Lesson 14: Managing Windows Networking Flashcards

1
Q

A user is experiencing what seems to be latency, which is affecting their ability to work. They decide to validate their theory with a ping test. What will indicate latency?

A.ARP
B.RTT
C.APIPA
D.DNS

A

B. RTT (Round-Trip Time)

If the ping is successful, it responds with the message Reply from IP Address and the time it takes for the host’s response to arrive. The millisecond (ms) measures of round-trip time (RTT) can be used to diagnose latency problems.

Other options

A. Address Resolution Protocol (ARP) is used to locate the hardware or media access control (MAC) address of the interface that owns an IP address.

C. When no DHCP server can be contacted, the adapter will either use an address from the automatic private IP addressing (APIPA) 169.254.x.y range or will use an address specified as an alternate configuration in IPv4 properties.

D. The domain name system (DNS) itself is not really useful to test latency. The RTT value should be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security manager reviews user roles and grants the minimum privileges necessary. What did the manager implement?

A.Implicit deny
B.Least privilege
C.ACL
D.Authentication

A

B. Least Privilege

Least privilege means that a user should be granted the minimum possible rights necessary to perform the job. This can be complex to apply in practice, however.

Other options

A. Implicit deny means that unless there is a rule specifying that access should be granted, any request for access is denied.

C. A permission is usually implemented as an access control list (ACL) attached to each resource. Within an ACL, each access control entry (ACE) identifies a subject and the permissions it has for the resource.

D. Authentication means that everything using the system is identified by an account and that an account can only be operated by someone who can supply the correct credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A server administrator wants to connect to a user’s computer. They are trying to get their patching numbers up and discover that users must pull the updates, so the administrator wants to push a script that forces the pull. The administrator wants to copy the file to users’ automatically hidden shares. Which of the following could the administrator use? (Select all that apply.)

A.C:\Windows$
B.C$
C.C:\Users$
D.ADMIN$

A

B. C$ and D. ADMIN$

B. In addition to any local shares created by a user, Windows automatically creates hidden administrative shares. This includes the root folder of any local drives (C$).

D. It also includes the system folder (ADMIN$). Administrative shares can only be accessed by members of the local Administrators group.

Other options

A. C:\Windows$ is not automatically created. If the administrator wanted to connect, they could first connect to C$ and then navigate to the Windows folder.

C. C:\Users$ is also not automatically created, but could also be accessed by first accessing the hidden C$ share.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A security engineer investigates legacy applications and employees that are still using them. Which of the following user groups represent a security concern?

A.Guest
B.Power users
C.Standard account
D.Local users and groups

A

B. Power Users

The power users’ group is present to support legacy applications. This approach created vulnerabilities that allowed accounts to escalate to the administrator’s group.

Other options

A. The guest user account is disabled by default. Microsoft ended support for using the Guest account to log in to Windows in a feature update.

C. A standard account is a member of the Users group. This group is generally only able to configure settings for its profile.

D. The local users and groups management console is not a user group. The console provides an interface for managing both user and group accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A server administrator’s profile is set up to copy the whole profile from a share at logon and copy the updated profile back at logoff. This allows the administrator to hop on to any of the company’s computers. What technique was set up?

A.Folder redirection
B.Home folder
C.Group policy
D.Roaming profile

A

D. Roaming Profile

Roaming profiles copies the whole profile from a share at logon and copies the updated profile back at logoff.

Other options

A. Folder redirection changes the target of a personal folder, such as the Documents folder, Pictures folder, or Start Menu folder, to a file share.

B. A home folder is a private drive mapped to a network share in which users can store personal files. The home folder location is configured via the account properties on the Profile tab using the Connect to box.

C. A roaming profile script was most likely pushed out using group policy for logon and logoff actions, but the actual setup for migrating profiles is called roaming profiles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A server administrator sets up static network configurations for servers since they do not want the IP address to change. The administrator sets up the IP address on a 24-bit subnet. What should the administrator set the subnet mask to?

A.255.255.0.0
B.255.0.0.0
C.255.255.255.0
D.0.0.0.0

A

C. 255.255.255.0

Administrators can also adjust the IP configuration via the settings app. In this dialog, they need to enter the mask as a prefix length in bits. A 255.255.255.0 mask is 24 bits.

Other Options

A. A subnet mask of 255.255.0.0 would be the subnet mask for the 16-bit wildcard mask. An example would mean the subnet is from 192.168.0.0 - 192.168.255.255.

B. A subnet mask of 255.0.0.0 would be the subnet mask for the 8-bit wildcard mask. An example would mean the subnet is from 10.0.0.0 - 10.255.255.255.

D. A subnet mask of 0.0.0.0 would be non-routable. This is usually a black hole where traffic is dropped.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A user calls into the helpdesk after receiving a recent update to their computer and now certain functions are no longer working properly. The helpdesk technician asks for their FQDN. What would be an example of the FQDN?

A.userhost.comptia.com
B.userhost
C.comptia.com
D.192.168.14.25

A

A. userhost.comptia.com

userhost.comptia.com would be an example of a fully qualified domain name (FQDN). This includes both the name of the host as well as the domain it is on.

Other options

B. userhost would only be an example of the host name. The addition of the domain makes it an FQDN.

C. comptia.com would be an example of a DNS alias. Typically, a host is also configured with the addresses of Domain Name System (DNS) servers that can resolve requests for name resources to IP addresses.

D. The 192.168.14.25 would be an example of the host’s possible IP address. An Internet Protocol (IP) addressing scheme can use either IPv4 or IPv6.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A vulnerability manager cleans up the patching program in their enterprise. After getting it back to a good state, the manager focuses efforts on hardening. They begin with a test box and want to look at open connections from services. What command should the manager use?

A.nslookup
B.tracert
C.ipconfig
D.netstat

A

D. netstat

The netstat command can be used to investigate open ports and connections on the local host. This can be used to see what ports are open on a server and whether other clients are connecting to them.

*Other options**

A. If the technician identifies or suspects a problem with name resolution, the technician can troubleshoot DNS with the nslookup command, either interactively or from the command prompt.

B. The tracert command line utility is used to trace the path a packet of information takes to get to its target.

C. Used without switches, ipconfig displays the IP address, subnet mask, and default gateway (router) for all network adapters to which TCP/IP is bound.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A desktop technician is setting up a new PC on a local network and is trying to install software as a part of the setup process. They try to access a network share via a UNC path of \fileserv01\Setup\Apps and get a message that the location cannot be reached. They ping the file server by IP and get a reply. What network configuration on the PC should be prioritized for investigation?

A.DHCP
B.DNS
C.VPN
D.NIC

A

B. DNS

Domain Name System (DNS) would be the first thing to check. If a network resource does not seem to be reachable by hostname (fileserv01) but it can be reached by pinging the IP, the PC cannot seem to resolve the host name, which could indicate a problem with DNS settings.

Other options

A. Dynamic Host Configuration Protocol (DHCP) is used to automatically assign IP addressing information to hosts that have not been configured manually. In this case the PC has an IP address, as it is able to ping another resource.

C. A Virtual Private Network (VPN) is a secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet). This is unlikely to be the issue, as the PC is being set up on a local network and not a remote site.

D. Network Interface Card (NIC) is an adapter card that provides one or more Ethernet ports for connecting hosts to a network so that they can exchange data over a link. This seems to be working, as the PC is able to ping another network resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A support technician receives a call from a user who cannot seem to access a department share at \fileserv01\ShareDrive. The user also explains that they can somehow reach the share via the IP at \192.168.8.20\ShareDrive. Which of the following should the technician check first?

A.DNS
B.RTT
C.Firewall
D.APIPA

A

A. DNS

If a service such as domain name system (DNS) is not working, users will be able to connect to servers by IP address but not by name.

Other options

B. If a ping is successful, it responds with the message Reply from IP Address and the time it takes for the host’s response to arrive. The millisecond (ms) measures of round-trip time (RTT) can be used to diagnose latency problems.

C. A firewall or other security software or hardware might be blocking the connection or proxy settings might be misconfigured. However, if the IP is working, then it is most likely DNS.

D. When no DHCP server can be contacted, the adapter will most likely use an address from the automatic IP addressing (APIPA) 169.254.x.y range.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A Windows administrator wants to divide a domain up into different administrative realms to delegate responsibility for administering company departments. What should the administrator use to do this?

A.Security groups
B.Member server
C.Group policy
D.OU

A

D. OU

An organizational unit (OU) is a way of dividing a domain up into different administrative realms. Administrators might create OUs to delegate responsibility for administering company departments or locations.

Other options

A. A domain supports the use of security groups to assign permissions more easily and robustly. User accounts are given membership of security groups to assign them permissions on the network.

B. A member server is any server-based system that has been joined to the domain but does not maintain a copy of the Active Directory database.

C. A domain group policy configures computer settings and user profile settings. Some settings are exposed through standard objects and folders, such as Security Settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A user calls in to support, complaining that they can not seem to reach anything on the network. The user was able to receive an IP address of 169.254.15.83 though. What is most likely the problem?

A.No internet access.
B.The computer does not receive a DNS entry.
C.It cannot find the wireless SSID.
D.No DHCP server found.

A

D. No DHCP server found

When no Dynamic Host Configuration Protocol (DHCP) server can be contacted, the adapter will either use an address from the automatic IP addressing (APIPA) 169.254.x.y range or will use an address specified as an alternate configuration in IPv4 properties.

Other options

A. Receiving a 169.254 automatic private IP address (APIPA) does not necessarily mean that there is no internet access. It could mean that the DHCP reservations are full or that a DHCP server cannot be found.

B. An APIPA is not associated with a domain name system (DNS) entry. DNS entries are usually created when the computer is joined to a domain though.

C. The scenario does not specify if the user is connecting wirelessly or through a wired connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An administrator sets up a network share for the marketing team to collaborate. The requirement is to protect the files from a user who has local access to the computer that hosts the shared resource. What type of permission should the administrator set up?

A.NTFS
B.Share-level
C.FAT32
D.ACE

A

A. NFTS

New Technology File System (NTFS) permissions are applied for both network and local access and can be applied to folders and to individual files.

Other options

B. Share-level permissions only apply when a folder is accessed over a network connection. They offer no protection against a user who is logged on locally to the computer hosting the shared resource.

C. The FAT32 file system does not support permissions. Many cameras or other similar devices use storage with FAT32, but it does not support permissions.

D. Access control entries (ACEs) assign a set of permissions to a principal under the NTFS file structure. A principal can either be a user account or a security group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security conscientious administrator wants to make authentication more secure. Which of the following would be the optimal method?

A. Device token
B. Facial recognition
C. MFA
D. UAC

A

C. MFA

An authentication technology is considered strong if it is multifactor. Multifactor authentication (MFA) means that the user must submit at least two different kinds of credentials.

Other options

A. Using a single factor makes authentication less reliable. A password could be shared, a device token could be stolen, or other mechanisms could become compromised or bypassed.

B. A facial recognition system is another instance of single factor authentication and could be spoofed using a photograph.

C. User Account Control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit privileges assigned to administrator accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A penetration tester looks to harvest credentials from users who log in locally. Where should the penetration tester look for users who authenticated locally?

A.SAM
B.Kerberos
C.VPN
D.Web portal

A

A. SAM

In a Windows local sign-in, the Local Security Authority (LSA) compares the submitted credential to the one stored in the Security Accounts Manager (SAM) database, which is part of the registry. This is also referred to as interactive logon.

Othe options

B. In a Windows network sign-in, the LSA can pass the credentials for authentication to a network service. The preferred system for network authentication is based on a system called Kerberos.

C. In a remote sign-in, if the user’s device is not connected to the local network, authentication can take place over some type of virtual private network (VPN).

D. A pen tester would need access to the web server to access credentials stored to access a web portal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Two IT friends are best friends and want to map each other’s root shares. Which of the following commands will accomplish this?

A.net view M: \BestFriend\C$
B.net view M: \BestFriend\ADMIN$
C.net use M: \BestFriend\C$
D.net use M: \BestFriend\ADMIN$

A

C. net use M: \BestFriend\C$

To map the root share on the computer BestFriend to the M: drive, they would use net use M: \BestFriend\C$.

Other options

A. The command net view M: \BestFriend\C$ is wrong because of “net view.” The proper command should be net use. There are several net and net use command utilities available to view and configure shared resources on a Windows network.

B. The command net view M: \BestFriend\ADMIN$ is wrong because of both “net view” and ADMIN$. The root share would be C$.

D. The command net use M: \BestFriend\ADMIN$ is wrong because of the ADMIN$ share. The root share is C$.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A network administrator responds to users calling in about a slow network. Which command should the administrator use to diagnose the chokepoint?

A.ipconfig
B.hostname
C.pathping
D.msconfig

A

C. pathping

The pathping command performs a trace and then pings each hop router a given number of times for a given period to determine the round-trip time (RTT) and measure link latency more accurately.

Other options

A. The ipconfig command displays the IP address, subnet mask, and default gateway (router) for all network adapters to which TCP/IP is bound.

B. The hostname command returns the name configured on the local machine. If the machine is configured as a server, client machines will need to use the hostname to access shared folders and printers.

D. Use the System Configuration Utility (msconfig) or Task Manager to prevent unnecessary services and programs from running at startup.

18
Q

A server administrator wants to connect to a user’s computer and push a file through Server Message Block (SMB). How should the administrator connect to the computer?

A.\userhost\C$
B.userhost
C.comptia.com
D.192.168.14.25

A

A. \userhost\C$

To connect to a computer via SMB, the administrator should use \userhost\C$.

Other options

B. userhost would only be an example of the host name. The addition of the domain makes it an FQDN.

C. comptia.com would be an example of a DNS alias. Typically, a host is also configured with the addresses of Domain Name System (DNS) servers that can resolve requests for name resources to IP addresses.

D. The 192.168.14.25 would be an example of the host’s possible IP address. An Internet Protocol (IP) addressing scheme can use either IPv4 or IPv6.

19
Q

A PC user is looking at the wireless card adapter properties on their Windows computer. Which of the following is the most important setting to verify in order to ensure the PC is capable of connecting to an existing network?

A.Power transmission
B.SSID
C.Automatic connection
D.Protocol support

A

D. Protocol Support

Wi-Fi properties for the adapter are configured via Device Manager. The most important setting on a wireless card is support for the 802.11 standards supported by the access point.

Other options

A. Users can adjust parameters such as roaming aggressiveness and transmit power to address connection issues.

B. If the access point is set to broadcast the network name or service set ID (SSID), then the network will appear in the list of available networks. Otherwise, it will have to be manually entered.

C. To connect, select the network, and then enter the required credentials. If users choose the Connect automatically option, Windows will use the network without prompting whenever it is in range.

20
Q

A transportation company outfits its mobile units with devices that will enable them to analyze routes, patterns, and create efficiencies. The devices will connect to their cloud servers through a 4G WWAN. What will the company need to ensure the devices connect to the cloud resources?

A.VPN
B.SIM
C.NLA
D.Link-layer Topology Discovery

A

B SIM

For GSM and 4G or 5G services, the adapter must also be fitted with a subscriber identity module (SIM) card issued by the network provider. The bandwidth depends on the technologies supported by the adapter and by the local cell tower (3G, 4G, or 5G, for instance).

Other options

A. A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network.

C. When a user connects to a new network, the Windows Network Location Awareness (NLA) service prompts the user to set the network type.

D. In Windows settings, the Link-layer Topology Discovery protocol provides network mapping and discovery functions for networks without dedicated name servers.

21
Q

You are assisting a user with configuring a static IP address. The user has entered the following configuration values and now cannot access the Internet. Is there a configuration issue or a different problem?

IP: 192.168.1.1
Mask: 255.255.255.0
Gateway: 192.168.1.0
DNS: 192.168.1.0

A

There is a configuration problem.

192.168.1.0 is not a host address. With the subnet mask 255.255.255.0, it identifies the network range as 192.168.1.0/24. The gateway is usually configured as the first available host address in this range: 192.168.1.1. The DNS server should also be set to 192.168.1.1.

22
Q

You are assisting another user who is trying to configure a static IP on a Windows workstation. The user says that 255.255.255.0 is not being accepted in the prefix length box. Should the user open a different dialog to complete the configuration or enter a different value?

A

The Network & Interface settings Edit IP settings dialog can be used.

255.255.255.0 is the subnet mask in dotted decimal format. The dialog just requires the number of mask bits. Each “255” in a dotted decimal mask represents 8 bits, so the user should enter 24.

23
Q

You are supporting a user who has just replaced a wireless router. The user has joined the new wireless network successfully but can no longer find other computers on the network. What should you check first?

A

Use Network & Internet to check the network profile type.

When the network changed, the user probably selected the wrong option at the prompt to allow the PC to be discoverable, and the profile is probably set to Public. Change the type Private.

24
Q

True or false? Windows Defender Firewall cannot be disabled.

A

False

It is not usually a good idea to do so, but it can be disabled via Security Center or the Control Panel applet.

25
Q

You need to set up a VPN connection on a user’s Windows laptop. The VPN type is IKEv2. What other information, if any, do you need to configure the connection?

A

You must also input the fully qualified domain name (FQDN) or IP address of the remote access VPN server

26
Q

A DHCP server has been reconfigured to use a new network address scheme following a network problem. What command would you use to refresh the IP configuration on Windows client workstations?

A

ipconfig /renew

27
Q

A computer cannot connect to the network. The machine is configured to obtain a TCP/IP configuration automatically. You use ipconfig to determine the IP address and it returns 0.0.0.0. What does this tell you?

A

This is an irregular state for a Windows PC. If a DHCP server cannot be contacted, the machine should default to using an APIPA address (169.254.x.y). As it has not done this, something is wrong with the networking software installed on the machine. The best option is probably to perform a network reset via the Settings > Network & Internet > Status page.

28
Q

You are pinging a host at 192.168.0.99 from a host at 192.168.0.200. The response is “Reply from 192.168.0.200: Destination host unreachable.” The hosts use the subnet mask 255.255.255.0. Does the ping output indicate a problem with the default gateway?

A

No. The hosts are on the same IP network (192.168.0.0/24)

This means that 192.168.0.200 does not try to use a router (the gateway) to send the probes. 192.168.0.200 uses address resolution protocol (ARP) to find the host with the IP 192.168.0.99. The host unreachable message indicates that there was no response, but the problem will be an issue such as the host being disconnected from the network or configured to block discovery rather than a gateway issue.

29
Q

You are checking that a remote Windows workstation will be able to dial into a web conference with good quality audio/video. What is the best tool to use to measure latency between the workstation’s network and the web conferencing server?

A

Pathping measures latency over a longer period and so will return a more accurate measurement than the individual round trip time (RTT) values returned by ping or tracert.

30
Q

While you are assigning privileges to the accounting department in your organization, Cindy, a human resource administrative assistant, insists that she needs access to the employee records database so that she can fulfill change of address requests from employees. After checking with her manager and referring to the organization’s access control security policy, you discover that Cindy’s job role does not fall into the authorized category for access to that database. What security concept are you practicing in this scenario?

A

The principle of least privilege

31
Q

Which three principal user security groups are created when Windows is installed?

A

Users, Administrators, and Guests.

You might also include Power Users, though use of this group is deprecated. Going beyond the account types listed in the exam objectives, you might include groups such as Remote Desktop Users, Remote Management Users, or Backup Operators. There are also system groups, such as Everyone, but users cannot be assigned manually to these.

32
Q

What tool would you use to add a user to a local security group?

A

You can change the account type between Standard and Administrator via Control Panel, but the Local Users and Groups management console is the tool to use for a custom security group

You could also use the net local group command.

33
Q

What are the requirements for configuring fingerprint authentication via Windows Hello?

A

The computer must have a fingerprint reader and a trusted platform module (TPM). Windows Hello must first be configured with a personal identification number (PIN) as a backup method.

34
Q

True or false? If you want the same policy to apply to a number of computers within a domain, you could add the computers to the same Organizational Unit (OU) and apply the policy to the OU.

A

True.

35
Q

You are writing a tech note to guide new technicians on operational procedures for working with Active Directory. As part of this note, what is the difference between the gpupdate and gpresult commands?

A

gpupdate is used to refresh local policy settings with updates or changes from the policy template

gpresult is used to identify the Resultant Set of Policies (RSoP) for a given computer and/or user account.

36
Q

Angel brought in the new tablet he just purchased and tried to connect to the corporate network. He knows the SSID of the wireless network and the password used to access the wireless network. He was denied access, and a warning message was displayed that he must contact the IT Department immediately. What happened, and why did he receive the message?

A

Mobile device management (MDM) is being used to mediate network access. The device must be enrolled with the MDM software before it can join the network.

37
Q

What are the prerequisites for joining a computer to a domain?

A

The computer must be running a supported edition of Windows (Pro, Enterprise, or Education)

The PC must be configured with an appropriate IP address and have access to the domain DNS servers. An account with domain administrative credentials must be used to authorize the join operation.

38
Q

You receive a call from a user trying to save a file and receiving an “Access Denied” error. Assuming a normal configuration with no underlying file corruption, encryption, or malware issue, what is the cause and what do you suggest?

A

**The user does not have “Write” or “Modify” permission to that folder.

If there is no configuration issue, you should advise the user about the storage locations permitted for user-generated files. If there were a configuration issue, you would investigate why the user had not been granted the correct permissions for the target folder.

39
Q

What is the significance of a $ symbol at the end of a share name?

A

The share is hidden from the file browse

It can be accessed by typing a UNC. The default administrative shares are all configured as hidden.

40
Q

When you set NTFS permissions on a folder, what happens to the files and subfolders by default?

A

They inherit the parent folder’s permissions

41
Q

If a user obtains Read permissions from a share and Deny Write from NTFS permissions, can the user view files in the folder over the network?

A

Yes (but he or she cannot create files)

42
Q

A user is assigned Read NTFS permissions to a resource via his user account and Full Control via membership of a group. What effective NTFS permissions does the user have for the resource?

A

Full control—the most effective permissions are applied