, TESTBANK FOR Microsoft Exam AZ-801 1st Edition Tomsho
Important Notes
The file includes the complete test bank, organized chapter by chapter.
A sample of selected pages has been provided for preview.
All available appendices and Excel files (if included in the original resources) are
provided.
We continuously update our files to ensure you receive the latest and most accurate
editions.
New editions are added regularly – stay connected for updates!
✅ Why Buy From Us?
📚 Complete & organized chapter-by-chapter – no missing content, no guessing.
⚡ Instant digital delivery – get your file the moment you pay, no waiting.
📅 Always up to date – we track new editions so you always get the latest version.
💬 Friendly support – real humans ready to help, anytime you need us.
🔒 Safe & secure – thousands of satisfied students trust us every semester.
🛡️Our Guarantees
💰 Money-Back Guarantee: Not satisfied? We offer a full refund – no questions asked.
🔄 Wrong File? No Problem: Contact us and we will replace it immediately with the
correct version, free of charge.
⏰ 24/7 Support: We are always here – reach out anytime and expect a fast response.
Contact Email:
,Name: Class: Date:
Mod 01 Secure Windows Server
1. Which of the following best describes Microsoft Defender for Endpoint?
a. a system for isolating credential storage using virtualization
b. an antimalware software enabled by default on Windows Operating Systems
c. a tool to manage Windows updates
d. a function to restrict executable files on the system
ANSWER: b
RATIONALE: Microsoft Defender for Endpoint is an antimalware software
enabled by default on Windows Operating Systems. Isolating
credential storage using virtualization is the function of Windows
Defender Credential Guard. Managing Windows updates is
handled by the Windows Update service, not related to Microsoft
Defender for Endpoint. Restricting executable files is the function
of Windows Defender Application Control (WDAC).
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
2. What is the primary purpose of Exploit Protection in Windows Security settings?
a. to prevent unauthorized access to system memory and CPU
b. to encrypt data stored on the device
c. to warn against running potentially malicious software
d. to isolate credential storage using virtualization
ANSWER: a
RATIONALE: Exploit Protection is aimed at safeguarding against manipulation
of system memory and CPU operations, two common targets for
malware. Encrypting stored data is typically handled by other
Windows security features such as BitLocker. Warning against
malicious software is the function of Windows Defender
SmartScreen, not Exploit Protection. Isolating credential storage
using virtualization is the role of Windows Defender Credential
Guard.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
Copyright Cengage Learning. Powered by Cognero. Page 1
,Name: Class: Date:
Mod 01 Secure Windows Server
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
3. What is the main function of Windows Defender Application Control (WDAC)?
a. to prevent unauthorized access to system memory and CPU
b. to warn against running potentially malicious software
c. to restrict which executable files can run on a system
d. to detect and remove spyware
ANSWER: c
RATIONALE: WDAC enhances security by controlling which executable files
and scripts can be loaded and executed, reducing the risk of
malware infection. Preventing unauthorized access to system
memory and CPU is the function of Exploit Protection, not
WDAC. Warning against potentially malicious software is a
feature of Windows Defender SmartScreen. Detecting and
removing spyware is a function of antimalware software, not
specifically WDAC.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
4. What is the main feature of Windows Defender Credential Guard?
a. to monitor network traffic
b. to restrict which executable files can run on a system
c. to isolate credential storage using virtualization
d. to prevent unauthorized access to system memory and CPU
ANSWER: c
RATIONALE: Windows Defender Credential Guard leverages virtualization to
isolate the memory storage location of credential information,
which protects it from pass-the-hash and pass-the-ticket attacks.
Monitoring network traffic is typically a function of network
security tools, not Credential Guard. Restricting executable files is
the function of Windows Defender Application Control.
Preventing unauthorized access to system memory and CPU is the
primary role of Exploit Protection.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
Copyright Cengage Learning. Powered by Cognero. Page 2
,Name: Class: Date:
Mod 01 Secure Windows Server
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
5. What is the primary function of Windows Defender SmartScreen?
a. to encrypt data stored on the device
b. to restrict which executable files can run on a system
c. to prevent unauthorized access to system memory and CPU
d. to warn against running potentially malicious software
ANSWER: d
RATIONALE: SmartScreen is designed to provide warnings against potentially
harmful programs or websites and protect users from downloading
or accessing dangerous content. Encrypting stored data is typically
handled by other Windows security features such as BitLocker.
Restricting executable files is the function of Windows Defender
Application Control. Preventing unauthorized access to system
memory and CPU is the role of Exploit Protection.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
6. You are preparing to implement a Windows Defender Application Control (WDAC) policy in
your organization. You need to start with a baseline policy that focuses on allowing only
approved Microsoft apps and drivers. Where can you find the example policy known as
DefaultWindows, and what is its primary function?
a. DefaultWindows can be found in \Windows\schemas\CodeIntegrity\ExamplePolicies.
It is used as the baseline for creating policies that allow only Microsoft-approved apps
and drivers.
b. DefaultWindows is in the Windows Security settings. It restricts the execution of all
non-Microsoft executables.
c. The DefaultWindows policy is found in the Group Policy Editor. It is used to block all
applications except those explicitly allowed by the administrator.
d. DefaultWindows can be found under AppLocker settings. It is used to create
exceptions for certain apps within an allowlist.
Copyright Cengage Learning. Powered by Cognero. Page 3
,Name: Class: Date:
Mod 01 Secure Windows Server
ANSWER: a
RATIONALE: DefaultWindows can be found in
\Windows\schemas\CodeIntegrity\ExamplePolicies. It is used as
the baseline for creating policies that allow only Microsoft-
approved apps and drivers. This policy provides a starting point for
organizations to create customized application control policies.
The DefaultWindows policy does not reside in the Windows
Security settings, and its primary function is not to restrict but to
provide a template for allowing applications. DefaultWindows is
not located in the Group Policy Editor, and its purpose is not to
block applications but to serve as a template for allowing specific
trusted applications. DefaultWindows is not associated with
AppLocker settings. It is specific to WDAC and involves a broader
scope than AppLocker.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 12/10/2024 8:05 AM
7. In the context of Windows Defender Application Control (WDAC), why is it crucial to
understand the difference between kernel-mode and user-mode executables when configuring
security policies?
a. because kernel-mode executables run with system-level privileges and can access all
hardware and memory, making them riskier than user-mode executables
b. because user-mode executables are less secure as they run with administrative
privileges and can install software without user consent
c. because kernel-mode executables cannot be restricted by WDAC unless user-mode
code integrity (UMCI) is enabled
d. because user-mode executables do not interact with the system hardware, making
them irrelevant to WDAC policies
ANSWER: a
RATIONALE: By default, WDAC focuses on kernel-mode executables due to
their potential to cause significant harm if they are malicious or
compromised, as they operate with the highest level of system
access. User-mode executables run with the same privileges as the
user that launches them and can only access their own memory
space. WDAC can restrict both kernel-mode and user-mode
executables independently. Enabling UMCI is required to extend
protection to user-mode executables, not kernel-mode. User-mode
executables are very relevant to security policies as they make up
most of the software that users interact with daily.
POINTS: 1
Copyright Cengage Learning. Powered by Cognero. Page 4
,Name: Class: Date:
Mod 01 Secure Windows Server
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
8. You are tasked with managing the antimalware settings for Microsoft Defender for Endpoint
on a Windows 10 system. Which steps should you follow to access and manage these settings
through the Windows Security interface?
a. Open Windows Security settings, select Firewall & network protection, and navigate
to Microsoft Defender settings.
b. Open Windows Security settings, select Virus & threat protection, and manage
settings such as real-time protection and scan options.
c. Access the Control Panel, go to System and Security, and then click on Windows
Defender to adjust antimalware settings.
d. Use PowerShell directly to view all related cmdlets by entering Get-Command *-
Mp* and manage settings from the command line.
ANSWER: b
RATIONALE: Opening Windows Security settings, selecting Virus & threat
protection, and managing settings such as real-time protection and
scan options allows direct access to Microsoft Defender's
antimalware settings where you can enable or disable features and
modify scan schedules, fulfilling the task of managing antimalware
protection effectively. Firewall & network protection is a separate
section within the Windows Security settings that deals with
firewall settings and network protections, not antimalware settings.
The specific antimalware settings for Microsoft Defender are
managed through the Windows Security settings, not the Control
Panel. Using PowerShell to view all related cmdlets does not allow
direct management of the antimalware settings through a graphical
interface, and it requires additional steps to change settings.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 12/10/2024 8:10 AM
9. Evaluate the following statements about Windows Defender Credential Guard. Identify the
Copyright Cengage Learning. Powered by Cognero. Page 5
,Name: Class: Date:
Mod 01 Secure Windows Server
correct and incorrect statements, based on the functionality and limitations of Credential Guard.
1. Credential Guard requires a 64-bit CPU with virtualization extensions and extended page
tables.
2. Credential Guard is supported on domain controllers if the appropriate Group Policy settings
are configured.
3. Credential Guard can be enabled using Group Policy, with options including Enabled with
UEFI lock and Enabled without lock.
4. When Credential Guard is enabled, it supports all forms of Kerberos encryption and
delegation.
a. All statements are correct.
b. Statements 1 and 3 are correct; statements 2 and 4 are incorrect.
c. Statements 2 and 4 are correct; statements 1 and 3 are incorrect.
d. Only statement 3 is correct; all other statements are incorrect.
ANSWER: b
RATIONALE: Statement 1 is correct, as Credential Guard does require hardware that suppo
virtualization-based security, including a 64-bit CPU with virtualization exte
extended page tables. Statement 3 is correct, as Credential Guard can indeed
Group Policy, with options to enable it with or without UEFI lock. Statemen
as Credential Guard is not supported on domain controllers. Statement 4 is in
Credential Guard does not support Kerberos DES encryption or Kerberos un
delegation.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 12/10/2024 8:14 AM
10. You have noticed some performance issues reported by users that coincide with a recent
software deployment across departments. To understand if these issues are related to Exploit
Protection settings without impacting the operations, what should you do in the Windows
Security settings app?
a. Turn off all Exploit Protection settings to test if performance improves.
b. Turn on the "Audit only" option under the Program Settings tab for the newly
deployed software.
c. Encrypt the stored data related to the new software to enhance performance.
d. Isolate the storage of credential information related to the new software.
ANSWER: b
RATIONALE: The "Audit only" option under the Program Settings tab allows the
administrator to monitor how Exploit Protection settings affect the
software's operation without enforcing these settings, thus enabling
Copyright Cengage Learning. Powered by Cognero. Page 6
,Name: Class: Date:
Mod 01 Secure Windows Server
a non-disruptive evaluation of whether these settings are causing
the performance issues. Disabling all exploit protection settings
might resolve performance issues but would significantly increase
the security risk. Encrypting data at rest does not typically impact
the operation of security settings nor is it related to performance
issues caused by exploit protection settings. Isolating the storage of
credential information, a function of Windows Defender
Credential Guard, is unrelated to addressing performance issues
due to exploit protection settings and would not provide insight
into the impact of these settings on software performance.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Apply
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
11. You are tasked to review the Exploit Protection settings on various devices in an
organization's network, comparing specific program settings against system defaults. Which
PowerShell cmdlet and parameters should you use to efficiently gather and compare these
settings?
a. Use Get-ProcessMitigation -System to view all system-level settings and
Get-ProcessMitigation -Name ProgramName to view settings for specific
programs.
b. Use Set-ProcessMitigation -Name ProgramName to view settings for all
system and program levels.
c. Use Get-ProcessMitigation -System to view and compare settings across
all programs and the system.
d. Use Get-ProcessMitigation, omitting the -System parameter, to view
combined settings for the system and all programs.
ANSWER: a
RATIONALE: Using Get-ProcessMitigation -System to view all
system-level settings and Get-ProcessMitigation -Name
ProgramName to view settings for specific programs allows for
effective inspection of system-wide settings separately from
program-specific settings. The Set-ProcessMitigation
cmdlet is used for setting policies, not viewing them. The Get-
ProcessMitigation -System cmdlet only shows system-
level settings, not program-specific settings. Omitting the -
System parameter and using Get-ProcessMitigation does
provide a view of both system- and program-level settings, but the
mixed view can complicate the task of comparing specific program
Copyright Cengage Learning. Powered by Cognero. Page 7
, Name: Class: Date:
Mod 01 Secure Windows Server
settings against system defaults.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Apply
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 12/10/2024 10:05 AM
12. As a security analyst, you are tasked with enhancing the security of the system by restricting
the types of executables that can run on your network. You need a solution that not only restricts
executables but also device drivers and dynamic link libraries (DLLs). Given the differences
between Windows Defender Application Control (WDAC) and AppLocker, which tool should
you choose and why?
a. Choose AppLocker because it allows for both allowlist and blocklist configurations.
b. Choose WDAC because it can control executables, scripts, device drivers, and DLLs.
c. Choose AppLocker because it prevents all executables, including drivers and DLLs,
from running unless specified.
d. Choose WDAC because it blocks executables specified in a blocklist from running.
ANSWER: b
RATIONALE: WDAC allows administrators to restrict a broader range of file
types, including executables, scripts, device drivers, and DLLs.
While AppLocker does support both allowlist and blocklist
configuration options, it does not have the capability to control
device drivers and DLLs, which limits its effectiveness in this
scenario. WDAC is primarily an allowlist tool, not a blocklist tool.
It specifies allowed executables rather than blocked ones.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Apply
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 12/10/2024 8:25 AM
13. An organization has a mix of commercially purchased software that is digitally signed and
proprietary in-house developed applications that are not digitally signed. Given the capabilities
of Windows Defender Application Control (WDAC) and the organization's application mix, how
should you configure the WDAC policy to include both types of applications?
a. Configure the WDAC policy to allow only digitally signed applications and exclude
Copyright Cengage Learning. Powered by Cognero. Page 8
Important Notes
The file includes the complete test bank, organized chapter by chapter.
A sample of selected pages has been provided for preview.
All available appendices and Excel files (if included in the original resources) are
provided.
We continuously update our files to ensure you receive the latest and most accurate
editions.
New editions are added regularly – stay connected for updates!
✅ Why Buy From Us?
📚 Complete & organized chapter-by-chapter – no missing content, no guessing.
⚡ Instant digital delivery – get your file the moment you pay, no waiting.
📅 Always up to date – we track new editions so you always get the latest version.
💬 Friendly support – real humans ready to help, anytime you need us.
🔒 Safe & secure – thousands of satisfied students trust us every semester.
🛡️Our Guarantees
💰 Money-Back Guarantee: Not satisfied? We offer a full refund – no questions asked.
🔄 Wrong File? No Problem: Contact us and we will replace it immediately with the
correct version, free of charge.
⏰ 24/7 Support: We are always here – reach out anytime and expect a fast response.
Contact Email:
,Name: Class: Date:
Mod 01 Secure Windows Server
1. Which of the following best describes Microsoft Defender for Endpoint?
a. a system for isolating credential storage using virtualization
b. an antimalware software enabled by default on Windows Operating Systems
c. a tool to manage Windows updates
d. a function to restrict executable files on the system
ANSWER: b
RATIONALE: Microsoft Defender for Endpoint is an antimalware software
enabled by default on Windows Operating Systems. Isolating
credential storage using virtualization is the function of Windows
Defender Credential Guard. Managing Windows updates is
handled by the Windows Update service, not related to Microsoft
Defender for Endpoint. Restricting executable files is the function
of Windows Defender Application Control (WDAC).
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
2. What is the primary purpose of Exploit Protection in Windows Security settings?
a. to prevent unauthorized access to system memory and CPU
b. to encrypt data stored on the device
c. to warn against running potentially malicious software
d. to isolate credential storage using virtualization
ANSWER: a
RATIONALE: Exploit Protection is aimed at safeguarding against manipulation
of system memory and CPU operations, two common targets for
malware. Encrypting stored data is typically handled by other
Windows security features such as BitLocker. Warning against
malicious software is the function of Windows Defender
SmartScreen, not Exploit Protection. Isolating credential storage
using virtualization is the role of Windows Defender Credential
Guard.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
Copyright Cengage Learning. Powered by Cognero. Page 1
,Name: Class: Date:
Mod 01 Secure Windows Server
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
3. What is the main function of Windows Defender Application Control (WDAC)?
a. to prevent unauthorized access to system memory and CPU
b. to warn against running potentially malicious software
c. to restrict which executable files can run on a system
d. to detect and remove spyware
ANSWER: c
RATIONALE: WDAC enhances security by controlling which executable files
and scripts can be loaded and executed, reducing the risk of
malware infection. Preventing unauthorized access to system
memory and CPU is the function of Exploit Protection, not
WDAC. Warning against potentially malicious software is a
feature of Windows Defender SmartScreen. Detecting and
removing spyware is a function of antimalware software, not
specifically WDAC.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
4. What is the main feature of Windows Defender Credential Guard?
a. to monitor network traffic
b. to restrict which executable files can run on a system
c. to isolate credential storage using virtualization
d. to prevent unauthorized access to system memory and CPU
ANSWER: c
RATIONALE: Windows Defender Credential Guard leverages virtualization to
isolate the memory storage location of credential information,
which protects it from pass-the-hash and pass-the-ticket attacks.
Monitoring network traffic is typically a function of network
security tools, not Credential Guard. Restricting executable files is
the function of Windows Defender Application Control.
Preventing unauthorized access to system memory and CPU is the
primary role of Exploit Protection.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
Copyright Cengage Learning. Powered by Cognero. Page 2
,Name: Class: Date:
Mod 01 Secure Windows Server
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
5. What is the primary function of Windows Defender SmartScreen?
a. to encrypt data stored on the device
b. to restrict which executable files can run on a system
c. to prevent unauthorized access to system memory and CPU
d. to warn against running potentially malicious software
ANSWER: d
RATIONALE: SmartScreen is designed to provide warnings against potentially
harmful programs or websites and protect users from downloading
or accessing dangerous content. Encrypting stored data is typically
handled by other Windows security features such as BitLocker.
Restricting executable files is the function of Windows Defender
Application Control. Preventing unauthorized access to system
memory and CPU is the role of Exploit Protection.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
6. You are preparing to implement a Windows Defender Application Control (WDAC) policy in
your organization. You need to start with a baseline policy that focuses on allowing only
approved Microsoft apps and drivers. Where can you find the example policy known as
DefaultWindows, and what is its primary function?
a. DefaultWindows can be found in \Windows\schemas\CodeIntegrity\ExamplePolicies.
It is used as the baseline for creating policies that allow only Microsoft-approved apps
and drivers.
b. DefaultWindows is in the Windows Security settings. It restricts the execution of all
non-Microsoft executables.
c. The DefaultWindows policy is found in the Group Policy Editor. It is used to block all
applications except those explicitly allowed by the administrator.
d. DefaultWindows can be found under AppLocker settings. It is used to create
exceptions for certain apps within an allowlist.
Copyright Cengage Learning. Powered by Cognero. Page 3
,Name: Class: Date:
Mod 01 Secure Windows Server
ANSWER: a
RATIONALE: DefaultWindows can be found in
\Windows\schemas\CodeIntegrity\ExamplePolicies. It is used as
the baseline for creating policies that allow only Microsoft-
approved apps and drivers. This policy provides a starting point for
organizations to create customized application control policies.
The DefaultWindows policy does not reside in the Windows
Security settings, and its primary function is not to restrict but to
provide a template for allowing applications. DefaultWindows is
not located in the Group Policy Editor, and its purpose is not to
block applications but to serve as a template for allowing specific
trusted applications. DefaultWindows is not associated with
AppLocker settings. It is specific to WDAC and involves a broader
scope than AppLocker.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 12/10/2024 8:05 AM
7. In the context of Windows Defender Application Control (WDAC), why is it crucial to
understand the difference between kernel-mode and user-mode executables when configuring
security policies?
a. because kernel-mode executables run with system-level privileges and can access all
hardware and memory, making them riskier than user-mode executables
b. because user-mode executables are less secure as they run with administrative
privileges and can install software without user consent
c. because kernel-mode executables cannot be restricted by WDAC unless user-mode
code integrity (UMCI) is enabled
d. because user-mode executables do not interact with the system hardware, making
them irrelevant to WDAC policies
ANSWER: a
RATIONALE: By default, WDAC focuses on kernel-mode executables due to
their potential to cause significant harm if they are malicious or
compromised, as they operate with the highest level of system
access. User-mode executables run with the same privileges as the
user that launches them and can only access their own memory
space. WDAC can restrict both kernel-mode and user-mode
executables independently. Enabling UMCI is required to extend
protection to user-mode executables, not kernel-mode. User-mode
executables are very relevant to security policies as they make up
most of the software that users interact with daily.
POINTS: 1
Copyright Cengage Learning. Powered by Cognero. Page 4
,Name: Class: Date:
Mod 01 Secure Windows Server
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
8. You are tasked with managing the antimalware settings for Microsoft Defender for Endpoint
on a Windows 10 system. Which steps should you follow to access and manage these settings
through the Windows Security interface?
a. Open Windows Security settings, select Firewall & network protection, and navigate
to Microsoft Defender settings.
b. Open Windows Security settings, select Virus & threat protection, and manage
settings such as real-time protection and scan options.
c. Access the Control Panel, go to System and Security, and then click on Windows
Defender to adjust antimalware settings.
d. Use PowerShell directly to view all related cmdlets by entering Get-Command *-
Mp* and manage settings from the command line.
ANSWER: b
RATIONALE: Opening Windows Security settings, selecting Virus & threat
protection, and managing settings such as real-time protection and
scan options allows direct access to Microsoft Defender's
antimalware settings where you can enable or disable features and
modify scan schedules, fulfilling the task of managing antimalware
protection effectively. Firewall & network protection is a separate
section within the Windows Security settings that deals with
firewall settings and network protections, not antimalware settings.
The specific antimalware settings for Microsoft Defender are
managed through the Windows Security settings, not the Control
Panel. Using PowerShell to view all related cmdlets does not allow
direct management of the antimalware settings through a graphical
interface, and it requires additional steps to change settings.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 12/10/2024 8:10 AM
9. Evaluate the following statements about Windows Defender Credential Guard. Identify the
Copyright Cengage Learning. Powered by Cognero. Page 5
,Name: Class: Date:
Mod 01 Secure Windows Server
correct and incorrect statements, based on the functionality and limitations of Credential Guard.
1. Credential Guard requires a 64-bit CPU with virtualization extensions and extended page
tables.
2. Credential Guard is supported on domain controllers if the appropriate Group Policy settings
are configured.
3. Credential Guard can be enabled using Group Policy, with options including Enabled with
UEFI lock and Enabled without lock.
4. When Credential Guard is enabled, it supports all forms of Kerberos encryption and
delegation.
a. All statements are correct.
b. Statements 1 and 3 are correct; statements 2 and 4 are incorrect.
c. Statements 2 and 4 are correct; statements 1 and 3 are incorrect.
d. Only statement 3 is correct; all other statements are incorrect.
ANSWER: b
RATIONALE: Statement 1 is correct, as Credential Guard does require hardware that suppo
virtualization-based security, including a 64-bit CPU with virtualization exte
extended page tables. Statement 3 is correct, as Credential Guard can indeed
Group Policy, with options to enable it with or without UEFI lock. Statemen
as Credential Guard is not supported on domain controllers. Statement 4 is in
Credential Guard does not support Kerberos DES encryption or Kerberos un
delegation.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 12/10/2024 8:14 AM
10. You have noticed some performance issues reported by users that coincide with a recent
software deployment across departments. To understand if these issues are related to Exploit
Protection settings without impacting the operations, what should you do in the Windows
Security settings app?
a. Turn off all Exploit Protection settings to test if performance improves.
b. Turn on the "Audit only" option under the Program Settings tab for the newly
deployed software.
c. Encrypt the stored data related to the new software to enhance performance.
d. Isolate the storage of credential information related to the new software.
ANSWER: b
RATIONALE: The "Audit only" option under the Program Settings tab allows the
administrator to monitor how Exploit Protection settings affect the
software's operation without enforcing these settings, thus enabling
Copyright Cengage Learning. Powered by Cognero. Page 6
,Name: Class: Date:
Mod 01 Secure Windows Server
a non-disruptive evaluation of whether these settings are causing
the performance issues. Disabling all exploit protection settings
might resolve performance issues but would significantly increase
the security risk. Encrypting data at rest does not typically impact
the operation of security settings nor is it related to performance
issues caused by exploit protection settings. Isolating the storage of
credential information, a function of Windows Defender
Credential Guard, is unrelated to addressing performance issues
due to exploit protection settings and would not provide insight
into the impact of these settings on software performance.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Apply
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 10/31/2024 1:33 PM
11. You are tasked to review the Exploit Protection settings on various devices in an
organization's network, comparing specific program settings against system defaults. Which
PowerShell cmdlet and parameters should you use to efficiently gather and compare these
settings?
a. Use Get-ProcessMitigation -System to view all system-level settings and
Get-ProcessMitigation -Name ProgramName to view settings for specific
programs.
b. Use Set-ProcessMitigation -Name ProgramName to view settings for all
system and program levels.
c. Use Get-ProcessMitigation -System to view and compare settings across
all programs and the system.
d. Use Get-ProcessMitigation, omitting the -System parameter, to view
combined settings for the system and all programs.
ANSWER: a
RATIONALE: Using Get-ProcessMitigation -System to view all
system-level settings and Get-ProcessMitigation -Name
ProgramName to view settings for specific programs allows for
effective inspection of system-wide settings separately from
program-specific settings. The Set-ProcessMitigation
cmdlet is used for setting policies, not viewing them. The Get-
ProcessMitigation -System cmdlet only shows system-
level settings, not program-specific settings. Omitting the -
System parameter and using Get-ProcessMitigation does
provide a view of both system- and program-level settings, but the
mixed view can complicate the task of comparing specific program
Copyright Cengage Learning. Powered by Cognero. Page 7
, Name: Class: Date:
Mod 01 Secure Windows Server
settings against system defaults.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Apply
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 12/10/2024 10:05 AM
12. As a security analyst, you are tasked with enhancing the security of the system by restricting
the types of executables that can run on your network. You need a solution that not only restricts
executables but also device drivers and dynamic link libraries (DLLs). Given the differences
between Windows Defender Application Control (WDAC) and AppLocker, which tool should
you choose and why?
a. Choose AppLocker because it allows for both allowlist and blocklist configurations.
b. Choose WDAC because it can control executables, scripts, device drivers, and DLLs.
c. Choose AppLocker because it prevents all executables, including drivers and DLLs,
from running unless specified.
d. Choose WDAC because it blocks executables specified in a blocklist from running.
ANSWER: b
RATIONALE: WDAC allows administrators to restrict a broader range of file
types, including executables, scripts, device drivers, and DLLs.
While AppLocker does support both allowlist and blocklist
configuration options, it does not have the capability to control
device drivers and DLLs, which limits its effectiveness in this
scenario. WDAC is primarily an allowlist tool, not a blocklist tool.
It specifies allowed executables rather than blocked ones.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Toms.AZ801.26.1.1 - Secure Windows Server with Windows Defender.
ACCREDITING STANDARDS: Toms.ExAZ801.26.1.1 - Secure Windows Server operating system.
TOPICS: Securing Windows Server with Windows Defender
KEYWORDS: Bloom's: Apply
DATE CREATED: 10/31/2024 1:33 PM
DATE MODIFIED: 12/10/2024 8:25 AM
13. An organization has a mix of commercially purchased software that is digitally signed and
proprietary in-house developed applications that are not digitally signed. Given the capabilities
of Windows Defender Application Control (WDAC) and the organization's application mix, how
should you configure the WDAC policy to include both types of applications?
a. Configure the WDAC policy to allow only digitally signed applications and exclude
Copyright Cengage Learning. Powered by Cognero. Page 8
