# SEC-7 Quiz: Workstation Hardening

Take this after studying `notes/SEC-7-workstation-hardening.md`.

Reply with answers like:
`1B 2A 3D 4C 5B 6A 7D`

## Questions

1. Which control protects data if a laptop drive is stolen?

A. APIPA  
B. Disk Cleanup  
C. SSID broadcast  
D. Full-disk encryption  

2. Why should default usernames and passwords be changed?

A. It increases CPU speed  
B. It disables DNS  
C. Defaults are often publicly known  
D. It changes the file system  

3. What does account lockout after failed password attempts help prevent?

A. Shoulder surfing only  
B. Online brute force attacks  
C. Disk fragmentation  
D. DHCP failure  

4. Which setting should be disabled or restricted to reduce removable-media auto-execution risk?

A. File extension visibility  
B. Screen brightness  
C. Time zone  
D. AutoPlay/AutoRun  

5. Why disable unnecessary services?

A. Each service can increase attack surface  
B. It improves monitor resolution  
C. It guarantees password recovery  
D. It removes the need for backups  

6. Which tool shows BitLocker status from the command line?

A. `netstat -ano`  
B. `ipconfig /release`  
C. `manage-bde -status`  
D. `gpresult /r`  

7. What should you do before disabling a service on a workstation?

A. Delete all user files  
B. Confirm business/system impact  
C. Disable antivirus permanently  
D. Convert the drive to FAT32  

8. Why is it important to keep OS and application patches up to date?

A. Patches improve screen resolution  
B. Patches close known security vulnerabilities  
C. Patches disable antivirus  
D. Patches remove user accounts  

9. Which configuration reduces the attack surface by requiring a PIN before the screen is accessible?

A. Disable screen lock  
B. Enable AutoRun  
C. Screen lock with automatic timeout  
D. Lower display brightness  

10. What is the purpose of host-based firewall rules on a workstation?

A. Control which apps can accept inbound network connections  
B. Manage driver installation  
C. Remove the need for EFS  
D. Disable BitLocker  

11. A company requires 12-character minimum passwords with complexity. Where is this configured on a standalone Windows machine?

A. Device Manager  
B. Windows Update  
C. Local Security Policy  
D. File Explorer Options  

12. What does the principle of least privilege mean for local workstation accounts?

A. All users should have Administrator rights  
B. Users should receive only the permissions required for their job function  
C. Guest accounts should be enabled for everyone  
D. Shared accounts are preferred  

13. Which hardening technique removes unnecessary software (games, demos, trial apps) from a workstation?

A. Degaussing  
B. Account lockout policy  
C. Uninstalling unnecessary applications  
D. Enabling AutoRun  

14. Which setting limits how many failed login attempts are allowed before an account is temporarily locked?

A. Account lockout threshold  
B. Password complexity  
C. EFS recovery agent  
D. BitLocker PIN length  

15. A technician is deploying 50 identical workstations. Which approach best ensures consistent hardening?

A. Configure each manually  
B. Use a hardened image or Group Policy baseline  
C. Ask each user to configure their own settings  
D. Enable AutoPlay on all devices  

## Answer Key For Instructor

1. D
2. C
3. B
4. D
5. A
6. C
7. B
8. B
9. C
10. A
11. C
12. B
13. C
14. A
15. B