After a security incident, a forensic analyst needs to review the event logs on a Windows 10 system to determine when a specific user account was created. The logs are intact. Which Windows security setting must be enabled to ensure that account creation events are recorded?
A technician is configuring a Windows 10 kiosk machine that will run a single web application in full-screen mode. The machine must not allow users to access the desktop, taskbar, or other apps. Which Windows security feature should be used to accomplish this?
During a security audit, you discover that a Windows 10 workstation has a weak local administrator password. The company policy requires all local admin passwords to be at least 12 characters with complexity. Which tool can enforce this policy for all future password changes on that workstation?
A small business owner wants to prevent employees from changing system time, installing printers, and modifying power settings on their Windows 10 workstations. They do not want to remove local admin rights entirely. Which Windows security tool should be used to apply these restrictions?
A company uses AppLocker to control which applications can run on Windows 10 workstations. A user needs to run a portable application from a USB drive for a presentation, but it is blocked by AppLocker. The user has local admin rights. What is the best way to allow this specific application while maintaining security?
A user reports that their Windows 10 laptop shows a blue screen with an error message about 'Driver IRQL not less or equal' after connecting a new external hard drive. They need to use the drive for work. Which security setting should you check to ensure driver installation is not blocked?
A Windows 11 workstation is infected with ransomware that encrypted user files. The IT security team wants to prevent future infections by restricting which processes can modify files in user profile folders. Which Windows security feature can enforce such restrictions without third-party software?
A user wants to encrypt a USB flash drive so that if it is lost, the data cannot be read on another computer. The USB drive will be used on both Windows 10 and Windows 11 devices. Which Windows feature should be used?
After deploying a new Windows 11 update, several users complain that they can no longer access shared folders on the network. You verify that network discovery and file sharing are enabled. Which Windows security setting should you check first to resolve this issue?
A user reports that after a recent Windows update, they can no longer install software on their company-issued laptop. When they try to run an installer, they get a message: 'Your system administrator has blocked this program.' The user has local administrator rights on the laptop. Which Windows security setting is most likely causing this issue?
A user reports that their Windows 10 computer is displaying a 'Your IT department has limited access to some features of this app' message when trying to run a legacy application. The application worked before the latest Windows update. Which security feature is most likely causing this issue?
A security administrator needs to prevent users from running unauthorized software on Windows 10 Enterprise workstations. They want to allow only applications that are signed by approved publishers. Which Windows security feature should be configured?
A user reports that after a recent Windows update, their standard user account can no longer install certain applications that previously installed without issue. The update changed the default User Account Control (UAC) behavior. Which UAC setting would most likely restore the previous behavior while still prompting for consent?
A technician is configuring a Windows 10 kiosk system that will run a single application in a public library. The kiosk must automatically log on and start the app without any user interaction. Which security setting combination is required?
A company's security policy requires that all Windows 10 workstations automatically lock the screen after 5 minutes of inactivity. However, users in the sales department often leave their desks for extended periods. A technician configures the 'Interactive logon: Machine inactivity limit' policy to 300 seconds. Despite this, the screensaver does not activate. What is the most likely reason?
A small business owner wants to ensure that only authorized USB storage devices can be used on company laptops running Windows 10 Pro. They have a list of approved device hardware IDs. Which security policy should be configured to enforce this restriction?
After a security incident, a forensic analyst needs to ensure that Windows 10 audit logs capture all successful and failed attempts to access the 'Confidential' folder on a file server. Which audit policy configuration is required?
A user calls the help desk complaining that they cannot change their Windows 10 password even though they know the current password. The user is a member of the 'Users' group on a domain-joined computer. What is the most likely cause?
A company is migrating from Workgroup to Domain. After joining a Windows 10 computer to the domain, users report that they can no longer log on using their local user accounts. What setting in Local Security Policy is most likely causing this behavior?
During a security audit, you discover that a Windows 10 workstation has the 'Store passwords and credentials using reversible encryption' policy enabled. What is the primary security risk associated with this setting?
A company policy requires that all USB flash drives be automatically scanned for malware when inserted. Which Windows security setting should be configured to enforce this?
A small business wants to ensure that all employees use strong passwords that include uppercase, lowercase, numbers, and special characters, and that passwords expire every 60 days. Which tool should be used to enforce these settings on a standalone Windows 10 workstation?
A user reports that their Windows 10 computer is displaying a message that 'Windows Defender Antivirus is turned off' even though they have not disabled it. They have also noticed that they cannot open the Windows Security app. What is the most likely cause?
A technician is configuring a new Windows 10 kiosk computer that will run a single application for public use. They need to prevent users from accessing the desktop, taskbar, or other system functions. Which Windows security feature should be used?
A company laptop was stolen, and the IT department needs to ensure that the data on the device cannot be accessed. The laptop had BitLocker enabled, but the drive was unlocked when stolen. What additional security measure could have prevented data access in this scenario?
A user reports that after a recent Windows update, they can no longer install a legacy application that requires write access to the Program Files folder. The user is a local administrator. What Windows security setting is most likely blocking the installation?
A user complains that their Windows 10 computer is running slowly and they see frequent pop-ups from an unknown program. After running a full antivirus scan, nothing is detected. Which Windows security feature should you use to investigate and remove potentially unwanted software?
An organization uses Windows 10 and wants to prevent users from installing unauthorized software. They have configured Software Restriction Policies via Group Policy. However, a user bypassed the policy by renaming the executable. What additional measure should be taken to enforce the restriction?
A user reports that they cannot access a shared folder on the network, but other users can. The folder is on a Windows 10 Pro workstation. What should you check first to resolve this issue?
During a security audit, you discover that a user’s Windows 10 device has allowed multiple failed login attempts without locking the account. Which policy should you adjust to enforce account lockout after 5 failed attempts?
More Windows Security Settings questions available in the full practice test.