Unit 2 - Practice Quiz

Correct Answer: SAM (Security Account Manager)

Explanation: The Security Account Manager (SAM) database stores local user accounts and security descriptors, including password hashes, located at C:\Windows\System32\config\SAM.

Correct Answer: The user can only Read files.

Explanation: When accessing files over a network, Windows checks both Share permissions and NTFS permissions and applies the most restrictive combination of the two.

Correct Answer: ipconfig

Explanation: ipconfig (Internet Protocol Configuration) is a console application that displays all current TCP/IP network configuration values.

Correct Answer: 3389

Explanation: Remote Desktop Protocol (RDP) listens on TCP port 3389 by default to accept incoming remote connection requests.

Correct Answer: User Account Control (UAC)

Explanation: User Account Control (UAC) notifies the user when programs try to make changes to the computer, requiring administrative approval to proceed.

Correct Answer: Security Log

Explanation: The Security Log contains records of login/logout activity and other security-related events, subject to the Audit Policy configuration.

Correct Answer: netstat

Explanation: netstat (Network Statistics) displays network connections for the Transmission Control Protocol, routing tables, and a number of network interface statistics.

Correct Answer: $

Explanation: Appending a , ADMIN$) hides the share from the network browser list, though it remains accessible if the exact path is known.

Correct Answer: SMB (Server Message Block)

Explanation: SMB (Server Message Block) is the primary network file sharing protocol used in Windows environments for accessing files, printers, and other resources.

Correct Answer: 4624

Explanation: Event ID 4624 indicates that a user successfully logged on to the computer. Event ID 4625 indicates a failed logon.

Correct Answer: PsExec

Explanation: PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications.

Correct Answer:

Explanation: Automatic Private IP Addressing (APIPA) assigns an IP address in the range when a DHCP server is unreachable.

Correct Answer: whoami /all

Explanation: The whoami /all command displays the current user name, security identifiers (SIDs), privileges, and group memberships.

Correct Answer: MMC (Microsoft Management Console)

Explanation: MMC provides a common framework for system management tools. Administrators can create consoles containing specific 'snap-ins' like Device Manager or Event Viewer.

Correct Answer: Full Control

Explanation: The 'Full Control' permission includes all other permissions plus the ability to change permissions and take ownership of the file or folder.

Correct Answer: Resolving hostnames to IP addresses

Explanation: DNS translates human-readable domain names (like www.example.com) into IP addresses that computers use to identify each other on the network.

Correct Answer: net user

Explanation: net user is the command used to add, remove, and make changes to user accounts on a computer.

Correct Answer: Windows Defender

Explanation: Windows Defender (Microsoft Defender Antivirus) is the built-in anti-malware component that provides real-time protection against software threats.

Correct Answer: Administrators

Explanation: The Administrators group has complete and unrestricted access to the computer/domain, allowing members to change security settings, install software, and access all files.

Correct Answer: tasklist

Explanation: tasklist displays a list of currently running processes on the local or a remote computer, including memory usage and PIDs.

Correct Answer: Clears the DNS resolver cache

Explanation: This command purges the local DNS resolver cache, which is useful for troubleshooting when a website's IP address has changed but the computer is remembering the old one.

Correct Answer: C:\Windows\System32\drivers\etc\hosts

Explanation: The hosts file, used to map hostnames to IP addresses locally before querying DNS, is located at C:\Windows\System32\drivers\etc\hosts.

Correct Answer: Kerberos

Explanation: Kerberos is the default authentication protocol for Active Directory domains. It uses a system of tickets and time-stamps to allow nodes to communicate securely.

Correct Answer: gpedit.msc

Explanation: gpedit.msc launches the Local Group Policy Editor, used to configure policy settings for the computer and users.

Correct Answer: Inbound rules control traffic entering the PC; Outbound rules control traffic leaving.

Explanation: Inbound rules filter traffic attempting to access the computer from the network, while Outbound rules filter traffic originating from the computer trying to access the network.

Correct Answer: net use

Explanation: The net use command connects a computer to or disconnects a computer from a shared resource, and displays information about computer connections.

Correct Answer: 445

Explanation: Modern SMB traffic (SMB over TCP) uses port 445. Legacy NetBIOS over TCP/IP used ports 137-139.

Correct Answer: services.msc

Explanation: services.msc opens the Services management console, where administrators can start, stop, and configure background services.

Correct Answer: It takes precedence over 'Allow' permissions.

Explanation: In the Windows permission model, an explicit 'Deny' permission overrides any 'Allow' permissions, including those inherited or explicitly granted.

Correct Answer: NetBIOS

Explanation: NetBIOS (Network Basic Input/Output System) provides services related to the session layer of the OSI model, using 15-character flat names for identification.

Correct Answer: Task Manager (Startup tab)

Explanation: The Startup tab in Task Manager lists applications configured to start automatically when the user logs in. Sysinternals Autoruns is a more advanced tool for this.

Correct Answer: gpupdate /force

Explanation: gpupdate /force commands the system to immediately update both user and computer group policy settings, rather than waiting for the automatic refresh interval.

Correct Answer: A unique alphanumeric character string that identifies each user, group, and computer account.

Explanation: A SID (e.g., S-1-5-21...) is a unique value of variable length used to identify a security principal (such as a user or group) in Windows operating systems.

Correct Answer: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Explanation: The HKLM ...\Run key is a primary location for defining programs that launch at startup for all users on the machine.

Correct Answer: To determine which security events are recorded in the Event Logs.

Explanation: Audit Policy settings determine which specific events (like logons, file access, or privilege use) are tracked and written to the Security Event Log.

Correct Answer: systeminfo

Explanation: systeminfo provides a comprehensive view of the system's hardware and software configuration, including uptime, hotfixes, and network cards.

Correct Answer: Task Scheduler History/Logs

Explanation: The Task Scheduler has its own history tab (or logs within Event Viewer) that specifically tracks the status, start time, and result codes of scheduled tasks.

Correct Answer: mstsc.exe

Explanation: mstsc.exe (Microsoft Terminal Services Client) is the executable file used to launch the Remote Desktop Connection client.

Correct Answer: Standard User Account

Explanation: Using a Standard User Account for daily tasks prevents accidental system changes and limits the impact of malware, adhering to the principle of least privilege.

Correct Answer: The Process ID (PID)

Explanation: The -o switch in netstat adds a column displaying the Process ID (PID) associated with each connection, which can be cross-referenced with tasklist.

Correct Answer: Files inherit permissions from their parent folder.

Explanation: By default, files and subfolders in NTFS inherit the permissions assigned to their parent folder to simplify administration.

Correct Answer:

Explanation: is the standard IPv4 loopback address (localhost), used to test the local network stack without sending packets to the network.

Correct Answer: regedit

Explanation: regedit (Registry Editor) is the graphical tool used to view and edit the Windows Registry.

Correct Answer: Both A and B

Explanation: Both route print and netstat -r will display the IP routing table in Windows.

Correct Answer: It retains its original permissions.

Explanation: When moving a file within the same volume, the file retains its original security descriptor (permissions). If copied, or moved to a different volume, it inherits from the destination.

Correct Answer: net share

Explanation: The net share command, when run without parameters, displays information about all the resources (folders/printers) currently shared on the local computer.

Correct Answer: NTLM (New Technology LAN Manager)

Explanation: NTLM is a legacy authentication protocol that uses a challenge-response mechanism. It is less secure than Kerberos and vulnerable to pass-the-hash attacks.

Correct Answer: Public Profile

Explanation: The Public Profile is the most restrictive firewall profile, designed for use on untrusted networks like public Wi-Fi, disabling file and printer sharing features.

Correct Answer: Device Manager

Explanation: Device Manager is a Control Panel applet that allows users to view and control the hardware attached to the computer.

Correct Answer: To test reachability of a host using ICMP Echo Request.

Explanation: ping sends ICMP Echo Request messages to verify connectivity to a target host and measures the round-trip time.