Lesson 14: Managing Windows Networking Flashcards
A user is experiencing what seems to be latency, which is affecting their ability to work. They decide to validate their theory with a ping test. What will indicate latency?
A.ARP
B.RTT
C.APIPA
D.DNS
B. RTT (Round-Trip Time)
If the ping is successful, it responds with the message Reply from IP Address and the time it takes for the host’s response to arrive. The millisecond (ms) measures of round-trip time (RTT) can be used to diagnose latency problems.
Other options
A. Address Resolution Protocol (ARP) is used to locate the hardware or media access control (MAC) address of the interface that owns an IP address.
C. When no DHCP server can be contacted, the adapter will either use an address from the automatic private IP addressing (APIPA) 169.254.x.y range or will use an address specified as an alternate configuration in IPv4 properties.
D. The domain name system (DNS) itself is not really useful to test latency. The RTT value should be used.
A security manager reviews user roles and grants the minimum privileges necessary. What did the manager implement?
A.Implicit deny
B.Least privilege
C.ACL
D.Authentication
B. Least Privilege
Least privilege means that a user should be granted the minimum possible rights necessary to perform the job. This can be complex to apply in practice, however.
Other options
A. Implicit deny means that unless there is a rule specifying that access should be granted, any request for access is denied.
C. A permission is usually implemented as an access control list (ACL) attached to each resource. Within an ACL, each access control entry (ACE) identifies a subject and the permissions it has for the resource.
D. Authentication means that everything using the system is identified by an account and that an account can only be operated by someone who can supply the correct credentials.
A server administrator wants to connect to a user’s computer. They are trying to get their patching numbers up and discover that users must pull the updates, so the administrator wants to push a script that forces the pull. The administrator wants to copy the file to users’ automatically hidden shares. Which of the following could the administrator use? (Select all that apply.)
A.C:\Windows$
B.C$
C.C:\Users$
D.ADMIN$
B. C$ and D. ADMIN$
B. In addition to any local shares created by a user, Windows automatically creates hidden administrative shares. This includes the root folder of any local drives (C$).
D. It also includes the system folder (ADMIN$). Administrative shares can only be accessed by members of the local Administrators group.
Other options
A. C:\Windows$ is not automatically created. If the administrator wanted to connect, they could first connect to C$ and then navigate to the Windows folder.
C. C:\Users$ is also not automatically created, but could also be accessed by first accessing the hidden C$ share.
A security engineer investigates legacy applications and employees that are still using them. Which of the following user groups represent a security concern?
A.Guest
B.Power users
C.Standard account
D.Local users and groups
B. Power Users
The power users’ group is present to support legacy applications. This approach created vulnerabilities that allowed accounts to escalate to the administrator’s group.
Other options
A. The guest user account is disabled by default. Microsoft ended support for using the Guest account to log in to Windows in a feature update.
C. A standard account is a member of the Users group. This group is generally only able to configure settings for its profile.
D. The local users and groups management console is not a user group. The console provides an interface for managing both user and group accounts.
A server administrator’s profile is set up to copy the whole profile from a share at logon and copy the updated profile back at logoff. This allows the administrator to hop on to any of the company’s computers. What technique was set up?
A.Folder redirection
B.Home folder
C.Group policy
D.Roaming profile
D. Roaming Profile
Roaming profiles copies the whole profile from a share at logon and copies the updated profile back at logoff.
Other options
A. Folder redirection changes the target of a personal folder, such as the Documents folder, Pictures folder, or Start Menu folder, to a file share.
B. A home folder is a private drive mapped to a network share in which users can store personal files. The home folder location is configured via the account properties on the Profile tab using the Connect to box.
C. A roaming profile script was most likely pushed out using group policy for logon and logoff actions, but the actual setup for migrating profiles is called roaming profiles.
A server administrator sets up static network configurations for servers since they do not want the IP address to change. The administrator sets up the IP address on a 24-bit subnet. What should the administrator set the subnet mask to?
A.255.255.0.0
B.255.0.0.0
C.255.255.255.0
D.0.0.0.0
C. 255.255.255.0
Administrators can also adjust the IP configuration via the settings app. In this dialog, they need to enter the mask as a prefix length in bits. A 255.255.255.0 mask is 24 bits.
Other Options
A. A subnet mask of 255.255.0.0 would be the subnet mask for the 16-bit wildcard mask. An example would mean the subnet is from 192.168.0.0 - 192.168.255.255.
B. A subnet mask of 255.0.0.0 would be the subnet mask for the 8-bit wildcard mask. An example would mean the subnet is from 10.0.0.0 - 10.255.255.255.
D. A subnet mask of 0.0.0.0 would be non-routable. This is usually a black hole where traffic is dropped.
A user calls into the helpdesk after receiving a recent update to their computer and now certain functions are no longer working properly. The helpdesk technician asks for their FQDN. What would be an example of the FQDN?
A.userhost.comptia.com
B.userhost
C.comptia.com
D.192.168.14.25
A. userhost.comptia.com
userhost.comptia.com would be an example of a fully qualified domain name (FQDN). This includes both the name of the host as well as the domain it is on.
Other options
B. userhost would only be an example of the host name. The addition of the domain makes it an FQDN.
C. comptia.com would be an example of a DNS alias. Typically, a host is also configured with the addresses of Domain Name System (DNS) servers that can resolve requests for name resources to IP addresses.
D. The 192.168.14.25 would be an example of the host’s possible IP address. An Internet Protocol (IP) addressing scheme can use either IPv4 or IPv6.
A vulnerability manager cleans up the patching program in their enterprise. After getting it back to a good state, the manager focuses efforts on hardening. They begin with a test box and want to look at open connections from services. What command should the manager use?
A.nslookup
B.tracert
C.ipconfig
D.netstat
D. netstat
The netstat command can be used to investigate open ports and connections on the local host. This can be used to see what ports are open on a server and whether other clients are connecting to them.
*Other options**
A. If the technician identifies or suspects a problem with name resolution, the technician can troubleshoot DNS with the nslookup command, either interactively or from the command prompt.
B. The tracert command line utility is used to trace the path a packet of information takes to get to its target.
C. Used without switches, ipconfig displays the IP address, subnet mask, and default gateway (router) for all network adapters to which TCP/IP is bound.
A desktop technician is setting up a new PC on a local network and is trying to install software as a part of the setup process. They try to access a network share via a UNC path of \fileserv01\Setup\Apps and get a message that the location cannot be reached. They ping the file server by IP and get a reply. What network configuration on the PC should be prioritized for investigation?
A.DHCP
B.DNS
C.VPN
D.NIC
B. DNS
Domain Name System (DNS) would be the first thing to check. If a network resource does not seem to be reachable by hostname (fileserv01) but it can be reached by pinging the IP, the PC cannot seem to resolve the host name, which could indicate a problem with DNS settings.
Other options
A. Dynamic Host Configuration Protocol (DHCP) is used to automatically assign IP addressing information to hosts that have not been configured manually. In this case the PC has an IP address, as it is able to ping another resource.
C. A Virtual Private Network (VPN) is a secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet). This is unlikely to be the issue, as the PC is being set up on a local network and not a remote site.
D. Network Interface Card (NIC) is an adapter card that provides one or more Ethernet ports for connecting hosts to a network so that they can exchange data over a link. This seems to be working, as the PC is able to ping another network resource.
A support technician receives a call from a user who cannot seem to access a department share at \fileserv01\ShareDrive. The user also explains that they can somehow reach the share via the IP at \192.168.8.20\ShareDrive. Which of the following should the technician check first?
A.DNS
B.RTT
C.Firewall
D.APIPA
A. DNS
If a service such as domain name system (DNS) is not working, users will be able to connect to servers by IP address but not by name.
Other options
B. If a ping is successful, it responds with the message Reply from IP Address and the time it takes for the host’s response to arrive. The millisecond (ms) measures of round-trip time (RTT) can be used to diagnose latency problems.
C. A firewall or other security software or hardware might be blocking the connection or proxy settings might be misconfigured. However, if the IP is working, then it is most likely DNS.
D. When no DHCP server can be contacted, the adapter will most likely use an address from the automatic IP addressing (APIPA) 169.254.x.y range.
A Windows administrator wants to divide a domain up into different administrative realms to delegate responsibility for administering company departments. What should the administrator use to do this?
A.Security groups
B.Member server
C.Group policy
D.OU
D. OU
An organizational unit (OU) is a way of dividing a domain up into different administrative realms. Administrators might create OUs to delegate responsibility for administering company departments or locations.
Other options
A. A domain supports the use of security groups to assign permissions more easily and robustly. User accounts are given membership of security groups to assign them permissions on the network.
B. A member server is any server-based system that has been joined to the domain but does not maintain a copy of the Active Directory database.
C. A domain group policy configures computer settings and user profile settings. Some settings are exposed through standard objects and folders, such as Security Settings.
A user calls in to support, complaining that they can not seem to reach anything on the network. The user was able to receive an IP address of 169.254.15.83 though. What is most likely the problem?
A.No internet access.
B.The computer does not receive a DNS entry.
C.It cannot find the wireless SSID.
D.No DHCP server found.
D. No DHCP server found
When no Dynamic Host Configuration Protocol (DHCP) server can be contacted, the adapter will either use an address from the automatic IP addressing (APIPA) 169.254.x.y range or will use an address specified as an alternate configuration in IPv4 properties.
Other options
A. Receiving a 169.254 automatic private IP address (APIPA) does not necessarily mean that there is no internet access. It could mean that the DHCP reservations are full or that a DHCP server cannot be found.
B. An APIPA is not associated with a domain name system (DNS) entry. DNS entries are usually created when the computer is joined to a domain though.
C. The scenario does not specify if the user is connecting wirelessly or through a wired connection.
An administrator sets up a network share for the marketing team to collaborate. The requirement is to protect the files from a user who has local access to the computer that hosts the shared resource. What type of permission should the administrator set up?
A.NTFS
B.Share-level
C.FAT32
D.ACE
A. NFTS
New Technology File System (NTFS) permissions are applied for both network and local access and can be applied to folders and to individual files.
Other options
B. Share-level permissions only apply when a folder is accessed over a network connection. They offer no protection against a user who is logged on locally to the computer hosting the shared resource.
C. The FAT32 file system does not support permissions. Many cameras or other similar devices use storage with FAT32, but it does not support permissions.
D. Access control entries (ACEs) assign a set of permissions to a principal under the NTFS file structure. A principal can either be a user account or a security group.
A security conscientious administrator wants to make authentication more secure. Which of the following would be the optimal method?
A. Device token
B. Facial recognition
C. MFA
D. UAC
C. MFA
An authentication technology is considered strong if it is multifactor. Multifactor authentication (MFA) means that the user must submit at least two different kinds of credentials.
Other options
A. Using a single factor makes authentication less reliable. A password could be shared, a device token could be stolen, or other mechanisms could become compromised or bypassed.
B. A facial recognition system is another instance of single factor authentication and could be spoofed using a photograph.
C. User Account Control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit privileges assigned to administrator accounts.
A penetration tester looks to harvest credentials from users who log in locally. Where should the penetration tester look for users who authenticated locally?
A.SAM
B.Kerberos
C.VPN
D.Web portal
A. SAM
In a Windows local sign-in, the Local Security Authority (LSA) compares the submitted credential to the one stored in the Security Accounts Manager (SAM) database, which is part of the registry. This is also referred to as interactive logon.
Othe options
B. In a Windows network sign-in, the LSA can pass the credentials for authentication to a network service. The preferred system for network authentication is based on a system called Kerberos.
C. In a remote sign-in, if the user’s device is not connected to the local network, authentication can take place over some type of virtual private network (VPN).
D. A pen tester would need access to the web server to access credentials stored to access a web portal.
Two IT friends are best friends and want to map each other’s root shares. Which of the following commands will accomplish this?
A.net view M: \BestFriend\C$
B.net view M: \BestFriend\ADMIN$
C.net use M: \BestFriend\C$
D.net use M: \BestFriend\ADMIN$
C. net use M: \BestFriend\C$
To map the root share on the computer BestFriend to the M: drive, they would use net use M: \BestFriend\C$.
Other options
A. The command net view M: \BestFriend\C$ is wrong because of “net view.” The proper command should be net use. There are several net and net use command utilities available to view and configure shared resources on a Windows network.
B. The command net view M: \BestFriend\ADMIN$ is wrong because of both “net view” and ADMIN$. The root share would be C$.
D. The command net use M: \BestFriend\ADMIN$ is wrong because of the ADMIN$ share. The root share is C$.