Securing Company Workstations: Best Practices for Night Sign-off, Boot Password, and Encryption

Securing Company Workstations: Best Practices

Question

After a security audit, a technician is tasked with implementing new measures to help secure company workstations.

The new policy states that all workstations must be signed off at night, a password is necessary to boot the computer, and encryption must be enabled.

Which of the following features should the technician implement to BEST meet these requirements? (Choose three.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F. G.

ABG.

To meet the new policy requirements of signing off workstations at night, requiring a password to boot the computer, and enabling encryption, the technician should implement the following three features:

  1. UEFI passwords: UEFI (Unified Extensible Firmware Interface) passwords protect the computer's boot process and prevent unauthorized access to the computer's firmware settings. This means that a password will be required to boot the computer, as per the new policy.

  2. Encryption using BitLocker: BitLocker is a feature built into Windows operating systems that provides encryption for entire hard drives. By enabling BitLocker, the data on the workstation's hard drive will be encrypted, ensuring data security.

  3. Strong passwords: The policy requires a password to sign in to the computer. Therefore, strong passwords should be implemented to ensure that only authorized personnel can access the workstation. A strong password contains a combination of upper and lower case letters, numbers, and symbols and is at least 8-12 characters long.

Other options listed in the question can also be beneficial, but they are not the best choices for meeting the new policy requirements. Screen locks and screensaver passwords can be used to prevent unauthorized access to a workstation that has been left unattended, but they do not provide boot-time protection. Login time restrictions are useful in preventing unauthorized access during specific times, but they are not necessary for meeting the new policy requirements. Credential Manager and Smart Cards are authentication mechanisms, but they are not necessary for implementing password protection and encryption. Biometric authentication is a good option for adding an extra layer of security, but it is not necessary for meeting the new policy requirements.

In summary, the best three features to implement for meeting the new policy requirements are UEFI passwords, encryption using BitLocker, and strong passwords.