Security Hardening, Secure Boot and AD

Which of the following is a common first step in system hardening?

Which of the following practices helps in securing user accounts during system hardening?

You’re an IT administrator at a large enterprise. During a routine check, you discover a system booting with a non-signed bootloader. The system runs, but you're concerned about the risk. Which feature would help prevent this issue in the future?

A user downloads and runs a suspicious program. The program attempts to load a custom kernel-mode driver not signed by a trusted authority. What Windows feature will prevent this driver from executing?

Your development team is testing a new driver on Windows 11. It's signed with an internal test certificate, but Windows refuses to load it, citing driver signing policies. What must be done for the code to run temporarily on a test system without disabling security for all users?

An attacker attempts to bypass Secure Boot by exploiting UEFI firmware to insert a malicious bootloader. What countermeasure would most effectively detect or prevent such a compromise?

Your company requires certain internally-developed applications and drivers to run on employee laptops. These apps are signed, but not by Microsoft. Which strategy ensures both security and functionality without compromising Secure Boot or Code Integrity?