ITI-108 unit 4 (chapter 17 & 19)
Remote Desktop Connection (RDC)
AKA remote Desktop. Gives a user access to a Windows desktop from anywhere on the Internet
Organizational Units
An object that defines a collection of user groups and/or computers in Active Directory
DHCP (Dynamic Host Configuration Protocol) Server
A computer or other device that provides an IP address from a pool of addresses to a client computer that requests an address
NTFS permissions
Allow you to control which users and groups can gain access to files and folders on an NTFS volume.
Proxy Server
A computer that intercepts requests that a client (e.g., a browser) makes of a server (e.g., a web server); can serve up the request from a cache it maintains to improve performance, or it can filter requests to secure a large network.
Port flapping
A condition when an interface or a port on a switch is continually going up and down
Secure Shell (SSH) Protocol
A cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users. TCP port 22
TPM (Trusted Platform Module)
A chip on the motherboard used with software applications for security. It can be used with Windows BitLocker Drive Encryption to provide full-disk encryption and to monitor for system tampering.
Microsoft Terminal Services Client (mstsc.exe)
A command that allows you to remote in to a host computer using Remote Desktop Connection
Demilitarized Zone (DMZ)
A computer or network that is not protected by a firewall or has limited protection.
Router
A device that manages traffic between two or more networks and can help find the best path for traffic to get from one network to another
switch
A device used to connect nodes on a network in a star network topology. When it receives a packet, it uses its table of MAC addresses to decide where to send the packet
Local Users and Groups
A managment console that provides an interface for managing user and group accounts.(not available in Starter or Home editions)
Metered connection
A metered connection is any network connection using a service that is charged based on the amount of data transferred. Many wireless broadband services, smartphone data plans, and satellite communication services use metered connections.
Group Policy Objects (GPOs)
A named set of policies that have been created by Group Policy and are applied to an organizational unit.
Shared printer
A printer installed locally on a computer can be shared with other computers.
network printer
A printer that is accessed by each networked computer directly through the network.
DHCP (Dynamic Host Configuration Protocol)
A protocol used by a server to assign a dynamic IP address to a computer when it first attempts to initiate a connection to the network and requests an IP address.
Encrypting File System (EFS)
A security feature of many Windows versions that allows it to encrypt files on an NTFS volume.
WPA3 (Wi-Fi Protected Access 3)
A standard that offers improved data encryption over WPA2 and allows for Individual Data Encryption, whereby a laptop or other wireless device can create a secure connection over a public, unsecured Wi-Fi network.
Port Forwarding
A technique that allows a computer on the Internet to reach a computer on a private network using a certain port when the private network is protected by NAT and a firewall that controls the use of ports. (port mapping)
Wireless Access Point (WAP)
A wireless device that is used to create and manage a wireless network
What hardware component is needed to set up BitLocker Encryption so you can authenticate the computer?
Answer: A TPM chip on the motherboard is needed to set up BitLocker Encryption so you can authenticate the computer. This chip holds the security key that authenticates the computer.
While you work on the customer's printer, they continue chatting about their network and the problems they've been experiencing. One complaint is that the Internet service slows down considerably in the evening. You suspect you know the cause of this problem: Their neighbors arrive home in the evening and bog down the ISP's local infrastructure. To be sure, you take a quick look at the back of their modem. What type of cable connected to the WAN port would confirm your suspicions and why?
Answer: Coaxial cable connected to the modem's WAN port would confirm that the customer is using cable Internet, which shares the TV cable infrastructure with other customers in the area. This can result in service becoming degraded if many people in the neighborhood are using cable Internet at the same time.
While troubleshooting an IPv4 network connection problem, you start to wonder if the local computer's NIC is configured correctly for TCP/IP settings. What command should you enter at the command prompt to test your theory?
Answer: Enter the command ping 127.0.0.1. The ping loopback test to 127.0.0.1 tells you if TCP/IP is configured correctly for the NIC.
You work in the accounting department and have been using a network drive to post Excel workbook files to your file server as you complete them. When you attempt to save a workbook file to the drive, you see the error message: "You do not have access to the folder 'J:\'. See your administrator for access to this folder." What should you do first? Second? Explain the reasoning behind your choices. Ask your network administrator to give you permission to access the folder. Check Explorer to verify that you can connect to the network. Save the workbook file to your hard drive. Using Explorer, remap the network drive. Reboot your PC.
Answer: First: c. Save the workbook file to your hard drive; you don't want to lose your work while you troubleshoot the problem. Second: b. Check Explorer to verify that you can connect to the network; if the network is down, the network share won't work. As always, saving the data to a safe location is the first priority. Only then can you start troubleshooting the problem.
You're setting up a Minecraft gaming server so you and several of your friends can share a realm during your gameplay. To do this, your friends will need to access your server over the Internet, which means you must configure your router to send this traffic to your game server. Which router feature will you use, and which port must you open for TCP traffic?
Answer: Port forwarding will send Minecraft traffic to the gaming server without exposing the rest of the network to that traffic from the Internet. Minecraft uses port 25565 for TCP traffic.
Manuel works on a help desk and is assigned a ticket that was automatically generated by a server because of an error. The error message states that the server has run out of storage space because logs were not set to delete at a certain size. Rather than going to the data center to physically access that server on the rack, what Windows tool might Manuel use to troubleshoot the server?
Answer: Remote Desktop Connection is typically used to access Windows servers on a rack remotely. On Linux servers, Secure Shell is normally the tool of choice.
If you are having a problem changing the permissions of a folder that was created by another user, what can you do to help solve the problem?
Answer: Take ownership of the folder. When you are the owner of a folder, you have full permissions for the folder.
While investigating the settings on your SOHO router, you find two IP addresses reported on the device's routing table, which is used to determine where to send incoming data. The two IP addresses are 192.168.2.1 and 71.9.200.235. Which of these IP addresses would you expect to see listed as the default gateway on the devices in your local network? How do you know?
Answer: The IP address 192.168.2.1 is the default gateway for the local network's devices because it's a private IP address and is the LAN-facing address of the router. The public IP address faces the WAN.
While troubleshooting a network connection problem, you run the command ipconfig /all in a command prompt window and get the following output: Ethernet adapter Ethernet: Connection-specific DNS Suffix.: Description....................: Realtek PCIe GBE Family Controller Physical Address...............: 54-53-ED-BB-AB-A3 DHCP Enabled...................: Yes Autoconfiguration Enabled......: Yes Link local IPv6 Address........: fe80::64d2:bd2e:fa62:b911%10 (Preferred) IPv4 Address...................: 192.168.2.166(Preferred) Subnet Mask....................: 255.255.255.0 Lease Obtained.................: Sunday, August 19, 2022 10:56:41 AM Lease Expires..................: Sunday, August 19, 2022 1:56:41 PM Default Gateway................: 192.168.2.1 DHCP Server....................: 192.168.2.1 DHCPv6 IAID....................: 257184749 DHCPv6 Client DUID.............: 00-01-00-01-18-81-16-9A-54-53-ED-BB-AB-A3 DNS Servers....................: 8.8.8.8 8.8.4.4 NetBIOS over Tcpip.............: Enabled Is the computer using a wired or wireless network connection? What is the local computer's MAC address? What is the IP address of the router on the local network?
Answer: The computer is using a wired connection. The local computer's MAC address is 54-53-ED-BB-AB-A3, and the IP address of the router is 192.168.2.1. You know the connection is wired because the NIC is identified as an Ethernet adapter. The physical address is the MAC address. The router is the Default Gateway, which has an IP address of 192.168.2.1.
In your organization, each department has a folder on a shared drive. Your manager frequently copies the folder to their local computer to run reports. You have noticed that the folder for your department keeps disappearing from the shared drive. You discover that the folder isn't being deleted and often gets moved into a random nearby folder. You suspect that coworkers in other departments are being careless with their mouse clicks while accessing their own folders on the shared drive and are dragging and dropping your department folder into other folders without noticing. How can you prevent this folder from being moved but still allow it to be copied? What steps do you take?
Answer: When a folder is moved, it is deleted from its original location. When you remove the ability of users to delete the folder, users are allowed to copy but not move the folder. To set these permissions, use the Properties dialog box of the folder to disable inheritance on the folder. Then, for all users except Administrators and SYSTEM users, open the Permission Entry for the folder. Click Show advanced permissions and remove the check mark for Delete. Apply changes and close all windows. This skill is a required skill for the A+ Core 2 exam.
You have shared a folder, C:\DenverCO, with your team. The folder contains information about your company branch in Denver, Colorado. Your company decides to reorganize into zones, so you move the folder as a subfolder in the folder G:\Zone3. When your team members try to access G:\Zone3\DenverCO, they get an error message saying they have been denied access. What happened to the permissions when you moved the folder to its new location?
Answer: When you move or copy an object to a folder, the object takes on the permissions of that folder. Because the folder moved to a different volume, the permissions that had been set up were lost.
What command do you enter in the Explorer search box to access the Remote Admin share on the computer named Fin?
Answer: \\Fin\admin$ A network path is written with two backslashes, followed by the computer name, a backslash, and the share name. The Remote Admin share is named admin$.
Your organization has set up three levels of classification for data accessed by users on a small network: Low security: Data in the C:\Public folder Medium security: Data in a shared folder that some, but not all, user groups can access High security: Data in a shared and encrypted folder that requires a password to access. The folder is shared only to one user group. Classify each of the following sets of data: Directions to the company's Fourth of July party Details of an invention made by the company president that has not yet been patented Resumes presented by several people applying for a job with the company Payroll spreadsheets Job openings at the company
Answer: a. Low; b. High; c. Medium; d. Medium or High; e. Low In general, classify the security level of data by the harm done if the data is hacked.
Which Windows tool is used to reset the password for a user's Windows account? Network Places Wizard (netplwiz.exe) Local Group Policy Editor (gpedit.msc) Accounts page in the Settings app Disk Management
Answer: a. Network Places Wizard (netplwiz.exe). When the password is reset, the user loses all their EFS encrypted folders and files, personal digital certificates, and passwords stored on the computer.
As a bank employee, you often work from home and remotely access a file server on the bank's network to correct errors in financial data. Which of the following services is most likely the one you are using to authenticate to the network and track what you do on the network? RADIUS Secure DNS Active Directory TACACS+
Answer: a. RADIUS RADIUS is a protocol used to authenticate to a wired, wireless, or remote network, and it can also work over a VPN. The RADIUS server can communicate with Active Directory (AD) to use the credentials kept by AD to complete the authentication.
Your manager asks you to transmit a small file that includes sensitive personnel data to a Linux server on the network. The server is running a Telnet server and an SSH server. Why is it not a good idea to use Telnet to reach the remote computer? Telnet transmissions are not encrypted. Telnet is not reliable, and the file might arrive corrupted. SSH is faster than Telnet. SSH running on the same computer as Telnet causes Telnet not to work.
Answer: a. Telnet transmissions are not encrypted. Sensitive personnel data should always be transmitted encrypted.
What is the command to launch each of the following tools? Local Group Policy Local Security Policy Computer Management console Local Users and Groups console Resultant Set of Policy (RSoP)
Answer: a. gpedit.msc; b. secpol.msc; c. compmgmt.msc; d. lusrmgr.msc; e. rsop.msc It's important to know the command used to launch a Windows tool because the Windows graphical user interface might not be working and using a command is sometimes faster than using the GUI to launch a tool. In addition, the A+ Core 2 exam expects you to know the commands that launch many common Windows tools used by technicians.
While troubleshooting an Internet connection problem for your network, you restarted the modem and then the router. The router is now communicating with the Internet, which you can confirm by observing the blinking light on the router's WAN indicator. However, now your laptop is not communicating with the router. Order the following commands to confirm there is no connectivity, apply a fix to the problem, and confirm connectivity. ping ipconfig /renew nslookup microsoft.com ipconfig /release
Answer: a. ping; d. ipconfig /release; b. ipconfig /renew; c. nslookup microsoft.com Using the ping command can confirm connectivity; using ipconfig to release and renew the TCP/IP assignments can fix a problem with failed connectivity, and using the nslookup command can verify you can now reach the Microsoft.com site.
Which two of the following hosts on a corporate intranet are on the same subnet? 192.168.2.143/8 172.54.98.3/16 192.168.5.57/8 172.54.72.89/16
Answer: b. 172.54.98.3/16 and d. 172.54.72.89/16 These hosts are on the same subnet because their network IDs are the same. The network ID is 172.54.
You've just received a call from human resources asking for assistance with a problem. One of your company's employees, Ahmed, has recently undergone extensive surgery and will be homebound for three to five months. He plans on working from home and needs a solution to enable frequent and extended access to the company network's resources. Which WAN technology will you need to configure for Ahmed, and which tool will you use to configure it? WWAN using the Network Connections window Wi-Fi using the Network and Sharing Center Ethernet using the Network Connections window VPN using the Network and Sharing Center
Answer: d. VPN using the Network and Sharing Center A VPN creates a secure connection to a remote network so that resources on the network will not be exposed. The VPN can be configured using third-party tools or, in Windows 10/11, the Network and Sharing Center.
As the new network administrator managing Active Directory in your organization, you decide to set up a backup system for all folders in the domain authorized for users to store their data. Which tasks should you do first before you configure the backup routine? (Choose all that apply.) Have a company-wide gathering to explain the idea to all users. Evaluate backup software and storage requirements. Apply all available updates to Windows Server. Apply folder redirection to the Home folder for each user.
Answer: b. Evaluate backup software and storage requirements. d. Apply folder redirection to the Home folder for each user. Carefully consider more than one backup software solutions for the best one to meet the needs of your organization, and verify your hardware storage can fulfill the demand. Applying folder redirection to the Home folder makes it easier to manage backed-up folders in a central location, rather than spread over the network.
Remote Desktop and Remote Assistance require a technician to change port settings and firewall settings, but third-party apps such as GoToMyPC do not. Why is this? Microsoft makes its apps more secure than third-party apps. GoToMyPC and other third-party apps use ports already left open for web browsing and don't require additional incoming connections. Remote Desktop and Remote Assistance allow incoming connections at the same port 80 that is already left open for web browsing. GoToMyPC and other third-party apps are not concerned about security because they depend on Windows to secure a network connection.
Answer: b. GoToMyPC and other third-party apps use ports already left open for web browsing and don't require additional incoming connections. Opening a port lowers the security of the computer and should be avoided if possible.
The documentation for your router says that it can provide content filtering to filter out keywords except for pages that use the HTTPS protocol. Why is that? Privacy laws make it illegal to filter content in HTTPS pages. HTTPS pages are encrypted, and the router cannot decrypt them to read the content. The router must use its public key to transmit HTTPS pages. The software to filter content in HTTPS pages is not installed on this particular router.
Answer: b. HTTPS pages are encrypted, and the router cannot decrypt them to read the content. HTTPS encrypts content to secure that content. Encryption keys are stored on the web server and the browser, and the router does not have access to these encryption keys.
Which of the following is true about NTFS permissions and share permissions? (Choose all that apply.) Share permissions do not work on an NTFS volume. NTFS permissions work only on an NTFS volume. If share permissions and NTFS permissions are in conflict, NTFS permissions win. If you set NTFS permissions but do not set share permissions, NTFS permissions apply on the network.
Answer: b. NTFS permissions work only on an NTFS volume. For other volumes and file systems, such as FAT32, share permissions are required. Share permissions work with all types of file systems, including NTFS.
Which security features are available on Windows 10 Home? (Choose all that apply.) Local Group Policy NTFS permissions Active Directory Share permissions
Answer: b. NTFS permissions; d. Share permissions NTFS and share permissions work with all versions and editions of Windows.
Which type of server can function as a firewall? Mail server Proxy server Print server FTP server
Answer: b. Proxy server Some proxy servers have firewalls included in the software that can be used to filter which nodes on the network can use the proxy server.
aunte frequently calls your help desk asking for instructions on how to use Windows 10. What is the best way to help Daunte? Open a chat session with Daunte over Facebook and talk with him about Windows 10. Use Remote Assistance to show Daunte how to use Windows 10, and point him to the log file created. Explain to Daunte that a help desk is not the place to go to learn to use new software and that he needs to look elsewhere for help. Email Daunte some links to online video tutorials about Windows 10.
Answer: b. Use Remote Assistance to show Daunte how to use Windows 10, and point him to the log file created. Remote Assistance allows the technician to control the computer while the user watches. All that happens, including the chat session, are recorded in a log file for future reference.
You're troubleshooting a network connection for a client at their home office. After pinging the network's default gateway, you discover that the cable connecting the desktop to the router had been damaged by foot traffic and is no longer providing a reliable signal. You replace the cable, this time running the cable along the wall, so it won't be stepped on. What do you do next? Apply port forwarding on the router. Use the ping command. Use the hostname command. Reboot the router.
Answer: b. Use the ping command. Ping the router again to confirm the network connection is working.
ou open a folder Properties dialog box to encrypt the folder, click Advanced, and discover that Encrypt contents to secure data is dimmed. What is the most likely problem? Encryption has not been enabled. Use the Computer Management console to enable it. You are not using an edition of Windows that supports encryption. Most likely a virus has attacked the system and is disabling encryption. Encryption applies only to files, not folders.
Answer: b. You are not using an edition of Windows that supports encryption. The professional and business editions of Windows support encryption. Windows Home does not.
Your company has recently been hired to install a smart security system for a large office building. The system will include security cameras, voice-controlled lights, smart locks, and smart thermostats. Some of the security cameras will be installed outdoors throughout the parking lot. Which wireless IoT protocol should your company use for the installation? Wi-Fi, because it is always encrypted Zigbee, because it is always encrypted Z-Wave, because it is the fastest wireless standard Bluetooth, because it is easiest to configure
Answer: b. Zigbee, because it is always encrypted. Zigbee, Z-Wave, and Bluetooth are always encrypted. Zigbee is faster than Z-Wave. Zigbee and Z-Wave don't require configuration.
Where in Group Policy can you locate the policy that requires a smart card to be used to authenticate a user to Windows? Computer Configuration, Windows Settings, Security Settings, Local Policies, Biometrics Computer Configuration, Administrative Templates, System, Logon Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options User Configuration, Administrative Templates, System, Logon
Answer: c. Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options Knowing your way around the Group Policy Editor is important for securing a computer.
You have set up a user group named Accounting and have put all employees in the accounting department in this group, which has been given permission to use the Financial folder on a file server. You are now asked to create a subfolder under Financial named Payroll. Megan, the payroll officer, is the only employee in the accounting department allowed to access this folder. What is the best way to configure the new share? Assign Megan read/write permissions to the Payroll folder, and explain to your manager that it is not a best practice to give only one employee access to an important folder. Assign Megan read/write permissions to the Payroll folder. Create a new user group named Payroll, put Megan in the group, and assign the group read/write permissions to the Payroll folder. Ask your manager to allow you to put the folder outside of the Financial folder so you can assign a new user group read/write permissions to this folder that will not conflict with the Accounting user group.
Answer: c. Create a new user group named Payroll, put Megan in the group, and assign the group read/write permissions to the Payroll folder. Even though the group has only a single user, it's still a best practice to assign permissions to groups rather than individuals. You can assign permissions to a child folder that are different than the permissions assigned to the parent folder.
You need a VPN to connect to a private, remote network in order to access some files. You click the network icon in your taskbar to establish the connection, and you realize there is no VPN option available on the menu. What tool do you need to use to fix this problem? net command netstat command Network and Sharing Center Network Connections window
Answer: c. Network and Sharing Center. Use the Network and Sharing Center to set up a new VPN connection.
Of the 10 devices shown earlier in Figure 19-21, how many are assigned IP addresses? Four: two phones, a web server, and a router Three: two phones and a web server Seven: a thermostat, a router, two phones, two bridges, and a web server All 10
Answer: c. Seven: a thermostat, a router, two phones, two bridges, and a web server. Zigbee and Bluetooth devices are not assigned IP addresses, but their bridges are part of the TCP/IP network and require at least one IP address.
Your SOHO router has failed, and you have installed a new router. The old router's static IP address on the network is 192.168.0.1. The new router has a static IP address of 10.0.0.1. You go to a computer to configure the new router, and you enter 10.0.0.1 in the browser address box. The router does not respond. You open a command prompt window and try to ping the router, which does not work. Next, you verify that the router has connectivity, and you see that its local connection light is blinking, indicating connectivity. What is the most likely problem and its best solution? The computer you are using to configure the router has a corrupted TCP/IP configuration. Restart the computer. The router is defective. Return it for a full refund. The computer and the router are not in the same subnet. Release and renew the IP address of the computer. The computer and the router are not in the same subnet. Change the subnet mask assigned to the computer.
Answer: c. The computer and the router are not in the same subnet. Release and renew the IP address of the computer. The computer had been assigned an IP address in the 192.168.*.* range by the old router, which is in a different subnet than the 10.0.0.1 IP address. When the computer is assigned a new IP address by the new router, it will be in the same subnet as the router. Two devices in different subnets cannot find each other without going through their default gateway.
As an IT technician, you arrive at a customer's home office to troubleshoot problems they are experiencing with their printer. While questioning the customer to get an understanding of their network, you find they have a new Wi-Fi router that connects wirelessly to a new desktop and two new laptops, in addition to multiple smartphones, tablets, and the network printer. They also have several smart home devices, including security cameras, light switches, door locks, and a thermostat supported by an IoT controller hub. To work on the printer, which type of network will you be interacting with? PAN WAN WMN LAN
Answer: d. LAN A LAN can have a variety of several devices, but it is always limited to a single router that creates the boundary for the network. A single router indicates a LAN.
Your customer then asks you if it would be worth the investment for them to have Ethernet cabling installed to reach each of their workstations instead of connecting them by Wi-Fi to the network. Specifically, they want to know if that would speed up communications for the workstations. You examine their router and find that it's using 802.11ac Wi-Fi. Would you advise them to upgrade to Ethernet? Why or why not? Yes, because Ethernet is faster than 802.11ac. Yes, because wired connections are always faster than wireless connections. No, because installing Ethernet cabling is more expensive than the increased speed is worth. No, because 802.11ac speeds are faster than Ethernet.
Answer: d. No, because 802.11ac speeds are faster than Ethernet. IEEE 802.11ac runs at about 1.3 Gbps, and Gigabit Ethernet runs at about 1.0 Gbps.
When setting up OUs in a new domain, why might it be useful to put all computers in one OU and all users in another? It will be easier to inventory computers in the domain. It will help organize users into user groups. An OU must contain either users or computers but not both. Policies generally apply to either computers or users.
Answer: d. Policies generally apply to either computers or users. It's not often that you will create a policy that applies to both users and computers.
Mia works from home occasionally and needs to set up her Windows 10 computer at work so she can remote in from her home office. Which tools should she use? Zoom Remote Assistance Secure Shell Remote Desktop
Answer: d. Remote Desktop. Windows 10/11 Remote Desktop is desktop management software used to remotely control the Windows desktop.
You run the ipconfig command on your computer, and it reports an IP address of 169.254.75.10 on the Ethernet interface. Which device assigned this IP address to the interface? The ISP's DNS server The local network's DHCP server on the SOHO router The cable modem The local computer
Answer: d. The local computer. IP addresses in the 169.254.*.* range are called Automatic Private IP addresses and are assigned when the local computer cannot connect to a DHCP server to lease a dynamic IP address.
When NTFS and share permissions are used on the local file server, can a user signed in on a Windows 10 Home computer access these shares? Why or why not? No, because Windows 10 Home does not have the Local Users and Groups console No, because Windows 10 Home does not support NTFS permissions Yes, because Windows 10 Home can join a Windows domain Yes, because the user is authenticated on the file server to access its shares
Answer: d. Yes, because the user is authenticated on the file server to access its shares. The NTFS and share permissions are set up on the file server rather than the Windows Home computer. Also the user groups are set up on the file server via the Local Users and Groups console. The user authenticates to the local Windows Home computer and also authenticates to the file server.
Your manager has asked you to configure a DHCP reservation on the network for a Windows computer that is used to configure other devices on a network. To do this, you need the computer's MAC address. What command can you enter at the command line to access this information?
Answer: ipconfig /all. Also acceptable is arp -a. The ipconfig command reports information about the network configuration, including the physical address, which is the same as the MAC address.
Active Directory Domain Services (AD DS)
Authenticates accounts and authorizes what these accounts can do
ipconfig command
Displays network configuration information and refresh the TCP/IP assignments for a connection, including its IP address.
Local Group Policy (LGP)
Gpedit.msc Contains a subset of policies in Group policy; this subset applies only to the local Windows computer or local user
Remote monitoring and Management (RMM) software
Installs on systems to monitor and manage these systems remotely so IT personnel can more easily support these systems.
Net user command
Manages user accounts
WPA2 (Wi-Fi Protected Access Version 2)
Newer security protocol used to protect wireless transmissions. It supports CCMP for encryption, which is based on AES and stronger than TKIP which was originally released with WPA. In Enterprise Mode, it can use RADIUS to support 802.1x authentication. In personal mode, it uses a preshared key (PSK).
WPA (WiFi protected access)
Older encryption standard and typically uses TKIP (Temporal Key Integrity Protocol) for encryption
Zigbee
Operates in either the 2.4 GHz band or the 900 MHz band requires less power than Wifi range of about 20 meters indoors (can go much further in open air) Faster than Z-Wave Encrypted
explicit permission
Permissions granted directly to a file or folder.
Share permission
Permissions set on a share, and they only apply to network users. If a shared folder is on an NTFS volume, a network user is affected by both share and NTFS permissions, but local users are only affected by NTFS permissions.
Windows Defender Firewall
Personal firewall that protects a computer from intrusion and from attacking other computers; it is automatically configured when you set up your security level for a new network connection.
inherited permissions
Permissions assigned by Windows that are attained from a parent object.
Remote Desktop and Remote Assistance
Port 3389
TACACS+ (Terminal Access Control Access Control System+)
Proprietary Cisco protocol for AAA services, specifically designed for network admins and techs to remotely connect to a network to configure and manage Cisco network devices (routers, switches, firewalls) Uses TCP protocol Port 49
RADIUS (Remote Access Dial In User Service)
Protocol was originally designed just for authentication, but it has been involved to include authentication, authorization, and accounting (AAA) services Uses UDP Protocol Port 1812 for authentication and authorization Port 1813 for accounting
Microsoft Remote Assistance (MSRA)
Remote Windows application useful for virtual desktop support; The users can remain signed in and retains control of the session while the tech gives help
Security Groups
Similar to user groups in a Windows workgroup except a these groups can include a computer or a user
Kerberos
Strictly an authentication protocol, used when a Windows computer authenticates a user to Active Directory in a Windows domain AES encryption UDP protocol Port 88 Only 1 of the 3 that supports two-factor authentication
ping command
Tests connectivity by sending an echo request to a remote computer If the remote computer is online, detects the signal, and is configured to respond to a png. Test connectivity or to verify that DNS is working
Z-Wave
Transmits around the 900 MHz band and requires less power than Wi-Fi. Has a larger range that bluetooth (up to 100 meters in open air, less in buildings) Used for IoT devices Encrypted
nslookup (namespace lookup or name server lookup) command
Used to test name-resolution problemswith DNS servers by allowing you to request information from a DNS server's zone data, which is the portion of the DNS namespace that the server knows about.
tracert (Trace Route) command
used when trying to resolve a problem reaching a destination host such as an FTP site or website. Seds a series of requests to the destination computer and displays each hop to the destination
Reverse lookup
When you run the nslookup command to find the host name when you know a computer's IP address
What are the two wireless connection protocols used with IoT devices (Smart home devices)
Z-Wave Zigbee
Screened subnet
also known as DMZ; commonly uses two firewalls; one between public network and DMZ; other resides between the DMZ and the private network
To prepare to remotely work on a Linux server at work while you are at home, you install VNC Server for Linux by RealVNC (realvnc.com) on the system at work. When you get home, you install the VNC Viewer for Windows on your Windows 10 laptop. When you try to make the connection, you get an error about a refused connection. Which could be a cause of the error? (Choose all that apply.) VNC Viewer for Windows will not work with a Linux server. Use Remote Desktop instead. Port 5901 is not set for port forwarding on the corporate router. Configure the router next time you're in the office. VNC Server for Linux must be configured to tunnel through SSH. Set up the SSH tunnel next time you're in the office. A VNC solution will not work with Linux. Configure Remote Desktop on the Linux server, and use it with the Remote Desktop client on your home computer.
b. Port 5901 is not set for port forwarding on the corporate router. Configure the router next time you're in the office. Using VNC Server for Linux and VNC Viewer for Windows is a workable solution. However, VNC Server uses port 5901, and the port must be open for the service to work.
Virtual Network Computing (VNC)
client/server software used to remotely control a computer, file transfers, and screen sharing Port 5902
pathping (command)
combines the ping and tracert commands into a single command to help identify where on the network path the network might be slow or giving problems.
netstat (network statistics) command
command gives statistics about network activity, and it includes several parameters
Net use command
connects or disconnects a computer from a shared resource or can display information about connections
Hostname command
displays host name of the computer
content filtering
occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information through blacklists and whitelists
Secure Shell (SSH)
open-source software to remotely sign in to and control another computer Designed to replace Telnet and FTP on Linux systems Port 22 (Encrypted Session)
Local Security Policy
secpol.msc Contains a subset of policies in Local Group Policy, which apply only to the local computer's Windows security settings. Local Security Policy is a Windows 10 Admin tools or Windows 11 Tools snap-in Control Panel
