access to data owners or administrators and reducing the number of superuser accounts, with protections like UAC and sudo enforcing access control.

Question 37

Default administrator accounts

Answer 37

should be disabled if possible or secured with unique passwords, monitored for usage, and restricted to prevent unauthorized access or privilege misuse.

Question 38

Guest accounts

Answer 38

allow unauthenticated access, so they should be disabled unless needed for specific functions like passwordless file sharing, and monitored to ensure compliance with security policies.

Question 39

Account policies

Answer 39

enforce security controls through OS settings like Local Security Policy and Group Policy Objects, implementing login time restrictions, failed attempt lockouts, concurrent session limits, and automatic screen locking to enhance protection against unauthorized access.

Question 40

Execution control

Answer 40

uses logical security technologies to prevent malicious software from running, ensuring system security without relying solely on user behavior.

Question 41

Restricting unapproved software execution

Answer 41

prevents malware spread, with Windows enforcing controls through UAC and system policies, Linux relying on cryptographic key signing, mobile OS vendors using store-based security, and third-party tools enabling allowlists or blocklists for application control.

Question 42

Encrypting File System (EFS)

Answer 42

in NTFS protects data-at-rest by encrypting individual files and folders, restricting access to the original user. Strong authentication is crucial, as encryption relies on the user's password, with recovery options available to prevent data loss.

Question 43

Windows BitLocker

Answer 43

provides full disk encryption (FDE) for fixed and removable drives, securing data without user intervention. It uses a trusted platform module (TPM) for encryption key storage, with alternatives like smart cards or USB drives. A recovery key is generated during setup for data retrieval if the startup key is lost.