Pass Microsoft Windows 10 MD-100 Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers to Pass the Actual Exam!
30 Days Free Updates, Instant Download!
MD-100 Premium Bundle
- Premium File 397 Questions & Answers. Last update: May 30, 2023
- Training Course 48 Lectures
- Study Guide 662 Pages
Last Week Results!
|Download Free MD-100 Exam Questions|
Size: 2.87 MB
Size: 2.4 MB
Size: 2.19 MB
Size: 2.09 MB
Size: 2.26 MB
Size: 1.89 MB
Size: 1.86 MB
Size: 1.62 MB
Size: 1.31 MB
Size: 1.16 MB
Microsoft Windows 10 MD-100 Practice Test Questions and Answers, Microsoft Windows 10 MD-100 Exam Dumps - PrepAway
All Microsoft Windows 10 MD-100 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the MD-100 Windows 10 practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!
Manage Windows security
1. Understanding and Configuring Windows Defender Firewall
Just type in the word control here, and then you're going to notice down here. I've got Windows Defender Firewall. So I'm going to open that up. And the first thing I want to point out is that you've got these things here called network profiles. The cool thing about network profiles is that you can enable and disable firewall rules based on the network profile, depending on where this computer is. Let's say this computer is a laptop, and it jumps around to different networks, okay? Sometimes the computer is at the office, the laptop is at the office, and it's in the domain, so it's on a domain network.
I can configure this part of the firewall to affect computers when they're in the domain. Sometimes your computer might beat your house, all right? That's called a private network. A network that you trust and control is usually called a private network, okay? And then sometimes your computer may be on a network that you absolutely don't trust. That's called a guest or public network. So, like, maybe you take your computer to a coffee shop, or it's in a hotel, or it's in an airport—a network you don't trust. This is usually the network profile that you want to restrict the most of the three, okay? So you can manage, you can have different firewall rules depending upon what profile you're in, all right? So here's another thing you can do. If you want to turn these on or off, you can click turn Windows Firewall on or off. Click that, and you can turn them off.
Now, I don't recommend turning your firewall off a whole lot unless you've got another firewall. I just don't want to use Windows Defender, or sometimes I'll do it for troubleshooting, just to try something. If I'm having problems connecting to my computer, perhaps I'll turn my firewall off temporarily just to make sure that it's not the firewall blocking something. If I were to turn my firewall off and be able to connect in, that tells me that it's my firewall that's the problem. But if I turn my firewall off and I still can't connect to a computer, then that tells me it's probably not the firewall, okay? So that's the reason for kind of turning it on or off, but I wouldn't ever leave it off for a long period of time.
So you've got a couple of checkboxes here. You can say, "Block all incoming connections if you want." Notify me when Windows Firewall blocks a new app. I have different options here. I would definitely do this one right here. Block all incoming connections, including those on the list of allowed in a public environment, an environment that I don't trust, okay? So I usually do that. I might trust things on the private network in the domain, but not guests or the public. I don't like anything connecting with me. Like if I'm at a coffee shop using my laptop, I don't want anything connecting into me from there or from a hotel or airport or something like that, okay? Now another thing you can do is allow apps or features through the firewall. So I'll go here, and this will let me allow things on the machine through the firewall. For example, we talked about shared folders and all that. If I want to allow computers to connect to my shared folders, I can do this right here. I can support file and printer sharing, I can support that. I'm going to turn that off for the public, allow it for the domain, allow it for private, but not for the public, okay? If I want to do so, this is just a quick way to turn things on, allow things in, or not allow things in through your firewall. Now there's also the more advanced firewall.
So if you come over here to the advanced settings, you can configure inbound rules and outbound rules. Let me zoom in on that. Okay, so I've got inbound rules and I've got outbound rules. An inbound rule is going to affect traffic flowing into your computer, okay? An outbound rule is going to try to affect traffic going out of your computer. So you can allow things in and you can allow things out. Okay? In this case, I've got an inbound rule that says "block port 1234," which is just going to block all traffic coming in for that particular port. A port is a number that's associated with some type of service on your machine. For example, port 80 is http, and port 443 is https. Not to turn this into like a networking 101 class, but that's the idea, okay? So if I wanted to block a port called Telnet, telnet is a terminal-simulation programme for remoting into computers. Maybe I want to block it from coming in. If I wanted to block it coming in, I'd go to this inbound rule here.
Go to the action menu. New rule. There we go. new rule, right? And Telnet uses a port, so I can do programs and ports. There are even some predefined rules. You can customise things. I'm going to go with port. Okay? I'm going to click next, and then it's known as a TCP port. I'm going to put 23. That's the telnet port. If you want to give a range, you could say 23 through 100. It would block every port from 23 to 100. And I could put commas at 23 and then say 25. And then it would block 23 and 25. So you can use ranges where you can actually just put one port in. So if I'm going to block Telnet, I'm going to use 23. I'm going to click next, and then I'm going to say block it. And then I'm going to click next. And then I could choose which profiles to block it on. I'm going to block it for all of them. Then I'm going to say block telnet for, all right? and just give it a name. And then I'm going to click "finish." And as you can see, I've now created my port. Now, if I wanted to stop this computer, that would stop computers from connecting to my computer using telnet. If I wanted to stop this computer from connecting to computers using telnet, I would do it here. and it's going to work the same way.
You just go here. New rule, okay? And then you click Port and run through the wizard. Okay? 23. Same exact thing, really. Block next, put the profiles in next, and then block tailnet for all. So now I've got two rules. One incoming, one outgoing for blocking telnet. So that's the advanced firewall. All right, let me get in. And I can also support encrypted connections here, which I'm not going to get into right now. And then this is where you can actually monitor some of the traffic flowing in, but we'll talk more about some monitoring stuff later, okay? That gives you a better understanding. Keep in mind that I can actually apply these rules to group policies as well. So I could use a GPO to apply a bunch of firewall rules to people's machines if I wanted to. I could really not just have to do this on a per-computer basis, but using GPOs, I could deploy this to a large amount of computers and apply the settings that I want. Okay, so pretty neat. The firewall is actually a lot better than it used to be. Microsoft has really, really improved it over the years. And I definitely use that with the different clients that I do consulting work with, I actually use that in their environments. It works really, really well.
2. Using Encrypting File System (EFS) to protect data on your Windows 10 Computer
Look at my CD-ROM drive. I'm just going to verify that my C drive is running NTFS. And as you can see, it is. Okay? So let me zoom in here for you, and we'll take a look at a folder here called Personal Docs. And I'm going to go into that personal documents folder, and I've got a document here called a proposal. Now here's the thing: Maybe I'm a user, and I've got some personal data that's on the C drive. And perhaps I don't want anybody else logging on to the computer and accessing that data.
This is maybe some kind of proposal I'm making to my company. and it's sensitive information. So I want to protect that information and provide some encryption for it. So what I can do is click on this document. I can go to Properties right here. It's going to pop a box up on the screen. Let me get to this box here. And you'll notice towards the bottom of the proposal properties, I can click Advanced, and then from there, I can choose to encrypt contents to secure data.
So I'm going to select that. This is going to use EFS. EFS's encrypted filesystem is going to use Digital Certificate Technology, which uses public-private key encryption to protect my data. So the same type of encryption you're using here is what we use out on the Web to protect a lot of our web transactions and all that. So I'm going to click OK. All right? And then at that point, I'm going to click okay again, and it's going to ask me if I want to encrypt just the file or the entire folder and what's in it. I'm just going to say just the file. Click OK. And you'll notice that it shows a little lock symbol over the file.
So now, if another user tried to log on and use this file, they would not be able to open it. Okay? They would get an "access denied" message. I also would like to point out that even if another user had admin rights over this, even if they had full control over this file, they would not be able to open it. Okay? So you've got to understand that getting access to data, if you're using encryption, involves two doors. You got a permissions door, and you got an encryption door. The permissions door lets you get through the permissions, but the encryption is another door that a person would have to pass through in order to get access to this file.
Okay? So here's the other thing I can do: So I can open it, no problem. I don't have to decrypt it. As you can see, I just typed a bunch of junk in there, but it's already encrypted. I can open it pretty easily. But if another user tried to open it, they would get access to it now. Another thing I want to point out is that if I go to properties here and click over here on Advanced, I can turn off the encryption if I want, but I also want to show you there's something called "Details" I can click on. Now, Details will allow me to share this with somebody else. I could click Add Right Here and add another user, and then another user could actually unlock this file.
I also want to point out that it says you have what's known as the "recovery certificate," and that's given over to the administrator by default. The built-in administrator is something called the data recovery agent. If for some reason somebody got locked out of their data and couldn't open their data, then they could unlock their data by going into that account, and they would be able to use a recovery agent account to get access to that data. So it's pretty straightforward. EFS is a pretty secure little system that we can use. But remember, EFS is going to encrypt files one at a time. If you want to encrypt the entire hard drive, you're going to want to use BitLocker.
3.Enabling Bitlocker Drive Encryption
You have BitLocker drive encryption. So I'm going to click on that, and then you're going to notice that it says that BitLocker is turned off for my C drive. It's turned off for my E-drive. I want to turn on BitLocker. I can click to turn on BitLocker. Now, I want to show you that you're going to get an error message here. The error message is going to tell me that I do not have a TPM chip, okay? Now, a TPM chip—this is called a trusted platform module—is a special chip that's going to allow you to encrypt your hard drive. And it's going to store the encryption keys, the little mathematical encryption keys that will decrypt your hard drive, inside this little solid state chip, okay? And it's meant to be like a tamper-proof thing.
If somebody tried to get access to it, it could destroy the key and all that. and I always like to use the analogy. It's kind of like this. If you were going to imagine a safe in your mind that you would lock with a key, you wouldn't want to open up the safe, store your valuables in the safe, and then take the key and store it inside the safe and then shut it and lock it somehow. And then you would lose the key. Right? So BitLocker works the same way. You have to have a place to store your mathematical keys. You don't want to encrypt your mathematical keys on the drive that's being encrypted because you wouldn't be able to decrypt your keys. Right? So there's got to be a place to store them. Microsoft is trying to force us to have this thing called a TPM chip trusted platform module, which is a safe place to store the key. Now, what is a TPM chip? Here is a picture for you of what it looks like. It's this guy right here, all right? and a very nondescript chip.
Most business-class computers that have come out in the last ten years usually do have this chip, okay? So if you have a business-class computer, you will have this chip. I'm using a virtual machine. I actually do have a TPM chip, but my virtual machine does not have that turned on. There is a way on virtual machines to turn it on known as a "virtual TPM chip" that lets you attach to the physical TPM chip in the computer. But I don't have that feature turned on. So what I want to show you guys is that I could still use BitLocker if I wanted to without a TPM chip.
First off, for drives that don't have the operating system on them, like the Edrive, I can actually encrypt them without actually having to have a TPM chip. But the operating system drive is going to require me to have a TPM chip, which I can disable using GPOs if I want. So all I've got to do is jump over to my domain controller here and then go into the group policy management tool that I showed you guys before. And I'm going to create a GPO called BitLocker. And then I'm just going to edit that GPO. We're going to go under computer configuration. Let me zoom in on this for you. We're going to go underneath computer configuration policies, then administrative templates, and then Windows components. And there is a set of policies related to BitLocker right here.
And what I'm going to go after is this operating system's drives folder. That's where the policies are that require me to have BitLocker right now: TPM for BitLocker. So if I go there, I've got a policy over here called "Let me adjust this." a policy called require additional authentication at startup. I'm going to double-click on that. I'm going to enable this policy and notice what we've got: a bit locker without a compatible TPM. So if I apply that policy, it's now enabled. If I apply that policy and I'm going to apply it to New York, well, let's just apply it to the whole domain.
We will apply it to the whole domain. You may not do that in the real world plot to the whole domain. You might just want to apply it to a particular organisation, but I'm going to do it to the entire domain. So now this policy is going to take effect across the entire domain. Now, remember, I don't want to wait; remember, it's a 9120-minute period. I don't want to wait that long. So I'm going to jump over to my client computer now, and I'm going to run that command that I showed you guys in the group policy lecture called gpupdateforce. So we're going to run that on this machine, gpdateforce. Okay? Meanwhile, I'm going to close the screen. I'm going to wait for the policy to refresh. As I do that, I'm going to open up the control panel.
Go ahead and get that loaded up here. All right, it's done. Refreshing. See, it says everything was refreshed successfully. Now watch this. We'll come over and use BitLocker again. Oops, let me go back here. Go over to BitLocker. And then now watch what happens when I say, "Turn on bitlocker for the CD drive," okay? Notice I did not get that error. So that policy took effect, and now I'm not being required to do it, okay? So at that point, I could enter a password or I could have a flash drive. So my key will either be a password or a flash drive. I'm going to do a password, okay? At that point, I can put in my password, whatever I want that password to be, and then go ahead and click next to that. And then I could save; the next thing is going to ask me if I want to save a recovery key. So there's a failsafe in bit locker. If you were to lose the mathematical key to unlocking your drive, there's a failsafe called a recovery key.
The recovery key is a 48-digit number that gets you into your machine. You could actually have this number and these keys stored in Active Directory. Or it can actually be stored in the cloud and backed up there if you're part of Microsoft's Azure cloud environment. So if somebody gets locked out of their hard drive, you could actually still get into it if you needed to. So in my case, I'm going to save this recovery key, all right? and we'll save it to a file. I'm going to save it on my domain controller.
It won't let me save it directly on my computer for obvious reasons. Here. All right, let me just put in the right administrator here. There we go. So I'll save that on the C drive over there, and then I'll go show it to you here in just a second. So at that point, now that I've saved my key, I can click Next. It's going to ask me if I want to encrypt the disc space as well or encrypt the entire drive.
I'll say to encrypt the entire drive. Okay. And then it asks me if I want to use the newer encryption or the older encryption. So if you have at least Windows Ten, version 1511, then you can use the newer encryption, which is a stronger encryption, or if you want to use the older encryption for backwards compatibility with older operating systems like Windows Eight, Windows Seven, and Vista, you would use compatibility mode. But again, that one's not as secure. So I'm going to say no. I'm going to click Next, and it's going to say, "Do you want to run a Vet Locker system check?" And I could do that if I wanted. It'll run through and do a system check on the machine and make sure that it doesn't have any kind of corruption on it or anything like that. And then at that point, it is going to want to reboot this machine and do the encryption on the drive.
Okay? So at that point, it's telling me I've got to remove my disk, which is the Windows DVD. So now I'll say "restart," and then it's going to do the restart process. Okay? So at that point, it's going to start rebooting. I'm going to jump over here. That's going to reboot. When it boots up, it's going to prompt me for the password that I entered, and then it will unlock the drive for me. If somebody was to steal my drive and try to get access to the drive, they wouldn't be able to. They didn't know my password. A password, again, is not as secure as storing this inside the TPM chip.
You can actually pair this with smart cards as well. Let me go to the C drive here on this domain controller, and I'll go to C. And then here is that file that I saved on the C drive. This is the BitLocker key right here. So this is that 48-digit number. If I were to get locked out of my drive, as long as I've got that number, I can unlock it. Okay. The identifier is just the number that identifies that drive. Every drive gets a unique identifier. This identifier is just to let me know that this is the right key that goes with the identifier. The identifier is not the key. This is the key down here. Always get into my drive if I need to get in my drive. Okay. All right, bye.
Microsoft Windows 10 MD-100 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass MD-100 Windows 10 certification exam dumps & practice test questions and answers are to help students.
Comments * The most recent comment are at the top
IT Certification Tutorials
- Top Career Opportunities for Financial Certified Professionals
- Top Project Management Certifications to Improve Your CV
- Top 10 Computer Job Titles That Will Rule the Future
- Discontinuation of ITIL v3 in 2022 And New Technological Era
- GAQM CSM-001 Certified Scrum Master - Chapter 04 - Meetings in Scrum Part 3
- Python Institute PCAP - Modules; Packages and Object Oriented Programming in Python Part 3
- PMI PMP Project Management Professional - Introducing Project Risk Management Part 3
- CompTIA CASP+ CAS-004 - Chapter 01 - Understanding Risk Management Part 3
- DA-100 Microsoft Power BI - Part 2 Level 2 - Getting Multiple files
- CompTIA CASP+ CAS-004 - Chapter 04 - Implementing Security for Systems; Applications; and Storage Part 3
- IIBA CBAP - Tasks of Business Analysis Planning and Monitoring
- MB-210 Microsoft Dynamics 365 - Create and Manage Product and Product Catalog Part 2
- Salesforce Certified Platform App Builder - 5 - Business Logic and Process Automation Part 3
- Amazon AWS Certified Data Analytics Specialty - Domain 4: Analysis
- Google Professional Cloud Network Engineer - Designing; Planning; and Prototyping a GCP Network Part 3