CONSTRUCCIÓN DEL MODELO

1. In Tools and Settings, point out the Windows Defender Website link. 2. Review and discuss the content of the Windows Defender Web site.

Module Reviews and Takeaways

Review questions

Question 1: When User Account Control is implemented, what happens to standard users and administrative users when they perform a task requiring administrative privileges?

Answer: For standard users, UAC prompts the user for the credentials of a user with administrative privileges. For administrative users, UAC prompts the user for permission to complete the task.

Question 2: What are the requirements for Windows BitLocker to store its own encryption and decryption key in a hardware device that is separate from the hard disk?

Answer: A computer with Trusted Platform Module (TPM) or a removable Universal Serial Bus (USB) memory device, such as a USB flash drive. If your computer does not have TPM version 1.2 or higher, BitLocker stores its key on the memory device.

Question 3: When implementing Windows AppLocker, what must you do before manually creating new rules or automatically generating rules for a specific folder?

Answer: Create the default rules

Question 4: You decide to deploy a third-party messaging application on your company’s laptop computers. This application uses POP3 to retrieve e-mail from the corporate mail server, and SMTP to send mail to the corporate e-mail relay. Which ports must you open in Windows Firewall?

Answer: You must enable inbound POP3, which uses TCP port 110, and outbound SMTP, which uses port TCP 25. You can configure the firewall rules by using specific port assignments or by specifying the program.

Question 5: Describe how the SmartScreen Filter works in Internet Explorer 8.

Answer: With the SmartScreen Filter enabled, Internet Explorer 8 performs a detailed examination of the entire URL string and compares the string to a database of sites known to distributed malware, then the browser checks with the Web service. If the Web site is known to be unsafe, it is blocked and the user is notified with a bold SmartScreen blocking page that offers clear language and guidance to help avoid known-unsafe Web sites.

Question 6: What does Windows Defender do to software that it quarantines?

Answer: Windows Defender moves the software to another location on your computer, and then prevents the software from running until you choose to restore it or remove it from your computer.

Question 7: What configuration options are available with Windows Defender, where do you set them, and why?

Answer: To help prevent spyware and other unwanted software from running on the computer, turn on Windows Defender real-time protection and select all real-time protection options. You are alerted if programs attempt to install, run on the computer, or change important Windows settings.

Turn on real-time protections by clicking Tools, clicking Options, and then clicking

Real-time protection. In the Options area, perform the following additional tasks:

• Configure automatic scanning

• Specify default actions for specific alert levels

• Use the Advanced options to scan archived files, email, and removable drives, and to use heuristics and create a restore point.

Select whether to use Windows Defender and what information to display to all users of the computer. History, Allowed items, and Quarantined items are hidden by default to protect user privacy.

Real-world issues and scenarios

Question 1: An administrator configures Group Policy to require that data can only be saved on data volumes protected by BitLocker. Specifically, the administrator enables the Deny write access to removable drives not protected by BitLocker policy and deploys it to the domain. Meanwhile, an end user inserts a USB flash drive that is not protected with BitLocker. What happens, and how can the user resolve the situation?

Answer: Since the USB flash drive is not protected with BitLocker, Windows 7 displays an informational dialog indicating that the device must be encrypted with BitLocker. From this dialog, the user chooses to launch the BitLocker Wizard to encrypt the volume or continues working with the device as read-only.

Question 2: Trevor has implemented Windows AppLocker. Before he created the default rules, he created a custom rule that allowed all Windows processes to run except for Regedit.exe. Because he did not create the default rules first, he is blocked from performing administrative tasks. What does he need to do to resolve the issue?

Answer: Trevor needs to restart the computer in safe mode, add the default rules, delete any deny rules that are preventing access, and then refresh the computer policy.

Question 3: A server has multiple network interface cards (NICs), but one of the NICs is not connected. In Windows Vista, this caused the machine to be stuck in the public profile (the most restrictive rule). How is this issue resolved in Windows 7?

Answer: The new multiple active firewall profile feature in Windows 7 solves the problem by applying the appropriate rules to the appropriate network; in this case, the profile associated with the connected NIC will be applied.