Windows Networking

Question 1

RPC

Answer 1

Remote Procedure Call

Question 2

Will RPC work cross networks?

Answer 2

It can if not configured to be blocked

Question 3

Mailslots

Answer 3

One-way Interprocess Communication
Implemented in Kernel32.dll and msfs.sys
Acts as a file kept in memory
Useful for a single process sending broadcases to multiple processes
Max single message size of 424 bytes

Question 4

RPC - Description

Answer 4

Applications load a DLL containing stub procedures for remote functions
The stub then calls RPC run-time procedures to locate where the remote procedure resides
The stub negotiates a transport mechanism
It then calls the procedure on the remote system with the parmeters
Reverse happens to return data

Question 5

SMB

Answer 5

Server Message Block

Question 6

CIFS

Answer 6

Common Internet File System

Question 7

SMB - Description

Answer 7

Primary remote file-access protocol on Windows Clients and Servers

Question 8

CIFS v1

Answer 8

cleartext

Question 9

CIFS v2

Answer 9

Encrypted

Question 10

CIFS v3

Answer 10

Encrypted with AES

Question 11

SMB/CIFS CMD command

Answer 11

nbtstat

Question 12

NetBIOS

Answer 12

Network Basic Input/Output System

Question 13

RDN

Answer 13

Relative Distinguished Name

Question 14

SMB Port

Answer 14

445

Question 15

NetBIOS Ports

Answer 15

137-139

Question 16

Port 139

Answer 16

SMB over NetBIOS

Question 17

Port 137

Answer 17

NetBIOS Naming Service

Question 18

Port 138

Answer 18

NetBIOS Datagram Service

Question 19

SRM

Answer 19

Security Reference Monitor

Question 20

ntoskrnl

Answer 20

Security Reference Monitor Kernel Mode

Question 21

LSASS

Answer 21

Local Security Authority Subsystem

Question 22

SAM

Answer 22

Security Accounts Manager

Question 23

SAM database registry path

Answer 23

HKLM\SAM

Question 24

Winlogon

Answer 24

Interactive Logon Service

Question 25

CP

Answer 25

Credential Providers

Question 26

Netlogon

Answer 26

Network Logon Service

Question 27

Kernel Security Device Driver

Answer 27

KSecDD

Question 28

Security Reference Monitor (SRM): Kernel Mode (ntoskrnl) Description

Answer 28

defines access token structure, performs object security access checks, generate security audit messages

Question 29

Local Security Authority Subsystem (LSASS): User-mode (lsass.exe) description

Answer 29

local system security policy, user authentication, sending security audit messages to Event Log. Loads Local Security Authority service (LSA, lsasrv.dll)

Question 30

LSASS policy database

Answer 30

registry area under HKLM\Security that stores security policy settings

Question 31

Security Accounts Manager (SAM): Loaded in LSASS (samsrv.dll) description

Answer 31

manages users and groups on local machine

Question 32

SAM database: HKLM\SAM description

Answer 32

local users and groups along with passwords (encrypted)

Question 33

Active Directory: Loaded in LSASS (ntdsa.dll) description

Answer 33

Contains a database with information about domain objects

Question 34

Authentication Packages description

Answer 34

DLLs that run through LSASS that verify user account credentials and respond to LSASS which generates a token

Question 35

Interactive Logon Mangaer (Winlogon): Winlogon.exe - description

Answer 35

Grabs secure attention sequence (SAS), manages interactive logon, creates first process

Question 36

Logon User Interface (LogonUI): LogonUI.exe - description

Answer 36

Provides user interface to authenticate to system

Question 37

Credential Providers (CP): COM objects running inside LogonUI - Description

Answer 37

Obtains different logon credentials, smartcard, user/pass, biometrics

Question 38

Network Logon Service (Netlogon): (Netlogon.dd) - Description

Answer 38

Secures channel to domain controller passes logon

Question 39

Kernel Security Device Driver (KSecDD): (Ksecdd.sys) - description

Answer 39

implements Advanced Local Procedure CAll (ALPC) interfaces which kernel components user to communicated with user-mode LSASS

Question 40

AppLocker: Driver (AppId.sys) Service (AppIdSvc.dll) - Description

Answer 40

Specifies which files, DLLs, scripts can be run by whom

Question 41

When does the machine Security Indentifier (SID) get generated

Answer 41

At Install

Question 42

SIDs are issued to what?

Answer 42

User Accounts, Groups, Domains, and Services

Question 43

SID-500

Answer 43

Admin Account

Question 44

SID-501

Answer 44

Guest Account

Question 45

User Accounts SIDs start where?

Answer 45

1000

Question 46

Where do you find the RID

Answer 46

Appended to the end of the SID

Question 47

How are local account SIDs generated

Answer 47

The Local Machine SID appended with a RID

Question 48

How are fomain account SIDs generated

Answer 48

The Active Directory SID appended with a RID

Question 49

Local logon uses what to verify username/password credentials by default

Answer 49

LAN Manager (LM) (msv1_0.dll),
Includes LM, NTLM, and NTLMv2 hashing methods

Question 50

Domain logon uses what protocol for authentication by default

Answer 50

Kerberos (kerberos.dll) Port 88

Question 51

As of Windows Vista, what is used to add extensible logon methods?

Answer 51

Credential Providers

Question 52

Active Directory Schema

Answer 52

defines objects that can be stored in Active Directory. Is a list of definitions that determine the kinds of objects and types of information about those objects can be stored in Active Directory.
Objects can be administered in the same manner as the rest of the objects in AD.

Question 53

Active Directory Schema 2 Object Types

Answer 53

Class object (schema class)
Attribute object (schema attribute)

Question 54

Global Catalog - description

Answer 54

The AD Domain relies on a global catalog database which contains a global listing of all objects in the forest.

Question 55

Global Catalog is held on DCs configured as what?

Answer 55

global catalog servers

Question 56

Global Catalog contains what subset of information?

Answer 56

User’s First and Last name

Distinguished name of the object so your client can contact the proper domain controller if you need more information

Question 57

Distinguished Name

Answer 57

The full address of an object in the directory

Question 58

AD Feature - Centralized Data Storage

Answer 58

All data in AD resides in a single, distributed data repository, allowing users easy access to the information from any location.
A single distributed data store requires less administration and duplication and improves the availability and organization of the data.

Question 59

AD Features - Scalability

Answer 59

AD enables you to scale the directory to meet business and network requirements through the configuration of domains and tress and the placement of domain controllers
AD allows millions of objects per domain and uses indexing technology and advanced replication techniques to speed performance.

Question 60

AD Features - Extensibility

Answer 60

The structure of the AD database (the schema) can be expanded to allow customized types of information

Question 61

AD Features - Manageability

Answer 61

Based on hierarchical organizational structures.
These organizational structures make it easier to control administrative privileges and other security settings, and to make it easier to locate network resources, such as files and printers.

Question 62

AD Features - Integration with DNS

Answer 62

AD uses DNS, an internet standard service that translates easily readable host names to numeric Internet Protocol (IP) addresses
Although separate and implemented differntly for different purposes, AD and DNS have the same hierarchical structure.
AD clients use DNS to locate domain controllers.
Primary DNS zones are stored in AD, enabling replication to other AD Domain Controllers.

Question 63

AD Features - Client Configuration Management

Answer 63

AD provides new technologies for managing client configuration issues, such as user mobility and hard disk failures, with a minimum of administration and user downtime.

Question 64

AD Features - Policy-Based Administration

Answer 64

In AD, policies are used to define the permitted actions and settings for user and computers across a given domain, or organizational unit.
Policy-based management simplifies tasks such as operating system updates, application installation, user profiles, and desktop-system lock down.

Question 65

AD Features - Replication of Information

Answer 65

AD provides multi-master replication technology to ensure information availability, fault tolerance, load balancing, and other performance benefits.
Multi-Master replication allows you to update the directory at any domain controller and replicates directory changes to any other domain controller.
Because multiple domain controllers are employed, replication continues, even if any single domain controller stops working.

Question 66

AD Features - Flexible, Secure Authentication and Authorization

Answer 66

AD authentication and authorization services provide protection for data while minimizing barriers to doing business over the internet.
AD supports multiple authentication protocols, such as Kerberos version 5 protocol, Secure Sockets Layer (SSL) version 3, and Transport Layer Security (TLS) using x.509 version 3 certificates.
AD provides security groups that span domains.

Question 67

Domains

Answer 67

A domain is a collection of computers and their associated security groups that are managed as a single entity.
The domain is the core unit of logical structure in Active Directory It can be used to store millions of objects (these objects are considered vital to the network)
Microsoft recommends:
using as few domains as possible
relying on Organizational Units (OUs) for structure
Domains can contain multiple nested OUs.

Question 68

Organizational Units

Answer 68

An Organizational Unit (OU) is a container which gives a domain hierarchy and structure.
It is used for ease of administration and to create an AD structure in the company’s geographic or organizational terms.
An OU can contain OUs, allowing for the creating of a multi-level structure

Question 69

Trees

Answer 69

A tree is a grouping or hierarchical arrangement of one or more domains.
Trees are created by adding one or child domains to a parent domain.
In a tree, all domains share the same contiguous namespace and naming structure.
By adding domains to a tree, you can retain the security configuration through the tree (domain), and allow for administration to be delegated to a single OU or a single domain.
The tree structure easily accommodates organizational changes.

Question 70

Forest

Answer 70

Are at the top of the Active Directory Structure.
A forest holds all objects, organizational units (OUs), domains, and attributes in its hierarchy
A forest is a grouping or hierarchical arrangement of one or more separate, completely independent domain trees.
Under a forest are one or more trees which hold domains, OUs, objects, and attributes.
Forests have the following characteristics:
All domains in a forest share a common schema.
All domains in a forest share a common global catalog.
All domains in a forest are linked by implicit two-way transitive trust.
Trees in a forest have different naming structures, according to their domains.
Domains in a forest operate independently, but the forest enables communication across the entire organization.

Question 71

Sites

Answer 71

An Active Directory site object represents a collection of IP subnets, usually constituting a physical Local Area Network (LAN).
Multiple sites are connected for replication by site links.

Typically, sites are used for:
Physical Location Determination: Enables clients to find local resources such as printers, shares, or domain controllers.
Replication: You can optimize replication between domain controllers by creating links.

By default, Active Directory uses automatic site coverage, though you can purposefully setup sites and resources.

Question 72

AD Structure - Domain Controllers

Answer 72

In Active Directory, You have multiple Domain Controllers which are equal peers.
Each DC in the Active Directory domain contains a copy of the AD database and synchronizes changes with all other DCs by multi-master replication.
Replication occurs frequently and on a pull basis instead of a push one.
A server requests updates from a fellow domain controller.
If information on one DC changes (e.g. a user changes their password), it sends signal to the other domain controllers to begin a pull replication of the data to ensure they are all up to date.
Servers not serving as DCs, but in the Active Directory domain, are called ‘member servers.’
Active Directory requires at least one Domain Controller, but you can install as many as you want (and it’s recommended you install at least two domain controllers in case one fails).

Question 73

DSADD

Answer 73

Add specific types of objects to the directory

Question 74

DSGET

Answer 74

display the selected properties of a specific object in the directory

Question 75

DSMOD

Answer 75

modify existing objects in the directory

Question 76

DSQUERY

Answer 76

query the directory according to specific criteria

Question 77

Describe GPO

Answer 77

GPO is divided into two major Nodes types, User and Computer. Computer node object relate to policies that affect the computer system, ie. startup scripts, firewall configuration, Name Resolution Policy. User nodes relate to user policies and are relevant to only the currently logged on user.