1 $Which Windows component is responsible for storing local user account passwords in a hashed format?$

A.

NTDS.dit

B.

Winlogon.exe

C.

pagefile.sys

D.

SAM (Security Account Manager)

2 $In the context of Windows permissions, what happens when a user has Modify allow permissions via NTFS but Read allow permissions via the Network Share?$

A.

The user can only Read files.

B.

The user has Full Control.

C.

The user is denied access completely.

D.

The user can modify files because NTFS takes precedence.

3 $Which command-line tool is primarily used to display the current TCP/IP network configuration values, including the IP address and default gateway?$

A.

netstat

B.

nslookup

C.

ipconfig

D.

tracert

4 $What is the default TCP port number used by the Remote Desktop Protocol (RDP)?$

A.

22

B.

3389

C.

443

D.

8080

5 $Which Windows feature helps prevent unauthorized changes to the operating system by prompting the user for permission or an administrator password?$

A.

Windows Firewall

B.

Windows Defender

C.

BitLocker

D.

User Account Control (UAC)

6 $In the Windows Event Viewer, which specific log would record a successful or failed user logon attempt?$

A.

Setup Log

B.

System Log

C.

Application Log

D.

Security Log

7 $Which command is used to display the active TCP connections, ports on which the computer is listening, and Ethernet statistics?$

A.

ping

B.

netstat

C.

whoami

D.

ipconfig

8 $What symbol is appended to the end of a share name to make it a 'hidden' share in Windows?$

A.

!

B.

$

C.

#

D.

%

9 $Which protocol is primarily used by Windows for file and printer sharing across a local network?$

A.

HTTP

B.

SMB (Server Message Block)

C.

SMTP

D.

FTP

10 $What is the specific Windows Event ID associated with a successful logon?$

A.

4625

B.

1102

C.

4672

D.

4624

11 $Which Sysinternals tool allows a user to execute processes on other systems, often used for remote administration?$

A.

Autoruns

B.

TCPView

C.

ProcMon

D.

PsExec

12 $If a Windows client is configured for DHCP but cannot contact the DHCP server, it assigns itself an APIPA address in which range?$

A.

B.

C.

D.

13 $Which command-line tool outputs the current user's security identifiers (SIDs) and privileges?$

A.

net user

B.

get-acl

C.

sysinfo

D.

whoami /all

14 $Which Windows administrative tool allows for the centralized management of various system components using 'snap-ins'?$

A.

Registry Editor

B.

Task Manager

C.

Control Panel

D.

MMC (Microsoft Management Console)

15 $Which file system permission allows a user to take ownership of a file or folder?$

A.

Full Control

B.

Write

C.

List Folder Contents

D.

Read

16 $What is the primary function of the Domain Name System (DNS)?$

A.

Assigning IP addresses to clients

B.

Blocking malicious network packets

C.

Resolving hostnames to IP addresses

D.

Encrypting network traffic

17 $Which command is used to modify user accounts, such as adding a new user or changing a password, via the command line?$

A.

net group

B.

net share

C.

net use

D.

net user

18 $What is the name of the built-in antivirus and anti-malware component in modern Windows operating systems?$

A.

SmartScreen

B.

Windows Defender

C.

BitLocker

D.

Windows Firewall

19 $In the context of Windows Groups, which built-in group has complete and unrestricted access to the computer?$

A.

Power Users

B.

Backup Operators

C.

Administrators

D.

Users

20 $Which command allows you to view the list of currently running processes and their Process IDs (PIDs) in the command prompt?$

A.

runlist

B.

processview

C.

ps

D.

tasklist

21 $What does the command ipconfig /flushdns do?$

A.

Restarts the DNS server service

B.

Renews the DHCP lease

C.

Resets the IP address

D.

Clears the DNS resolver cache

22 $Which file path represents the default location for the local hosts file in Windows?$

A.

C:\Windows\System32\config\hosts

B.

C:\Windows\System32\drivers\etc\hosts

C.

C:\Windows\hosts

D.

C:\Users\Default\hosts

23 $Which Authentication protocol is the default for computers in an Active Directory domain and relies on tickets?$

A.

RADIUS

B.

LDAP

C.

NTLM

D.

Kerberos

24 $What is the executable name for the Windows Group Policy Editor?$

A.

gpedit.msc

B.

services.msc

C.

secpol.msc

D.

regedit.exe

25 $When configuring the Windows Firewall, what is the difference between Inbound and Outbound rules?$

A.

Inbound rules apply to servers; Outbound rules apply to clients.

B.

There is no difference.

C.

Inbound rules control traffic leaving the PC; Outbound rules control traffic entering.

D.

Inbound rules control traffic entering the PC; Outbound rules control traffic leaving.

26 $Which command allows you to map a network share to a local drive letter (e.g., Z:)?$

A.

net map

B.

mount

C.

net share

D.

net use

27 $What is the standard port number for SMB (Server Message Block) over TCP?$

A.

445

B.

139

C.

135

D.

53

28 $Which Windows service management console command is used to open the Services window?$

A.

eventvwr

B.

compmgmt.msc

C.

services.msc

D.

taskmgr

29 $In NTFS permissions, what is the effect of the 'Deny' permission?$

A.

It takes precedence over 'Allow' permissions.

B.

It only applies if no 'Allow' permission exists.

C.

It is overridden by an 'Allow' permission.

D.

It only applies to the Guest account.

30 $Which legacy Windows protocol allows applications on separate computers to communicate over a LAN and uses 15-character names?$

A.

DNS

B.

DHCP

C.

NetBIOS

D.

Telnet

31 $Which tool can be used to view programs that run automatically when Windows starts?$

A.

Disk Management

B.

Event Viewer

C.

Task Scheduler

D.

Task Manager (Startup tab)

32 $Which command is used to force a refresh of Group Policy settings on a client machine?$

A.

sysprep

B.

gpresult /r

C.

gpupdate /force

D.

net pol update

33 $What is a Security Identifier (SID) in Windows?$

A.

The encryption key for the SAM database.

B.

The IP address of the domain controller.

C.

A unique alphanumeric character string that identifies each user, group, and computer account.

D.

The user's login password.

34 $Which registry hive usually contains the Run keys that control startup programs for the local machine?$

A.

HKEY_CLASSES_ROOT

B.

HKEY_USERS\.DEFAULT

C.

HKEY_CURRENT_CONFIG

D.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

35 $What is the purpose of the Windows Audit Policy?$

A.

To enforce password complexity rules.

B.

To automatically block suspicious IP addresses.

C.

To determine which security events are recorded in the Event Logs.

D.

To compress old log files.

36 $Which command displays detailed configuration information about a computer and its operating system, including the OS version, install date, and hotfixes?$

A.

hostname

B.

whoami

C.

systeminfo

D.

ver

37 $If you need to investigate why a scheduled task failed to run, which tool would you check first?$

A.

Windows Firewall Logs

B.

Device Manager

C.

Task Scheduler History/Logs

D.

Resource Monitor

38 $What is the executable name for the Remote Desktop Connection client?$

A.

connect.exe

B.

remote.exe

C.

rdp.exe

D.

mstsc.exe

39 $Which type of user account is best practice for performing daily, non-administrative tasks?$

A.

Standard User Account

B.

Guest Account

C.

Administrator Account

D.

System Account

40 $In the output of netstat -ano, what does the -o switch display?$

A.

The Process ID (PID)

B.

The owner of the process

C.

The off-load state

D.

The protocol used

41 $Which folder permissions inheritance setting is the default behavior in NTFS?$

A.

Files do not inherit permissions.

B.

Files inherit permissions from the root of the drive only.

C.

Files inherit permissions from the user's profile.

D.

Files inherit permissions from their parent folder.

42 $What is the loopback IP address used to test the network interface on the local host?$

A.

B.

C.

D.

43 $Which Windows tool allows you to view and modify the registry?$

A.

gpedit

B.

msconfig

C.

regedit

D.

dxdiag

44 $Which command is used to display the routing table on a Windows machine?$

A.

route print

B.

Both A and B

C.

None of the above

D.

netstat -r

45 $What happens to the NTFS permissions of a file when it is moved to a different folder on the same volume?$

A.

It retains its original permissions.

B.

It becomes read-only.

C.

All permissions are removed.

D.

It inherits the permissions of the new folder.

46 $Which net command is used to list all the shares exported by the local computer?$

A.

net share

B.

net export

C.

net view

D.

net session

47 $Which protocol uses a 'Challenge-Response' mechanism and is considered less secure than Kerberos?$

A.

NTLM (New Technology LAN Manager)

B.

TLS

C.

IPsec

D.

SSH

48 $In the Windows Firewall, which profile typically applies when connected to a public Wi-Fi hotspot?$

A.

Work Profile

B.

Public Profile

C.

Domain Profile

D.

Private Profile

49 $Which administrative tool allows you to view hardware resources, update drivers, and disable hardware components?$

A.

Device Manager

B.

Task Scheduler

C.

Disk Management

D.

ODBC Data Sources

50 $What is the purpose of the ping command?$

A.

To test reachability of a host using ICMP Echo Request.

B.

To transfer files between computers.

C.

To resolve a MAC address to an IP.

D.

To find the path taken by packets.

Unit 2 - Practice Quiz