Lab – Operating System Security (Answer Version)
Answer Note: Red font color or gray highlights indicate text that appears in the Answer copy only.
In this lab, you will configure Microsoft Defender Antivirus and Windows Defender Firewall.
Part 1: Microsoft Defender Antivirus
Part 2: Windows Defender Firewall
Microsoft Defender Antivirus is built into Windows and managed by Windows Security. It offers real-time protection against malware, viruses, and other security threats. It also receives the latest updates for virus and threat protection.
Note: Windows 11: Click Start > Settings > Privacy & Security > Windows Security.
The definitions are automatically downloaded as part of Windows Update, but you can download the definition manually.
Question:
Which version has security intelligence? When was the version created and last updated?
The specific version number of the security intelligence update, along with its creation and last update dates, will vary depending on the most recent updates received by your Windows system. This information can be found by following the steps outlined:
-
- Open the Windows Security dashboard.
- Navigate to “Virus & threat protection updates” under the Virus & threat protection section.
- Click “Check for updates” to see if new updates are available.
- Once updated, the details of the latest security intelligence version, including the creation and last update dates, will be displayed.
It’s important to note that Microsoft frequently releases updates for security intelligence to ensure the antivirus is equipped to recognize the latest threats. These updates are usually downloaded and applied automatically as part of the Windows Update process, but they can also be downloaded manually as described in the steps above. The version number and dates will reflect the most recent update provided by Microsoft at the time of checking.
Question:
Name the three types of networks that can be protected and list their firewall status.
-
- Domain Network: Typically used in a workplace setting, where computers are connected to a domain controlled by a domain controller. Firewall status is usually on by default for security.
- Private Network: Used for home or personal networks. It’s a trusted network where the firewall is also on by default, but the settings might be less restrictive compared to a domain network.
- Public Network: Applies to networks in public places like coffee shops, airports, etc. These are considered less secure, and the firewall is on with the most restrictive settings to protect against potential threats in these untrusted environments.
Question:
What are the available settings?
In the settings for a Private network (which can be similar for other network types), the available options typically include:
-
- Turn Microsoft Defender Firewall on or off: Allows you to enable or disable the firewall protection.
- Block all incoming connections, including those in the list of allowed apps: This is a more stringent setting that blocks all incoming connections regardless of any exceptions defined in the firewall rules.
- Notifications: Adjust settings to receive notifications when Microsoft Defender Firewall blocks a new app.
- Allow an app through firewall: You can configure exceptions to allow specific applications to communicate through the firewall.
These settings provide a balance between security and usability based on the trust level of the network environment. The option to block all incoming connections is particularly useful in highly sensitive or insecure environments.
You can configure Windows Defender Firewall to allow or block a specific application through the Windows Defender Firewall.
You can configure the firewall behavior for a specific protocol. For example, ping requests and replies are blocked by default. In this step, you will allow IPv4 pings (ICMPv4) through the firewall by creating a custom inbound filtering rule.
End of document