Lesson 10: Securing Windows 7 Multiple Choice 1. Which of the following is NOT used during the authentication process?

a) Something the user knows. b) Something the user has. c) Something the user believes in. d) Something the user is. Answer: c Difficulty: Easy Section Reference: Authenticating and Authorizing Users Explanation: The user authentication process is typically based on one or more of the following: something the user knows (such as passwords and PINs), something the user has (smart card or card with magnetic strip), or something the user is (biometric identification such as fingerprints or retina). 2. Which of the following authentication methods does a password follow? a) Something the user knows. b) Something the user has. c) Something the user believes in. d) Something the user is. Answer: a Difficulty: Easy Section Reference: Authenticating and Authorizing Users Explanation: Something the user knows is a secret shared between the user and the management (usually in the form of a password) and is the simplest and most common form of authentication. However, users can forget, share, or otherwise compromise passwords, often without knowing it. 3. Which of the following authentication methods does biometrics follow? a) Something the user knows. b) Something the user has. c) Something the user believes in. d) Something the user is. Answer: d Difficulty: Easy Section Reference: Authenticating and Authorizing Users Explanation: Biometric identification (something the user is) is the use of physical characteristics to confirm a users identity. Fingerprints are the most commonly used biometric identifier, but there are also technologies that are based on ocular scans, facial recognition, and other characteristics. 4. What do you call the process that tries every combination of characters, numbers, or symbols until a password is guessed? a) Man in the middle b) Random guessing c) Brute force d) Blogging Answer: c

Page 1 of 9

Difficulty: Medium Section Reference: Working with Passwords Explanation: Cracking is the process of repeatedly guessing passwords until you find the right one. Cracking is a mathematical process, in which a software program tries all of the possible passwords until it finds the right one. This is sometimes known as a brute force process. 5. Which of the following does NOT weaken the effectiveness of a password? a) Short passwords b) Unchanging passwords c) Random characters d) Predictable passwords Answer: c Difficulty: Medium Section Reference: Working with Passwords Explanation: The methods that weaken the security of passwords are as follows: short passwords, simple passwords, unchanging passwords, and predictable passwords. 6. What option is used to make sure a user does not reuse the same password when changing a password? a) Enforce Password History b) Maximum Password Age c) Minimum Password Age d) Password must meet Complexity Requirements Answer: a Difficulty: Medium Section Reference: Configuring Password Policies Explanation: Enforce password history specifies the number of unique passwords that users have to supply before Windows 7 permits them to reuse an old password. Possible values range from 0 to 24. The default value is 0. 7. What option enables strong passwords on a Windows 7 system? a) Enforce Password History b) Store Passwords Using Reversible Encryption c) Minimum Password Age d) Password Must Meet Complexity Requirements Answer: d Difficulty: Medium Section Reference: Configuring Password Policies Explanation: When Password Must Meet Complexity Requirements is enabled, it indicates that passwords supplied by users must be at least six characters long, with no duplication of any part of the users account name, and must include characters from at least three of the following four categories: uppercase letters, lowercase letters, numbers, and symbols. By default, this policy is disabled. 8. To configure password settings such as a minimum password age or a password must meet Complexity Requirements, you use __________. a) Registry editor b) Group policies c) Users console d) Computer Management console

Page 2 of 9

Answer: b Difficulty: Medium Section Reference: Configuring Password Policies Explanation: To configure password policies on an AD DS network, you must run the Group Policy Management Editor console and create a Group Policy object, which you then link to a domain, site, or organizational unit object in your AD DS tree. The password policies in a GPO are located in the Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policies node. 9. Which value defines the number of invalid logon attempts that trigger an account lockout? a) Account Lockout Duration b) Account Lockout Threshold c) Reset Account Lockout Center After d) Account Lockout Secret Value Answer: b Difficulty: Medium Section Reference: Configuring Account Lockout Policies Explanation: Account Lockout Threshold specifies the number of invalid logon attempts that trigger an account lockout. Possible values range from 0 to 999. A value that is too low (as few as three, for example) can cause lockouts due to normal user error during logon. A value of 0 prevents accounts from ever being locked out. The default value is 0. 10. What tool is used to store and quickly retrieve the usernames and passwords for servers and Web sites that you have visited? a) Password Age Vault b) Credential Manager c) Smart card d) Super decoder Answer: b Difficulty: Medium Section Reference: Using Credential Manager Explanation: Credential Manager is a Windows 7 tool that stores the user names and passwords people supply to servers and Web sites in a protected area called the Windows Vault. When a user selects the Remember my credentials check box while authenticating in Windows Explorer, Internet Explorer, or Remote Desktop Connection, the system adds the credentials to the Windows Vault. 11. What is a credit card-like device that contains a chip on which is stored a digital certificate that helps identify a particular user? a) Card vault b) Card lock pick c) Card unlocker d) Smart card Answer: d Difficulty: Easy Section Reference: Using Smart Cards

Page 3 of 9

Explanation: A smart card is a credit card-like device that contains a chip on which is stored a digital certificate that serves as an identifier for a particular user. On a computer equipped with a card reader, a user can authenticate herself by specifying a username and inserting the smart card. 12. What standard does Windows 7 include to support smart cards? a) PIV b) PIN c) DIM d) RIM Answer: a Difficulty: Hard Section Reference: Using Smart Cards Explanation: Windows has supported smart card authentication for some time, but until Windows 7, you had to install a third-party device driver along with the card reader hardware. By including support for the Personal Identity Verification (PIV) standard, published by the National Institute of Standards and Technology (NIST), Windows 7 can now obtain drivers for PIV smart cards from Windows Update, or use a PIV minidriver included with the operating system. 13. What is a used to encrypt files when using the Encrypting File System (EFS)? a) Digital signature b) CODEC c) Digital certificate d) License key Answer: c Difficulty: Medium Section Reference: Managing Certificates Explanation: Windows 7 uses digital certificates for a variety of authentication tasks both internally, on the local network, and on the Internet. Every user account has a certificate store containing a variety of certificates obtained by various means. Windows 7 creates some certificates itself, such as the self-signed certificate it uses for the Encrypting File System. Others it downloads from other computers, such as servers on the Internet. 14. Which command enables you to execute a command as an administrator while logged in as a standard user? a) Context b) Run as c) Profile d) Net only Answer: b Difficulty: Medium Section Reference: Elevating Privileges Explanation: The preferred mechanism for performing tasks that require administrative privileges is to use the Run as feature to execute a program using another account. Shortcuts in the Start menu have a Run as administrator option in their context menus, which causes standard users to receive a credential prompt and administrators to receive an elevation prompt, according to the systems normal User Account Control (UAC) practices.

Page 4 of 9

15. To reset your password if you forget the administrator password for a computer running Windows 7, you should create a ____________. a) Password reset disk b) EFS encrypted file c) Reset password d) Elevated account Answer: a Difficulty: Medium Section Reference: Troubleshooting Authentication Issues Explanation: The most common problem related to authentication experienced by Windows 7 users is password loss. There is no way for a user or an administrator to read a password from a user account on a Windows system, whether it is stored in the Security Account Manager (SAM), the Windows Vault, or an AD DS domain controller. To reset your own password, you must supply the old one first. If you cannot do this because you have lost or forgotten the old password, the only solution is to use a password reset disk. The password reset disk supplies the old password for you and enables you to reset the password to a new value. 16. What are policies that define specific operating system functions? a) User rights b) User permissions c) Account duties d) Account abilities Answer: a Difficulty: Easy Section Reference: Configuring User Rights Explanation: In Windows 7, user rights are policies that define specific operating system functions. For example, to sit down at a Windows 7 computer and log on, users must not only have accounts, they also must possess the Allow log on locally user right. 17. What component in Windows 7 provides a centralized console that enables users and administrators to access, monitor, and configure the various Windows 7 security mechanism? a) Security Center b) System Information c) Action Center d) Windows Defender Answer: c Difficulty: Medium Section Reference: Introducing Windows 7 Action Center Explanation: Like the Network and Sharing Center, the Action Center is a centralized console that enables users and administrators to access, monitor, and configure the various Windows 7 security mechanisms. The primary function of the Action Center is to provide an automatic notification system that alerts users when the system is vulnerable. 18. A(n) _____________ is a software program that protects a computer by allowing certain types of network traffic in and out of the system while blocking others. a) Anti-virus software package b) Defender c) Net blocker

Page 5 of 9

d) Firewall Answer: d Difficulty: Easy Section Reference: Introducing Windows Firewall Explanation: A firewall is a software program that protects a computer by allowing certain types of network traffic in and out of the system while blocking others. Firewalls are essentially packet filters that examine the contents of packets and the traffic patterns to and from the network to determine which packets should be allowed passage through the filter. 19. What type of application do users inadvertently download and run which can open a connection to a computer on the Internet, enabling an attacker on the outside to run programs or store data on the system? a) Cookie launcher b) Trojan horse c) Polymorphic virus d) Boot sector virus Answer: b Difficulty: Easy Section Reference: Introducing Windows Firewall Explanation: Trojan horse applications that users inadvertently download and run can open a connection to a computer on the Internet, which enables an attacker on the outside to run programs or store data on the system. Trojan horse programs can look like a legitimate program or be downloaded when you access a Web site. 20. Which program would you use to configure your IPSec connections? a) Windows Firewall b) Windows Firewall with Advanced Security c) Security Center d) Computer Configuration console Answer: b Difficulty: Hard Section Reference: Creating Connection Security Rules The IP Security (IPsec) standards are a collection of documents that define a method for securing data while it is in transit over a TCP/IP network. IPsec includes a connection establishment routine, during which computers authenticate each other before transmitting data, and a technique called tunneling, in which data packets are encapsulated within other packets for their protection. To configure IPSec connections, you use the Windows Firewall with Advanced Security. 21. Which of the following is a type of software that gathers information about computer users and transmits it back to the attacker? a) Spyware b) Trojan horse c) Polymorphic virus d) Boot sector virus Answer: a Difficulty: Easy Section Reference: Introducing Windows Defender

Page 6 of 9

Explanation: Originally, the people who created and disseminated viruses and other types of malware did so purely out of gratuitous vandalism. Today, the primary motive is profit, and this has led to the development of new kinds of malware. Spyware, for example, is a type of software that gathers information about computer users and transmits it back to the attacker. 22. What software component is used to protect against spyware? a) Windows Defender b) System Protector c) Windows Antivirus d) Spyware Defender Answer: a Difficulty: Easy Section Reference: Introducing Windows Defender Explanation: Windows 7 includes an application called Windows Defender that helps to defend against spyware by scanning the places where it most commonly infiltrates a computer. Spyware is typically a program that is installed with other software that the user deliberately downloads and installs. 23. When Windows Defender is updated, it updates its ___________ so that it knows how to detect and deal with new spyware. a) Logs b) Monitors c) Definitions d) Connections Answer: c Difficulty: Medium Section Reference: Updating Definitions Explanation: Protecting Windows 7 computers against malware is a constant struggle between the attackers who create the malicious software and the people who design protective software for them. As a result, Windows Defender relies on continual updates to its definitions, which determine what the program should scan and how. Windows Defender definition updates are included in the software Windows Updates downloads and installs on a regular basis. 24. The ________________ is a feature of NTFS that encrypts the files on a computer so that even if an intruder can obtain a file, he is unable to read it. a) Public key b) Digital reader c) Encrypting File System d) NTFS compression Answer: c Difficulty: Easy Section Reference: Using the Encrypting File System Explanation: The Encrypting File System (EFS) is a feature of NTFS that encodes the files on a computer so that even if an intruder can obtain a file, he is unable to read it. The entire system is keyed to a specific user account, using the public and private keys that are the basis of the Windows public key infrastructure (PKI). The user who creates a file is the only person who can read it. 25. What component can run a machine that is not part of the domain to control access to specific Internet sites?

Page 7 of 9

a) Parental Control b) Firewall c) Security Center d) Alert Center Answer: a Difficulty: Easy Section Reference: Configuring Parental Controls Explanation: Parental control enables parents to limit their childrens access to specific Internet sites, games, and applications. Just as parents often want to control what their children watch on television, they also might want to control their computing habits. Windows 7, in its Home Premium edition and above, includes parental controls that you can use to exercise the following restrictions: enforce time limits for computer use; restrict access to games by rating, content, or title; and allow or block specific applications. Fill in the Blank 26.______________ is a type of authentication that uses two or more methods of authentication. Answer: Multifactor authentication Difficulty: Medium Section Reference: Authenticating and Authorizing Users Explanation: Because each of these identification methods has inherent weaknesses, networks requiring high security often use more than one. For example, a network that issues smart cards to users nearly always requires some sort of password. This technique is known as multifactor authentication. 27. ____________ are the most common user identifier used for authentication. Answer: Passwords Difficulty: Easy Section Reference: Working with Passwords Explanation: Passwords are the most common user identifier on Windows networks, primarily because they do not require any additional hardware or software. Passwords can provide excellent security as long as they are used properly. 28. ___________ policy is to help prevent someone from guessing a password by disabling an account if too many login attempts are made. Answer: Account Lockout Difficulty: Hard Section Reference: Configuring Account Lockout Policies Windows 7 can protect against brute force password penetration techniques by limiting the number of unsuccessful logon attempts allowed by each user account. When a potential infiltrator exceeds the number of allowed attempts, the system locks the account for a set period of time. To impose these limits, you can use Local Security Policy for stand-alone computers or Group Policy for AD DS networks. 29. Windows 7 includes _______________________ to support biometric devices. Answer: Windows Biometric Framework Difficulty: Hard Section Reference: Using Biometrics

Page 8 of 9

Explanation: Many third-party biometric authentication solutions are available, most of which take the form of finger print scanners for laptop computers. Prior to Windows 7, the operating system included no support for biometric devices at all and required the third-party vendor to supply a complete software solution along with the hardware. However, Windows 7 includes a new component called the Windows Biometric Framework that provides a core biometric functionality and a Biometric Device control panel. Essay 30. Explain what a strong password is as described by Microsoft and why it is important to use strong passwords. Answer: A strong password has a minimum of six characters, with no duplication of any part of the users name. It includes characters from at least three of the following four categories: uppercase letters, lowercase letters, numbers, and symbols. By using strong passwords, you increase the number of possible characters that make a password. By having more possible characters, it requires a significant number of guesses to crack a password. Difficulty: Hard Section Reference: Working with Passwords

Page 9 of 9