1 $Which Windows component is responsible for storing local user account passwords in a hashed format?$

A.

Winlogon.exe

B.

NTDS.dit

C.

SAM (Security Account Manager)

D.

pagefile.sys

2 $In the context of Windows permissions, what happens when a user has Modify allow permissions via NTFS but Read allow permissions via the Network Share?$

A.

The user can modify files because NTFS takes precedence.

B.

The user is denied access completely.

C.

The user can only Read files.

D.

The user has Full Control.

3 $Which command-line tool is primarily used to display the current TCP/IP network configuration values, including the IP address and default gateway?$

A.

nslookup

B.

ipconfig

C.

tracert

D.

netstat

4 $What is the default TCP port number used by the Remote Desktop Protocol (RDP)?$

A.

443

B.

22

C.

3389

D.

8080

5 $Which Windows feature helps prevent unauthorized changes to the operating system by prompting the user for permission or an administrator password?$

A.

Windows Defender

B.

User Account Control (UAC)

C.

BitLocker

D.

Windows Firewall

6 $In the Windows Event Viewer, which specific log would record a successful or failed user logon attempt?$

A.

Setup Log

B.

System Log

C.

Application Log

D.

Security Log

7 $Which command is used to display the active TCP connections, ports on which the computer is listening, and Ethernet statistics?$

A.

whoami

B.

ping

C.

netstat

D.

ipconfig

8 $What symbol is appended to the end of a share name to make it a 'hidden' share in Windows?$

A.

#

B.

!

C.

$

D.

%

9 $Which protocol is primarily used by Windows for file and printer sharing across a local network?$

A.

HTTP

B.

SMB (Server Message Block)

C.

FTP

D.

SMTP

10 $What is the specific Windows Event ID associated with a successful logon?$

A.

4624

B.

4625

C.

1102

D.

4672

11 $Which Sysinternals tool allows a user to execute processes on other systems, often used for remote administration?$

A.

ProcMon

B.

Autoruns

C.

TCPView

D.

PsExec

12 $If a Windows client is configured for DHCP but cannot contact the DHCP server, it assigns itself an APIPA address in which range?$

A.

B.

C.

D.

13 $Which command-line tool outputs the current user's security identifiers (SIDs) and privileges?$

A.

net user

B.

sysinfo

C.

whoami /all

D.

get-acl

14 $Which Windows administrative tool allows for the centralized management of various system components using 'snap-ins'?$

A.

MMC (Microsoft Management Console)

B.

Registry Editor

C.

Task Manager

D.

Control Panel

15 $Which file system permission allows a user to take ownership of a file or folder?$

A.

List Folder Contents

B.

Read

C.

Write

D.

Full Control

16 $What is the primary function of the Domain Name System (DNS)?$

A.

Resolving hostnames to IP addresses

B.

Encrypting network traffic

C.

Assigning IP addresses to clients

D.

Blocking malicious network packets

17 $Which command is used to modify user accounts, such as adding a new user or changing a password, via the command line?$

A.

net use

B.

net share

C.

net group

D.

net user

18 $What is the name of the built-in antivirus and anti-malware component in modern Windows operating systems?$

A.

BitLocker

B.

Windows Firewall

C.

Windows Defender

D.

SmartScreen

19 $In the context of Windows Groups, which built-in group has complete and unrestricted access to the computer?$

A.

Administrators

B.

Backup Operators

C.

Power Users

D.

Users

20 $Which command allows you to view the list of currently running processes and their Process IDs (PIDs) in the command prompt?$

A.

ps

B.

runlist

C.

tasklist

D.

processview

21 $What does the command ipconfig /flushdns do?$

A.

Resets the IP address

B.

Renews the DHCP lease

C.

Clears the DNS resolver cache

D.

Restarts the DNS server service

22 $Which file path represents the default location for the local hosts file in Windows?$

A.

C:\Windows\System32\drivers\etc\hosts

B.

C:\Windows\System32\config\hosts

C.

C:\Users\Default\hosts

D.

C:\Windows\hosts

23 $Which Authentication protocol is the default for computers in an Active Directory domain and relies on tickets?$

A.

NTLM

B.

RADIUS

C.

LDAP

D.

Kerberos

24 $What is the executable name for the Windows Group Policy Editor?$

A.

secpol.msc

B.

regedit.exe

C.

gpedit.msc

D.

services.msc

25 $When configuring the Windows Firewall, what is the difference between Inbound and Outbound rules?$

A.

There is no difference.

B.

Inbound rules apply to servers; Outbound rules apply to clients.

C.

Inbound rules control traffic entering the PC; Outbound rules control traffic leaving.

D.

Inbound rules control traffic leaving the PC; Outbound rules control traffic entering.

26 $Which command allows you to map a network share to a local drive letter (e.g., Z:)?$

A.

net use

B.

net share

C.

mount

D.

net map

27 $What is the standard port number for SMB (Server Message Block) over TCP?$

A.

139

B.

445

C.

53

D.

135

28 $Which Windows service management console command is used to open the Services window?$

A.

services.msc

B.

eventvwr

C.

taskmgr

D.

compmgmt.msc

29 $In NTFS permissions, what is the effect of the 'Deny' permission?$

A.

It only applies if no 'Allow' permission exists.

B.

It only applies to the Guest account.

C.

It is overridden by an 'Allow' permission.

D.

It takes precedence over 'Allow' permissions.

30 $Which legacy Windows protocol allows applications on separate computers to communicate over a LAN and uses 15-character names?$

A.

DNS

B.

Telnet

C.

DHCP

D.

NetBIOS

31 $Which tool can be used to view programs that run automatically when Windows starts?$

A.

Disk Management

B.

Task Scheduler

C.

Task Manager (Startup tab)

D.

Event Viewer

32 $Which command is used to force a refresh of Group Policy settings on a client machine?$

A.

gpresult /r

B.

sysprep

C.

net pol update

D.

gpupdate /force

33 $What is a Security Identifier (SID) in Windows?$

A.

A unique alphanumeric character string that identifies each user, group, and computer account.

B.

The IP address of the domain controller.

C.

The encryption key for the SAM database.

D.

The user's login password.

34 $Which registry hive usually contains the Run keys that control startup programs for the local machine?$

A.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

B.

HKEY_CURRENT_CONFIG

C.

HKEY_CLASSES_ROOT

D.

HKEY_USERS\.DEFAULT

35 $What is the purpose of the Windows Audit Policy?$

A.

To automatically block suspicious IP addresses.

B.

To enforce password complexity rules.

C.

To determine which security events are recorded in the Event Logs.

D.

To compress old log files.

36 $Which command displays detailed configuration information about a computer and its operating system, including the OS version, install date, and hotfixes?$

A.

hostname

B.

systeminfo

C.

ver

D.

whoami

37 $If you need to investigate why a scheduled task failed to run, which tool would you check first?$

A.

Windows Firewall Logs

B.

Resource Monitor

C.

Task Scheduler History/Logs

D.

Device Manager

38 $What is the executable name for the Remote Desktop Connection client?$

A.

remote.exe

B.

mstsc.exe

C.

connect.exe

D.

rdp.exe

39 $Which type of user account is best practice for performing daily, non-administrative tasks?$

A.

Guest Account

B.

System Account

C.

Administrator Account

D.

Standard User Account

40 $In the output of netstat -ano, what does the -o switch display?$

A.

The Process ID (PID)

B.

The owner of the process

C.

The protocol used

D.

The off-load state

41 $Which folder permissions inheritance setting is the default behavior in NTFS?$

A.

Files inherit permissions from the user's profile.

B.

Files inherit permissions from the root of the drive only.

C.

Files inherit permissions from their parent folder.

D.

Files do not inherit permissions.

42 $What is the loopback IP address used to test the network interface on the local host?$

A.

B.

C.

D.

43 $Which Windows tool allows you to view and modify the registry?$

A.

msconfig

B.

regedit

C.

gpedit

D.

dxdiag

44 $Which command is used to display the routing table on a Windows machine?$

A.

netstat -r

B.

Both A and B

C.

route print

D.

None of the above

45 $What happens to the NTFS permissions of a file when it is moved to a different folder on the same volume?$

A.

All permissions are removed.

B.

It retains its original permissions.

C.

It inherits the permissions of the new folder.

D.

It becomes read-only.

46 $Which net command is used to list all the shares exported by the local computer?$

A.

net session

B.

net share

C.

net export

D.

net view

47 $Which protocol uses a 'Challenge-Response' mechanism and is considered less secure than Kerberos?$

A.

IPsec

B.

NTLM (New Technology LAN Manager)

C.

SSH

D.

TLS

48 $In the Windows Firewall, which profile typically applies when connected to a public Wi-Fi hotspot?$

A.

Public Profile

B.

Private Profile

C.

Domain Profile

D.

Work Profile

49 $Which administrative tool allows you to view hardware resources, update drivers, and disable hardware components?$

A.

Device Manager

B.

Disk Management

C.

ODBC Data Sources

D.

Task Scheduler

50 $What is the purpose of the ping command?$

A.

To resolve a MAC address to an IP.

B.

To transfer files between computers.

C.

To test reachability of a host using ICMP Echo Request.

D.

To find the path taken by packets.

Unit 2 - Practice Quiz