FLASH CARDS

7.05 Configure a workstation to meet best practices for security

What is the first step to ensure workstation security?
Making sure only authorized users can access the network, even with multifactor authentication.
What are common weaknesses of password systems?
Outdated technologies and poor user habits, such as weak passwords, which allow attackers to use dictionary attacks or breached data.
What are the basic guidelines for creating strong passwords?
Use at least 12 characters for regular accounts and longer for administrative accounts.
Avoid personal information like names, dates, or job titles.
What are two additional password policy options some organizations enforce?
Character complexity: A mix of uppercase, lowercase, numbers, and symbols.
Password expiration: Forcing users to change their passwords after a set period.
Why are complexity and expiration requirements sometimes discouraged?
These rules can encourage poor habits like writing passwords down, reducing security.
What do BIOS and UEFI passwords provide?
An extra layer of protection before the operating system boots.
What is a System User Password in BIOS/UEFI?
A password required to boot the operating system, but it does not secure the firmware itself.
What does a System/Supervisor password protect?
Access to the BIOS/UEFI setup, requiring administrator configuration.
Why is it important to lock your computer when unattended?
To prevent "lunchtime attacks," where an attacker gains access to an unlocked computer.
What is the quickest way to lock a Windows desktop?
Press START+L.
How can portable devices like laptops be secured at a desk?
Using cable locks to prevent physical theft.
What is the principle of Least Privilege in account management?
Ensuring users only have access to the files and tools they need to perform their job, reducing unnecessary access.
What are File Permissions and who is responsible for configuring them?
File permissions control whether users can read or modify files, configured by data owners or file server administrators.
What is the importance of changing the default administrator password?
The default password is a security risk; it must be changed and treated with high-level security to prevent unauthorized access.
What are guest accounts, and why are they a security risk?
Guest accounts allow unauthenticated access, which can be risky since they don't require login credentials.
What do Account Policies help enforce in terms of user behavior?
Secure behavior by restricting login times, setting failed attempt lockouts, and managing concurrent logins.
What happens when a user exceeds failed login attempts?
The account is locked, reducing the risk of unauthorized access via brute-force attacks.
What does execution control refer to?
Technologies that prevent unapproved or malicious software from running on a computer, regardless of user privileges.
How does Windows prevent the installation of untrusted software?
Through Administrator and Standard User accounts, User Account Control (UAC), and code signing with digital certificates.
What is AutoPlay, and how does it differ from AutoRun?
AutoPlay prompts users with options when a new drive is inserted, whereas AutoRun previously allowed files to run automatically from external drives.
What is the primary purpose of Antivirus software like Windows Defender?
To detect malware and prevent it from executing by using virus definitions and heuristic behavior-based techniques.
Why is keeping antivirus software updated important?
To ensure the system is protected against the latest threats through regular definition and scan engine updates.
What does Windows Defender Firewall do?
It filters inbound and outbound network traffic to prevent unauthorized access.
What are Inbound and Outbound rules in Windows Defender Firewall?
Rules that control the direction of traffic, either blocking or allowing connections based on ports, applications, or IP addresses.
What is the difference between data-at-rest and data-in-transit?
Data-at-rest refers to information stored on a device, while data-in-transit is data being transmitted over a network.
What does the Encrypting File System (EFS) do?
Encrypts individual files or folders, ensuring that only authorized users can access them.
What should be done to avoid data loss when using EFS?
Back up the encryption key or configure recovery agents in case the original key is lost.
What is BitLocker, and how is it different from EFS?
BitLocker is a full disk encryption tool that secures the entire drive, while EFS encrypts individual files or folders.
What is the role of the Trusted Platform Module (TPM) in BitLocker?
TPM stores the encryption key securely, tying the encrypted disk to a specific machine.
Why is creating a recovery key during BitLocker setup critical?
The recovery key allows you to access your encrypted data if the startup key or password is lost.
What are the benefits of using BitLocker?
It provides full disk encryption, ease of use by automating encryption, and protection for removable drives via BitLocker To Go.

BACK TO LESSON

KNOWLEDGE CHECK

HOME

FLASH CARDS

7.05 Configure a workstation to meet best practices for security

What is the first step to ensure workstation security?

Making sure only authorized users can access the network, even with multifactor authentication.

What are common weaknesses of password systems?

Outdated technologies and poor user habits, such as weak passwords, which allow attackers to use dictionary attacks or breached data.

What are the basic guidelines for creating strong passwords?

Use at least 12 characters for regular accounts and longer for administrative accounts.

Avoid personal information like names, dates, or job titles.

What are two additional password policy options some organizations enforce?

Character complexity: A mix of uppercase, lowercase, numbers, and symbols.

Password expiration: Forcing users to change their passwords after a set period.

Why are complexity and expiration requirements sometimes discouraged?

These rules can encourage poor habits like writing passwords down, reducing security.

What do BIOS and UEFI passwords provide?

An extra layer of protection before the operating system boots.

What is a System User Password in BIOS/UEFI?

A password required to boot the operating system, but it does not secure the firmware itself.

What does a System/Supervisor password protect?

Access to the BIOS/UEFI setup, requiring administrator configuration.

Why is it important to lock your computer when unattended?

To prevent "lunchtime attacks," where an attacker gains access to an unlocked computer.

What is the quickest way to lock a Windows desktop?

Press START+L.

How can portable devices like laptops be secured at a desk?

Using cable locks to prevent physical theft.

What is the principle of Least Privilege in account management?

Ensuring users only have access to the files and tools they need to perform their job, reducing unnecessary access.

What are File Permissions and who is responsible for configuring them?

File permissions control whether users can read or modify files, configured by data owners or file server administrators.

What is the importance of changing the default administrator password?

The default password is a security risk; it must be changed and treated with high-level security to prevent unauthorized access.

What are guest accounts, and why are they a security risk?

Guest accounts allow unauthenticated access, which can be risky since they don't require login credentials.

What do Account Policies help enforce in terms of user behavior?

Secure behavior by restricting login times, setting failed attempt lockouts, and managing concurrent logins.

What happens when a user exceeds failed login attempts?

The account is locked, reducing the risk of unauthorized access via brute-force attacks.

What does execution control refer to?

Technologies that prevent unapproved or malicious software from running on a computer, regardless of user privileges.

How does Windows prevent the installation of untrusted software?

Through Administrator and Standard User accounts, User Account Control (UAC), and code signing with digital certificates.

What is AutoPlay, and how does it differ from AutoRun?

AutoPlay prompts users with options when a new drive is inserted, whereas AutoRun previously allowed files to run automatically from external drives.

What is the primary purpose of Antivirus software like Windows Defender?

To detect malware and prevent it from executing by using virus definitions and heuristic behavior-based techniques.

Why is keeping antivirus software updated important?

To ensure the system is protected against the latest threats through regular definition and scan engine updates.

What does Windows Defender Firewall do?

It filters inbound and outbound network traffic to prevent unauthorized access.

What are Inbound and Outbound rules in Windows Defender Firewall?

Rules that control the direction of traffic, either blocking or allowing connections based on ports, applications, or IP addresses.

What is the difference between data-at-rest and data-in-transit?

Data-at-rest refers to information stored on a device, while data-in-transit is data being transmitted over a network.

What does the Encrypting File System (EFS) do?

Encrypts individual files or folders, ensuring that only authorized users can access them.

What should be done to avoid data loss when using EFS?

Back up the encryption key or configure recovery agents in case the original key is lost.

What is BitLocker, and how is it different from EFS?

BitLocker is a full disk encryption tool that secures the entire drive, while EFS encrypts individual files or folders.

What is the role of the Trusted Platform Module (TPM) in BitLocker?

TPM stores the encryption key securely, tying the encrypted disk to a specific machine.

Why is creating a recovery key during BitLocker setup critical?

The recovery key allows you to access your encrypted data if the startup key or password is lost.

What are the benefits of using BitLocker?

It provides full disk encryption, ease of use by automating encryption, and protection for removable drives via BitLocker To Go.

OSIBridge Program IT/Tech and Professional skills training.