6 - Windows Network Protocols

Question 1

Describe the “idea” behind RPC.

Answer 1

• The idea behind RPC is that a computer program can call and execute a subroutine on a remote system just like it would call a local subroutine.
• HOWEVER - the network communication details are hidden from the user.

Question 2

Describe the four steps in RPC.

Answer 2

1. A client makes a request to execute a procedure on the remote server. The client is suspended until the procedure results are back.
2. The procedure’s parameters are passed over the network to the server.
3. The procedure then executes on the server.
4. The results are then transferred back to the client.

Question 3

RPC can be used in distributed environments and local environments.

[True / False]

Answer 3

True

Question 4

RPC is implemented in nearly all popular programming languages.

[True / False]

Answer 4

True

Question 5

Describe the meaning of the abstraction provided by RPC.

Answer 5

The user doesn’t need to know the details of how the RPC interaction was handled over the network.

Question 6

What are the 2 main goals of RPC?

Answer 6

1. A program can use it to request a service from a computer on another network without having to understand the network itself.
2. It can be beneficial because it hides the existence of the network from a program.

Question 7

NetBIOS provides __________ on local networks.

Answer 7

Communication services

Question 8

NetBIOS allows applications and computers on a local area network to communicate with network hardware on another network.

[TRUE / FALSE]

Answer 8

TRUE

Question 9

In Windows, the NetBIOS name can be up to how many characters long?

Answer 9

16

Question 10

How do software applications on a NetBIOS network locate and identify each other?

Answer 10

Through their NetBIOS names

Question 11

What begins a NetBIOS session?

Answer 11

Two applications start a NetBIOS session when the client sends a command to “call” another client (the server) over TCP port 139.

Question 12

In NetBIOS, what is referred to as the “session mode”?

Answer 12

The session mode is where both sides issue “send” and “receive” commands to deliver messages in both directions.

Question 13

What terminates a NetBIOS session?

Answer 13

A “hang-up” command

Question 14

Describe how NetBIOS supports connection-less communications.

Answer 14

1. Through UDP.
2. Applications listen on UDP port 138 to receive NetBIOS datagrams.
3. The datagram service sends/receives datagrams.
4. The datagram service broadcasts datagrams.

Question 15

What does SMB stand for?

Answer 15

Server Message Block

Question 16

What is SMB?

Answer 16

1. SMB is a network file and resource sharing protocol that uses a client-server model.
2. SMB clients such as PCs on a network connect to SMB servers to access resources such as files and directories or perform tasks like printing over the network.

Question 17

What port do SMB clients use to connect to an SMB server?

Answer 17

port 445

Question 18

Server Message Block is a ________ protocol, meaning it transfers multiple messages between the client and server to accomplish the request.

Answer 18

request-response

Question 19

Name two advantages of SMB.

Answer 19

1. SMB provides an authenticated intercommunication process mechanism to share the files or resources (files, folders, printers) within the server.
2. SMB provides the clients to edit files, delete them, share the files, browse the network, print services, etc., over the network.

Question 20

The SMB protocol needs _______ to make communication safe.

Answer 20

security measures

Question 21

What does the “Network Discovery” setting in Windows determine?

Answer 21

Network Discovery determines whether other computers and devices connected to the network can see and communicate with each other.

Question 22

What is one major disadvantage of enabling Network Discovery?

Answer 22

Data transmitted between the connected computers or devices can be intercepted by a third party.

Question 23

Name / describe 3 commands that can be used to perform Network Discovery in the Powershell CLI

Answer 23

1. ipconfig
2. arp -a (will display IPs along with MAC addresses)
3. ping (will iindicate if the connection is still active)

Question 24

Within the context of Network Discovery, what could an invalid IP address be indicative of?

Answer 24

An invalid IP address is often a sign of malicious or rogue devices that might be carrying malware.

Question 25

What CLI command can be used to turn off Network Discovery?

Answer 25

netsh advfirewall firewall set rule group=”Network Discovery” new enable=No

Question 26

Net.exe is a file that is part of Microsoft Windows Operating System.

[TRUE / FALSE]

Answer 26

TRUE

Question 27

Describe some of the functionalities Net.exe may be used for.

Answer 27

1. Starting, pausing, or stopping Windows services
2. Adjusting network account requirements
3. Mapping shared disk resources to drive letters, on local or remote client or server computers.

Question 28

What does the Net command prompt manage?

Answer 28

It manages almost any aspect of a network and its settings, including network shares, network print jobs, and network users.

Question 29

The net command is available from within the Command Prompt in all Windows operating systems.

[TRUE / FALSE]

Answer 29

TRUE

Question 30

What is the “NET ACCOUNTS” command used for?

Answer 30

Used to set the policy settings on local computers, such as Account policies, password policies and logon requirements for all accounts.

Question 31

What is “net /?” used for?

Answer 31

Used to get general help on the net command.

Question 32

When used without options, what does the “net accounts” command display?

Answer 32

Displays the current settings for password, logon limitations, and domain information.

Question 33

What command modifies local groups on computers?

Answer 33

NET LOCALGROUP

Question 34

When used without options, the NET LOCALGROUP command displays what?

Answer 34

the local groups on the computer

Question 35

High level - describe the process of DNS resolution.

Answer 35

• The process of DNS resolution involves converting a host name (such as www.google.com) into a computer-friendly IP address (such as 192.168.1.1).
• An IP address is given to each device on the Internet.

Question 36

In a typical DNS lookup, how many types of queries occur?

Answer 36

3

Question 37

Name the Query type.

A DNS client requires that a DNS server (typically a DNS recursive resolver) will respond to the client with either the requested resource record or an error message if the resolver can’t find the record.

Answer 37

Recursive query

Question 38

Name the Query type.

The DNS resolver knows the answer; it will either immediately return it or query the authoritative DNS Name Server which is guaranteed to have it.

Answer 38

Non-recursive query

Question 39

Name the query.

The DNS client will allow a DNS server to return the best answer it can. If the queried DNS server does not have a match for the query name, it will return a referral to a DNS server authoritative for a lower level of the domain name space. This process continues with additional DNS servers down the query chain until it’s returned or errors out.

Answer 39

Iterative query

Question 40

This is the fastest way for your system to find an IP address

Answer 40

cached DNS data

Question 41

How does cached data speed up queries?

Answer 41

Cached data can speed up queries because the information is immediately available, thus bypassing the entire DNS lookup process.

Question 42

___ is a web server software package designed for Windows Server.

Answer 42

IIS

(Internet Information Services)

Question 43

Name two functions of IIS.

Answer 43

1. It is used for hosting websites and other content on the Web.
2. It provides a visual means of creating, configuring, and publishing sites on the web.

Question 44

What website options does the IIS Manager allow Web Admins to modify?

Answer 44

1. default pages
2. error pages
3. logging settings
4. security settings
5. performance optimizations

Question 45

The traffic going into the IIS web server is sometimes referred to as a web request.

[True / False]

Answer 45

True

Question 46

How are IIS web requests typically processed?

Answer 46

Requests are usually processed on a simple request-response basis.

Question 47

Describe was is meant by the “request-response” model.

Answer 47

The client sends a request, and a response is sent.

Question 48

Name the 2 layers of the IIS processing architecture.

Answer 48

1. Kernel mode
2. User mode

Question 49

With this mode, executed code cannot access hardware or reference memory, giving you a more secure environment to work within. If a mistake is made, the consequences are unlikely to be as devastating.

Answer 49

User mode

Question 50

With this mode, code can execute any command and has total access to connected equipment.

Answer 50

Kernel mode

Question 51

Name the 4 key features of IIS.

Answer 51

1. Application Pools
2. Authentication
3. Security
4. Remote management