Microsoft Security

Question 1

Describe an IPv4 address

Answer 1

An IPv4 address is composed of four numbers divided by dots. Each number is called an octet. The value of each octet can be between 0 and 255.

Ex. 192.168.26.1

Question 2

What is a class A Subnet Mask, Prefix and Range?

Answer 2

Subnet mask: 255.0.0.0
Prefix:/8
Range: 1.0.0.0 to 126.255.255.255

Question 3

What is a class B Subnet Mask, Prefix and Range?

Answer 3

Subnet mask: 255.255.0.0
Prefix: /16
Range: 128.0.0.0 to 191.255.255.255

Question 4

What is a class C Subnet Mask, Prefix and Range?

Answer 4

Subnet mask: 255.255.255.0
Prefix: /24
Range: 192.0.0.0to 223.255.255.255

Question 5

Name the Private IPv4 Address ranges

Answer 5

10. 0.0.0 –10.255.255.255
11. 16.0.0 –172.31.255.255
12. 168.0.0 –192.168.255.255

Question 6

Why do we have IPv4 private addresses?

Answer 6

They are used to delay the depletion of IPv4addresses

Question 7

Can IPv4 private address be used to directly communicate over the internet?

Answer 7

No

Question 8

What is a static IP address?

Answer 8

It is a manually configures IP address

Question 9

Where are static IP addresses used?

Answer 9

Servers use static IP addresses

Question 10

Describe a Default Gateway

Answer 10

• -A gate through which data passes on its way to or from other networks
• -Can be a router, computer, or server
• -The machine used as a gateway can also serve as a firewall and proxy server.

Question 11

What is the DNS?

Answer 11

• • Used for Name-to-number (IP address) mapping

- -Typically installed on the domain controller (DC)

Question 12

What does DHCP do?

Answer 12

It dynamically assigns an IP address and other network configuration parameters

Question 13

VM Network Adapter:

–NAT mode

Answer 13

• -In NAT mode, a guest operating system on a virtual machine (VM) cannot access hosts in a physical LAN but can on the internet.
• -A guest machine will not be accessible from a host machine or from other machines in the network.
• -NAT is the default mode.

Question 14

VM Network Adapter:

–NAT Network

Answer 14

• -In NAT network mode, a guest operating system on a VM can access hosts in a physical local area network (LAN) and on the internet.
• -A guest machine will not be accessible from a host machine or from other machines in the network.
• -The VM must have a unique IP address.

Question 15

VM Network Adapter:

–Bridged Mode

Answer 15

• -In bridged mode, a VM’s virtual network adapter is connected to a physical network.
• -Packets are sent and received directly to/from the virtual network adapter without additional routing.

Question 16

VM Network Adapter:

–Internal Mode

Answer 16

• -In internal mode, VMs are connected to an isolated virtual network.
• -The VMs can communicate with each other but not with the host machine or any other host in a physical or external network.

Question 17

Windows Device Manager

Answer 17

The manager provides a view of the hardware components connected to the computer.

Question 18

Windows Event Manager

Answer 18

It is an administrative tool that displays logs and system messages regarding events that occur in the system.

Question 19

Windows Network Center

Answer 19

The center enables network interface card (NIC) configuration, including IP address assignment.

Question 20

Name types of Windows users

Answer 20

Guest, Standard, Administrator, NT Authority

Question 21

What is a domain?

Answer 21

• -Central management: One or more servers manage and control all computers and users.
• -Users are stored in a central database and can log on from any computer in the domain.

Question 22

What is a workgroup?

Answer 22

• -Default settings for Windows
• -Computers are self-managed.
• -Users are stored in a local database in each computer.

Question 23

What do domain controllers do?

Answer 23

Domain controllers (DCs) control access to resources in a domain. Servers that are domain members have resource access managed by a DC. Client authentication is managed by the DC.

Question 24

What is a guest user?

Answer 24

• -Guest users canuse the Windows system.
• -Windows doesnot recognize the guest user by name,but as guest.
• -Guest users are like standard users and can perform the same operations in the system.
• -However, guest users lack privacy.
• -For example, any changes one guest makes to the desktop can be seen by anyone else who logs into the guest account.

Question 25

What is a standard user?

Answer 25

• -Standard users are the basic accounts for normal, everyday use of a Windows system.
• -Standard users can access most of the system functions, but they cannot make any major changes to the settings. For example, standard users cannot run or install new programs.

Question 26

What is an administrator?

Answer 26

The administrator user can introduce different changes to the Windows system that will affect other users who use the system (standard users). For example, it can control which applications and programs are installed on the system.

Question 27

What is NT Authority?

Answer 27

• -This account, also known as a system account, is the most privileged account, and has unrestricted access to local system resources, such as services running on the system.
• -This user cannot be managed by other accounts.

Question 28

What utility is used to add new users and groups in CMD shell?

Answer 28

net.exe

Question 29

What is User Access Control (UAC)?

Answer 29

This feature limits the execution of applications on the system for users with insufficient privileges.

Question 30

What tis BitLocker?

Answer 30

It provides full drive encryption to prevent unauthorized access to the protected drive.

Question 31

What is Remote Desktop Protocol?

Answer 31

This protocol provides a graphical interface to connect to another desktop.
By default, the port used for RDP is 3389 over TCP or UDP; however, since the introduction of Windows 7, this protocol is turned off by default.
It also poses, in some cases, a security risk when not managed and configured properly.

Question 32

How do you enable Remote Desktop?

Answer 32

Through the Control Panel Advanced System Settings

Question 33

What is a Domain?

Answer 33

A domain provides centralized management to manage and control all computers and users within an organization. Users within a domain are stored in a central database, which allows login from any computer in the domain. In a domain, several computers can be part of different local networks.

Question 34

What is a Workgroup?

Answer 34

In a workgroup, computers are self-managed, which means no computer has control over other resources in the network like in a domain. Users within a workgroup are stored locally, so users can log in only for the computers they are registered to. All computers in a workgroup must be on the same local network or subnet.

Question 35

Domain Structure usually contains what components?

Answer 35

• -A DC Server, or Domain Controller
• -Other servers
• -Clients

Question 36

What is a Domain Controller, or DC server?

Answer 36

A domain controller is a server that is running Active Directory Domain Services (AD DS). A domain controller also runs other key components, such as LDAP services, network time service, and an authentication protocol (usually Kerberos).

Question 37

What are Active Directory Domain Services

Answer 37

AD DS manages the authentication of users and other objects on the network and enforces the defined policies of various objects within the domain. One simple example is the password policy.

Question 38

What does DNS do?

Answer 38

Provides resolution of a human-readable address (URL) into an IP address, which is used for routing

Question 39

What does DHCP do?

Answer 39

Leases IP addresses to devices that want to connect to the network.

Question 40

What is the GPMC?

Answer 40

It’s a built-in administration tool allowing administrators to manage group policies.

Question 41

What is a FS?

Answer 41

A FS provides users in a domain with storing and sharing file services.

Question 42

What is Hardening?

Answer 42

Securing a system or network

Question 43

Should LLMNR be turned off and why or why not?

Answer 43

Yes because it is a legacy system.

Question 44

Should NetBIOS be disabled and why or why not?

Answer 44

It depends on the system. NetBios is still used for a lot.

Question 45

What does the SMB do?

Answer 45

?

Question 46

What is SMB signing?

Answer 46

The SMB protocol is used to share resources over the network and is common in a
domain environment for file sharing purposes. It permits applications to request
services from server programs on a computer network and also to read from and write
to files. SMB signing provides digital signatures for SMB packets and helps avoid issues
such as tampering with packets and Man-in-the-Middle attacks. It is available on all
Windows versions since 2000 and is enabled by default on domain controllers.

Question 47

Where is account policy, such as password policy, set?

Answer 47

GPMC

Question 48

What are local policies?

Answer 48

The local security policy on a system includes information about the security on a local computer. Local polices store permissions and restrictions associated with the station.
Via local policy, one can manage the login options, allowed user actions, and other
security settings for a local machine

Question 49

Do access policies apply to Remote Desktops?

Answer 49

No, they are managed by separate policies.