COMPTIA A+ 1002 Lesson 1

Ace your homework & exams now with Quizwiz!

True or false? Windows Defender Firewall cannot be disabled.

False. It is not usually a good idea to do so, but it can be disabled via Security Center or the Control Panel applet.

A user is assigned Read NTFS permissions to a resource via his user account and Full Control via membership of a group. What effective NTFS permissions does the user have for the resource?

Full control—the most effective permissions are applied.

Virtual Private Network (VPN)

Secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet).

Proxy Server

Server that mediates the communications between a client and another server. It can filter and often modify communications as well as provide caching services to improve performance.

NTFS Permissions

ACL that mediates local and network access to a file system object under Windows when the volume is formatted with NTFS.

Security Group

Access control feature that allows permissions to be allocated to multiple users more efficiently.

Member Server

Any application server computer that has joined a domain but does not maintain a copy of the Active Directory database.

Single sign-on (SSO)

Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.

Roaming Profiles

Configuring a network share to hold user profile data. The data is copied to and from the share at logon and logoff.

Nslookup Command

Cross-platform command tool for querying DNS resource records.

Ping Command

Cross-platform command tool for testing IP packet transmission.

Netstat Command

Cross-platform command tool to show network information on a machine running TCP/IP, notably active connections, and the routing table.

Home Folder

Default local or network folder for users to save data files to.

Tracert Command

Diagnostic utilities that trace the route taken by a packet as it "hops" to the destination host on a remote network. tracert is the Windows implementation, while traceroute runs on Linux.

Soften Token

Either an additional code to use for 2-step verification, such as a one-time password, or authorization data that can be presented as evidence of authentication in an SSO system.

True or false? Under default settings, the user account added during setup is not affected by User Account Control.

False. User Account Control (UAC) is designed to prevent misuse of accounts with administrative privileges. Use of such privileges requires the user to approve a consent dialog or to enter the credentials of an administrator account. This system can be disabled via UAC settings, but it is enabled by default.

Windows Hello

Feature that supports passwordless sign-in for Windows.

Inheritance

File system access-control-concept where child objects are automatically assigned the same permissions as their parent object.

This PC

File system object representing a Windows computer and the disk drives installed to it.

Administrative Tools

Folder in Control Panel containing default Microsoft management consoles used to configure the local system.

Folder Redirection

In Windows, redirecting an individual user profile folder, such as Documents or Pictures, to a network share.

Angel brought in the new tablet he just purchased and tried to connect to the corporate network. He knows the SSID of the wireless network and the password used to access the wireless network. He was denied access, and a warning message was displayed that he must contact the IT Department immediately. What happened, and why did he receive the message?

Mobile device management (MDM) is being used to mediate network access. The device must be enrolled with the MDM software before it can join the network.

You are pinging a host at 192.168.0.99 from a host at 192.168.0.200. The response is "Reply from 192.168.0.200: Destination host unreachable." The hosts use the subnet mask 255.255.255.0. Does the ping output indicate a problem with the default gateway?

No. The hosts are on the same IP network (192.168.0.0/24). This means that 192.168.0.200 does not try to use a router (the gateway) to send the probes. 192.168.0.200 uses address resolution protocol (ARP) to find the host with the IP 192.168.0.99. The host unreachable message indicates that there was no response, but the problem will be an issue such as the host being disconnected from the network or configured to block discovery rather than a gateway issue.

Group Policy Objects (GPO'S)

On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.

Mobile Device Management (MDM)

Process and supporting technologies for tracking, controlling, and securing the organization's mobile infrastructure.

Kerberos

Single sign-on authentication and authorization service that is based on a time-sensitive, ticket-granting system.

Authenticator Application

Software that allows a smartphone to operate as a second authentication factor or as a trusted channel for 2-step verification.

WinX Menu

Start button shortcut menu with quick access to principal configuration and management utilities.

Short Message Service (SMS)

System for sending text messages between cell phones.

Everyone

System security group that represents any account, including unauthenticated users.

You are assisting another user who is trying to configure a static IP on a Windows workstation. The user says that 255.255.255.0 is not being accepted in the prefix length box. Should the user open a different dialog to complete the configuration or enter a different value?

The Network & Interface settings Edit IP settings dialog can be used. 255.255.255.0 is the subnet mask in dotted decimal format. The dialog just requires the number of mask bits. Each "255" in a dotted decimal mask represents 8 bits, so the user should enter 24.

What are the prerequisites for joining a computer to a domain?

The computer must be running a supported edition of Windows (Pro, Enterprise, or Education). The PC must be configured with an appropriate IP address and have access to the domain DNS servers. An account with domain administrative credentials must be used to authorize the join operation.

What are the requirements for configuring fingerprint authentication via Windows Hello?

The computer must have a fingerprint reader and a trusted platform module (TPM). Windows Hello must first be configured with a personal identification number (PIN) as a backup method.

While you are assigning privileges to the accounting department in your organization, Cindy, a human resource administrative assistant, insists that she needs access to the employee records database so that she can fulfill change of address requests from employees. After checking with her manager and referring to the organization's access control security policy, you discover that Cindy's job role does not fall into the authorized category for access to that database. What security concept are you practicing in this scenario?

The principle of least privilege.

What is the significance of a $ symbol at the end of a share name?

The share is hidden from the file browser. It can be accessed by typing a UNC. The default administrative shares are all configured as hidden.

You receive a call from a user trying to save a file and receiving an "Access Denied" error. Assuming a normal configuration with no underlying file corruption, encryption, or malware issue, what is the cause and what do you suggest?

The user does not have "Write" or "Modify" permission to that folder. If there is no configuration issue, you should advise the user about the storage locations permitted for user-generated files. If there were a configuration issue, you would investigate why the user had not been granted the correct permissions for the target folder.

Assuming default Explorer view settings are configured, what steps should the user take to get better context of files?

The user must first show file extensions, using the View tab in the File Explorer Options applet (you might also note that this can be done via a check box on the View menu ribbon of File Explorer).

Windows Security

Touch-enabled app for configuring features such as firewall and antivirus.

You are assisting a user with configuring a static IP address. The user has entered the following configuration values and now cannot access the Internet. Is there a configuration issue or a different problem? IP: 192.168.1.1 Mask: 255.255.255.0 Gateway: 192.168.1.0 DNS: 192.168.1.0

There is a configuration problem. 192.168.1.0 is not a host address. With the subnet mask 255.255.255.0, it identifies the network range as 192.168.1.0/24. The gateway is usually configured as the first available host address in this range: 192.168.1.1. The DNS server should also be set to 192.168.1.1.

When you set NTFS permissions on a folder, what happens to the files and subfolders by default?

They inherit the parent folder's permissions.

A computer cannot connect to the network. The machine is configured to obtain a TCP/IP configuration automatically. You use ipconfig to determine the IP address and it returns 0.0.0.0. What does this tell you?

This is an irregular state for a Windows PC. If a DHCP server cannot be contacted, the machine should default to using an APIPA address (169.254.x.y). As it has not done this, something is wrong with the networking software installed on the machine. The best option is probably to perform a network reset via the Settings > Network & Internet > Status page.

Which command produces the output shown in this screenshot? Exhibit (Screenshot courtesy of Microsoft.)

This is output from netstat. The -n switch has been used to show ports in numeric format and the -o switch to show the PID of the process that opened the port.

Windows Settings

Touch-enables interface for managing user and system settings in Windows

True or false? If you want the same policy to apply to a number of computers within a domain, you could add the computers to the same Organizational Unit (OU) and apply the policy to the OU.

True

Hard Token

USB storage key or smart card with a cryptographic module that can hold authenticating encryption keys securely.

Network and Internet

Windows Settings pages related to interface configuration, network profiles, and proxy configuration.

You are supporting a user who has just replaced a wireless router. The user has joined the new wireless network successfully but can no longer find other computers on the network. What should you check first?

Use Network & Internet to check the network profile type. When the network changed, the user probably selected the wrong option at the prompt to allow the PC to be discoverable, and the profile is probably set to Public. Change the type Private.

A Windows user is trying to join a video conference and cannot hear any sound from her headset. Which tool can you suggest using to try to remedy the fault?

Use the Sound settings app or Control Panel applet to check the volume setting and that the headset is configured as the input and output device. If the headset is not listed, check the USB or Bluetooth connection.

Local Account

User account that can be authenticated again and allocated permissions for the computer that hosts the account only.

Which three principal user security groups are created when Windows is installed?

Users, Administrators, and Guests. You might also include Power Users, though use of this group is deprecated. Going beyond the account types listed in the exam objectives, you might include groups such as Remote Desktop Users, Remote Management Users, or Backup Operators. There are also system groups, such as Everyone, but users cannot be assigned manually to these.

Run Dialog

Windows interface for executing commands.

If a user obtains Read permissions from a share and Deny Write from NTFS permissions, can the user view files in the folder over the network?

Yes (but he or she cannot create files).

What tool would you use to add a user to a local security group?

You can change the account type between Standard and Administrator via Control Panel, but the Local Users and Groups management console is the tool to use for a custom security group. You could also use the net localgroup command.

You need to set up a VPN connection on a user's Windows laptop. The VPN type is IKEv2. What other information, if any, do you need to configure the connection?

You must also input the fully qualified domain name (FQDN) or IP address of the remote access VPN server.

You are writing a tech note to guide new technicians on operational procedures for working with Active Directory. As part of this note, what is the difference between the gpupdate and gpresult commands?

gpupdate is used to refresh local policy settings with updates or changes from the policy template. gpresult is used to identify the Resultant Set of Policies (RSoP) for a given computer and/or user account.

A DHCP server has been reconfigured to use a new network address scheme following a network problem. What command would you use to refresh the IP configuration on Windows client workstations?

ipconfig /renew

You are checking that a remote Windows workstation will be able to dial into a web conference with good quality audio/video. What is the best tool to use to measure latency between the workstation's network and the web conferencing server?

pathping measures latency over a longer period and so will return a more accurate measurement than the individual round trip time (RTT) values returned by ping or tracert.

Security Groups

Access control feature that allows permissions to be allocated to multiple users more efficiently.

Network Interface Card (NIC)

Adapter card that provides one or more Ethernet ports for connecting hosts to a network so that they can exchange data over a link.

2-Step Verification

Authentication mechanism that uses a separate channel to authorize a sign-on attempt or to transmit an additional credential. This can use a registered email account or a contact phone number for an SMS or voice call.

Multifactor Authentication (MFA)

Authentication scheme that requires the user to present at least two different factors as credentials; for example, something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

Least Privilege

Basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

Implicit Deny

Basic principle of security stating that unless something has explicitly been granted access, it should be denied access.

Fingerprint

Biometric authentication device that can produce a template signature of a user's fingerprint and then subsequently compare the template to the digit submitted for authentication.

Facial Recognition

Biometric authentication mechanism that uses an infrared camera to verify that the user's face matches a 3D model recorded at enrollment.

Windows Defender Firewall

Built-in, host-based filtering of network connections.

OneDrive

Cloud storage service operated by Microsoft and closely integrated with Windows.

Microsoft Account

Cloud-based SSO service allowing users to synchronize settings between multiple Windows devices

Login Script

Code that performs a series of tasks automatically when a user account is authenticated.

Access Control List (ACL)

Collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read-only, read/write, and so on).

ipconfig command

Command tool used to gather information about the IP configuration of a Windows host.

Gpupdate

Command-line tools to apply and analyze group policies. Group policies are a means of configuring registry settings.

Organizational Unit (OU)

Structural feature of a network directory that can be used to group objects that should share a common configuration or organizing principle, such as accounts within the same business department.

Domain Name System (DNS)

Service that maps fully qualified domain name labels to IP addresses on most TCP/IP networks, including the Internet.

Platform Module (TPM)

Specification for secure hardware-based storage of encryption keys, hashed passwords, and other user- and platform-identification information.

Dynamic Host Configuration Protocol (DHCP)

Protocol used to automatically assign IP addressing information to hosts that have not been configured manually.

Devices and Printers

Control Panel app for using and configuring attached hardware.

Power Options

Control Panel app related to configuring power button/lid events and power-saving modes.

Indexing Options

Control Panel app related to search database maintenance.

File Explorer Options

Control Panel app related to view and browsing settings for File Explorer.

User Accountsapplet

Control Panel app relating to user account creation and maintenance.

Internet Options

Control Panel applet allowing configuration of the Internet Explorer web browser.

Programs and Features

Control Panel applet allowing management of Windows Features and third-party software.

Mail Applet

Control Panel applet related to configuration of Microsoft Outlook email accounts and storage files.

Sound Applet

Control Panel applet related to speaker and microphone configuration plus Windows sound events and notifications.

Network and Sharing center

Control Panel related to interface configuration, network profiles, and discovery/file sharing settings.

Internet Protocol (IP)

Format for logical host and network addressing. In IPv4, a 32-bit binary address is expressed in dotted decimal notation, such as 192.168.1.1. In IPv6, addresses are 128-bit expressed as hexadecimal (for example, 2001:db8::0bcd:abcd:ef12:1234).

Domain

Group of hosts that is within the same namespace and administered by the same authority.

Workgroup

Group of network hosts that shares resources in a peer-to-peer fashion. No one computer provides a centralized directory.

Control Panel

Legacy management interface for configuring user and system settings in Windows

Wireless Wide Area Network (WWAN)

Network covering a large area using wireless technologies, such as a cellular radio data network or line-of-sight microwave transmission.

Active Directory (AD)

Network directory service for Microsoft Windows domain networks that facilitates authentication and authorization of user and computer accounts.

Guest

Non-privileged account that is permitted to access the computer/network without authenticating.

Standard Account

Non-privileged user account in Windows that typically has membership of the Users security group only.

Subnet Mask

Number of bits applied to an IP address to mask the network ID portion from the host/interface ID portion.

Sleep

Power-saving mode in Windows. On a laptop, this functions much like standby, but on a desktop, the system also creates a hibernation file before entering the standby state.

Standby

Power-saving mode where power to all compatible components except system memory is cut. Note that systems on standby still consume some electricity.

Fast Startup

Power-saving option allowing swift resume from sleep via an image of system memory contents saved to a hibernation file.

Hibernate

Power-saving state where the contents of memory are saved to hard disk (hiberfil.sys) and the computer is powered off. Restarting the computer restores the desktop.

Device Manager

Primary interface for configuring and managing hardware devices in Windows. Device Manager enables the administrator to disable and remove devices, view hardware properties and system resources, and update device drivers.

Administrators

Privileged user account that has been granted memberships of the Administrators security group. There is also an account named Administrator, but this is usually disabled by default.

A user calls to say that he clicked Yes to a prompt to allow the browser to access the computer's location service while using a particular site and is now worried about personal information being tracked by other sites. How can the user adjust the app permission in Windows?

Via the App permissions section under Privacy settings. You might also note that most browser software can be configured to only allow location information on a per-site basis.

A user works on a document and leaves the file open for lunch. Upon the user's return, the computer is in power-saving mode. How do you reassure the user and advise on the status of the file?

When a computer goes into a power-saving mode, it will either maintain a small amount of power to the memory modules or write the contents of memory to a hibernation file on disk. Consequently, the user should be able to start the laptop again, and the desktop will resume with the open file still there. You should advise the customer to save changes to files regularly, however.

Recycle Bin

When files are deleted from a local hard disk, they are stored in the Recycle Bin. They can be recovered from here if so desired.

Time and Language settings

Windows Settings pages allowing configuration of default data formats (date, currency, and so on), location information, and keyboard input locale.

Phone Settings

Windows Settings pages for associating a smartphone with Windows.

Device Settings

Windows Settings pages for using and configuring attached hardware.

Update and Security Settings

Windows Settings pages related to configuring automatic patching, deploying feature updates, and managing security features.

Personalization Settings

Windows Settings pages related to customizing the appearance of the desktop using themes.

Ease of Access

Windows Settings pages related to desktop and input/output device accessibility configuration.

Gaming Settings

Windows Settings pages related to game mode settings and Xbox integration.

Privacy Settings

Windows Settings pages related to personal data collection and use.

System Settings

Windows Settings pages relating to basic and advanced system settings.

Apps

Windows Settings pages relating to configuration of Windows Features and third-party software apps.

Account Settings

Windows Settings pages relating to user account creation and maintenance.

Instant Search

Windows feature allowing rapid search of apps, data folders, messages, and the web

User Account Control (UAC)

Windows feature designed to mitigate abuse of administrative accounts by requiring explicit consent to use privileges.

Metered

Windows feature for indicating that network data transfer is billable and for setting warnings and caps to avoid unexpected charges from the provider.

Network Location Awareness

Windows feature that categorizes network profile as public or private. Each profile can have a different firewall configuration, with public network types being more restricted, by default.

Network Discovery

Windows firewall configuration that makes a host visible to network browsers.

File Sharing

Windows firewall configuration that opens the network ports required to operate as a file/print server.

Mapped Drive

Windows mechanism for navigating shared network folders by assigning them with drive letters.

Pathping Command

Windows utility for measuring latency and packet loss across an internetwork.

You are assisting a home user who wants her spouse to be able to sign in to a new Windows laptop using a Microsoft account. Is this possible, and if so, which management interface is used?

Yes, this can be done via the Accounts settings app. The legacy User Accounts applet in Control Panel can no longer be used to add accounts.

While troubleshooting an issue with a graphics card in Windows 10, you discover that the driver version is not up to date. What first step could you perform to install the latest driver?

You are assisting a user over the phone and need to identify the edition of Windows that is installed. What step instructions must you give for the user to report this information to you?


Related study sets

4.2 The Jazz Age - Check Your Understanding

View Set

Biological Diversity Chp. 49, 51, 52, 53 Study Module Questions

View Set

Theme for English B and Any Human to Another Quiz Review

View Set

Chapter 16: Notes Payable and Notes Receivable

View Set

Substance Abuse, Eating Disorders, Impulse Control Disorders

View Set

Chapter 1 Art in the Stone Age - Practice Quiz

View Set

CHAPTER 19: DEEDS AND TRANSFER OF TITLE

View Set