When you combine the release of Windows 11 — along with all the other iterations still in use — with security, you wind up with a topic that is a prime breeding ground for certification exam questions. How much do you know about Microsoft's signature OS and its security options and features?

What follows is a self-test of twenty-five questions based on the general concepts and topics related to security components of the operating system. In all cases, pick the best answer(s) to each question. The answers appear at the end of the questions. Good luck!

1. You have opened a command prompt on a Windows 11 workstation and typed netsh wlan show drivers to see if there is Wi-Fi 6 support on the router. If the support is present, which of the following should appear in the display next to “Radio types supported”?
A. 802.11ax
B. 802.11ac
C. 802.11a
D. 802.11an

2. A collection of technologies used to set up and pre-configure new devices is now collectively known as which of the following?
A. Windows Revolution
B. Windows Set/Reset
C. Windows Autopilot
D. Windows Modification and Alteration Guard

3. Cryptography with Windows 11 is subject to which FIPS (Federal Information Processing Standards) certification?
A. 110
B. 140
C. 510
D. 523

4. Which of the following locks Microsoft Defender Antivirus to default values and prevents security settings from being changed through apps?
A. Tamper protection
B. Behavior monitoring
C. Controlled folder access
D. Trust and verify

5. When using a smart card for authentication, Windows combines Kerberos with which version of X.509 certificates?
A. v4
B. v3
C. v2
D. v1

6. Which of the following amounts to measuring early boot components to ensure that unauthorized firmware (or software) does not start before the Windows bootloader?
A. Static Root of Trust for Measurement
B. Kernel DMA Protection
C. Unified Extensible Firmware
D. System Management Mode

7. Which of the following adds additional Wi-Fi security to WPA3?
A. CLI
B. PSK
C. H2E
D. MAB

8. Which of the following Windows tools can be used to control which apps and files users can run?
A. AppLocker
B. BirdCage
C. SandBox
D. ToolShed

9. Which block cipher algorithm does BitLocker use to encrypt data?
A. CAST
B. AES
C. DES
D. RC6

10. Windows 11 is certified by the FIDO Alliance. What is the mission of this open industry association?
A. To increase key length in encryption
B. To enable operability between operating systems
C. To decrease dependence on hardware standards
D. To reduce reliance on passwords

11. Which of the following allows a system to initially boot into untrusted code, but shortly thereafter launches it into a trusted state by taking control of all CPUs and forcing them to follow a known and measured code path?
A. SRTM
B. DRTM
C. SMM
D. TRBS

12. While AppLocker works with Windows 11,it is not planned to have features upgraded in the future and Microsoft recommends migrating to which of the following?
A. Windows Credential Administrator
B. Windows Defender SmartScreen
C. S/MIME for Windows
D. Windows Defender Application Control

13. Core isolation adds additional protection against malware by isolating computer processes from the operating system. With Windows 11, core isolation is known as:
A. Memory integrity
B. Pluton
C. Virtualization-based security
D. System Guard

14. For mobile device management (MDM), which of the following does cloud-based tool does Microsoft Endpoint Manager use?
A. Autopilot
B. Intune
C. JumpOn
D. CloudStream

15. Which of the following is a time-limited passcode issued by an admin that can be used to onboard other authentication methods (such as password-less ones)?
A. OATH
B. Temporary Access Pass
C. Interim Salt Code
D. Guest Provisional Entry

Please visit GoCertify to attempt the remaining 10 questions of this quiz.

‍

ANSWER

1. A: The presence of 802.11ax will indicate support for Wi-Fi 6.
2. C: A collection of technologies used to set up and pre-configure new devices is now collectively known as Windows Autopilot.
3. B: Cryptography with Windows 11 is subject to FIPS 140 certification.
4. A: Tamper protection locks Microsoft Defender Antivirus to default values and prevents security settings from being changed through apps.
5. B: When using a smart card for authentication, Windows combines Kerberos with X.509 version 3 certificates.
6. A: Static Root of Trust for Measurement (SRTM) amounts to measuring early boot components to ensure that unauthorized firmware (or software) does not start before the Windows bootloader.
7. C: Hash-to-Element (H2E) adds additional security to WPA3.
8. A: AppLocker can be used to control which apps and files users can run.
9. B: BitLocker uses the AES (Advanced Encryption Standard) block cipher algorithm to encrypt data.
10. D: The mission of the FIDO Alliance is to reduce reliance on passwords since they are the root cause of most data breaches.
11. B: Dynamic Root of Trust for Measurement (DRTM) allows a system to initially boot into untrusted code, but shortly thereafter launches it into a trusted state by taking control of all CPUs and forcing them to follow a known and measured code path.
12. D: Future feature development is not planned for AppLocker and Microsoft recommends migrating to which Windows Defender Application Control (WDAC).
13. C: Core isolation is also known as Virtualization-based security (VBS).
14. B: For mobile device management (MDM), Microsoft Endpoint Manager uses the Intune cloud-based tool.
15. B: A Temporary Access Pass (TAP) is a time-limited passcode that can be used to onboard other authentication methods — including passwordless ones.