Windows Client

Netstat Commands

-a displays all connections and listening ports. -b displays the executable that created each connection or listening port. -e displays Ethernet statistics. This is commonly used in conjunction with the -s option. -n displays addresses and port numbers in numerical form. -o displays the owning process ID associated with each connection. -p [protocol] shows connections for the specified protocol. Possible protocols include IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6. -r displays the routing table. -s displays per-protocol statistics. The output can be limited to specific protocols by using this option in conjunction with the -p option.

Intune is included with...

...any Enterprise Agreement of at least 500 users, and supports all types of devices. Intune is integrated into the organization's Azure Active Directory which simplifies device management even more.

Network address last octet is?

0

You would like to utilize a device enrollment manager (DEM) Azure AD account to enroll your devices into Intune. What is the maximum number of devices a DEM account can enroll?

1,000

Binary Numbers Decoding Structure

128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 1 or 0 to specify if a bit is included

Workgroup preferred network size

2-8 computers

802.11 speeds and ranges

802.11a Speeds of up to 54 Mbps at the 5 GHz range. This standard is not compatible with 802.11b 802.11b Speeds of up to 11 Mbps at the 2.4 GHz range 802.11g Speeds of up to 54 Mbps at the 2.4 GHz range. This standard is backward compatible with 802.11b and is designed for use over short distances. 802.11n Speeds of up to 100 Mbps at the 2.4 GHz and 5 GHz ranges 802.11ac Speeds of up to 433 Mbps at the 5 GHz range Notice that 802.11b and 802.11g both use the same frequency. This means that they are compatible with one another.

802.1x authentication and Remediation servers

802.1x authentication uses user names and passwords, certificates, or devices such as smart cards to authenticate wireless clients. 802.1x authentication requires the following components: A RADIUS server to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells but authenticate using the same account information. A PKI for issuing certificates. At a minimum, the RADIUS server must have a server certificate. To support mutual authentication, each client must also have a certificate. You can use 802.1x authentication with both WPA and WPA2. You can even use it with WEP on some devices and operating systems. TKIP is an encryption method used with WPA.

802.1x authentication

802.1x authentication uses usernames and passwords, certificates, or smart cards to authenticate wireless clients.

Wireless Authentication Methods- 802.1x

802.1x authentication uses usernames and passwords; certificates; or devices (e.g., smart cards) to authenticate wireless clients. Originally designed for Ethernet networks, the 802.1x standards have been adapted for use in wireless networks to provide secure authentication. 802.1x authentication requires the following components: A RADIUS server to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells but authenticate using the same account information. A PKI for issuing certificates. At a minimum, the RADIUS server must have a server certificate. To support mutual authentication, each client must also have a certificate. Use 802.1x authentication on large, private networks. Users authenticate with unique usernames and passwords. The wireless access point is a RADIUS client. The wireless access point forwards the wireless device's credentials to the RADIUS server for authentication.

Consider the following IP address that uses CIDR notation: 172.17.8.5/22 Which subnet mask corresponds to the CIDR notation used in this address?

A CIDR IP address of 172.17.8.5/22 specifies a 22-bit prefix length. Therefore, the subnet mask for this address is 11111111.11111111.11111100.00000000. In decimal notation, this is a subnet mask of 255.255.252.0.

Computer Configuration Policy

A Computer Configuration Policy is applied to the computer itself. Those settings will be applied no matter who logs on to the computer. In other words, Group Policy doesn't care who the individual user is—only which computer they're using.

Group Policy Object GPO

A Group Policy Object (GPO) is a virtual collection of policy settings. A GPO has a unique name, such as a GUID. Group Policy settings are contained in a GPO. ... Computer-related policies specify system behavior, application settings, security settings, assigned applications, and computer startup and shutdown scripts.May 31, 2018

MAC address

A MAC address is a hardware identification number that uniquely identifies each device on a network. The MAC address is manufactured into every network card, such as an Ethernet card or Wi-Fi card, and therefore cannot be changed.

Network Address Translation(NAT)

A NAT router translates multiple private addresses into a single registered (public) IP address. This lets the computers in the network use unregistered or private IP addresses, which are translated to a public IP address before leaving the network.

Reference Image

A Reference Image is used to take for example a vanilla Windows 10 image and customise it to fit your organisation. Your end game is to have a new Windows Imaging format (WIM) file to meet your company needs. For example, being update to date with patches and maybe the C++ Runtimes installed.

Trojan horse

A Trojan horse is a malware that is disguised as legitimate software. A Trojan horse has the following characteristics: The malicious software is usually hidden within useful software, typically a game. The legitimate part of a Trojan is called a wrapper. The malware is encapsulated within the wrapper. It infects the system when the wrapper software is run. A Trojan cannot replicate itself. Instead, it relies on end users to spread it manually. A Trojan may contain malware that turns the infected computer into a zombie (also called a bot). This allows the infected computer to be remotely controlled by a zombie master (sometimes called a bot herder) to conduct malicious attacks on other computers and networks.

Device Health Attestation

A Windows 10 feature that assesses the health of a device during boot, based on policies defined by the system administrator. DHA requires a TPM chip version 1.2 or 2.0.

Windows Domain (same as client server model)

A Windows domain, by definition, is a collection of security principles that share a central authentication database called Active Directory. You will need to configure a domain name.

Bitlocker

A Windows encryption feature that is used on full volumes and cannot be used on individual files or folders.

Virtual secure mode(VSM)

A Windows feature that utilizes virtualization extensions of the central processing unit. It is used to protect data in memory from malicious attacks.

Local Security Authority(LSA)

A Windows sub-security process that authenticates to the local system, stores security-related information, and creates access tokens.

Device Verifier Manager

A built-in Windows tool used to monitor device drivers and to detect issues and actions that might cause problems.

Intune

A cloud-based service that delivers Mobile Device Management (MDM) and Mobile Application Management (MAM). Intune is part of Microsoft's Enterprise Mobility + Security suite and focuses on enabling users while keeping data protected.

Intune

A cloud-based service that delivers mobile device management (MDM) and mobile application management (MAM). Intune is part of Microsoft's Enterprise Mobility + Security suite and focuses on enabling users while keeping data protected.

Analytics

A cloud-based service that integrates Configuration Manager to provide insights and intelligence for the management and readiness of Windows endpoints.

Autopilot

A cloud-based set of technologies used to setup and pre-configure new devices for end users. Autopilot helps join devices to Azure Active Directory (Azure AD) and auto-enroll devices into MDM.

Windows Assessment and Deployment Kit(Windows ADK)

A collection of Microsoft tools and technologies designed to help deploy Microsoft Windows operating system images to target computers or to a virtual hard disk image in VHD format.

Role

A collection of access rights, usually connected with an employee's responsibilities in an organization.

Microsoft Knowledge Base (KB)

A collection of articles written by Microsoft support professionals describing how an issue can or has been resolved. The Microsoft Knowledge Base is regularly updated, expanded, and refined to ensure that customers have access to the latest support information. Microsoft quality updates reference these KB articles.

EMM

A combination of MDM and MAM solutions in one package. Allows a system administrator to remotely manage a mobile device's hardware and applications.

PnPUtil

A command line tool that lets an administrator perform actions on driver packages.

Office Deployment Tool (ODT)

A command-line tool for deploying Office 365. It allows you to make determinations about things like language, hardware architecture, method of deployment, and choice of Office version.

Windows Secure Boot

A component of Windows operating system that helps protect the system during the start-up or boot process.

Counter

A counter is a specific statistic you can monitor. For example, for the PhysicalDisk object, you can monitor counters such as %Disk Read Time or %Idle Time.

You would like to utilize a device enrollment manager (DEM) Azure AD account to enroll your devices into Intune. What is the maximum number of devices a DEM account can enroll

A device enrollment manager (DEM) account is a special Azure AD account. It can be designated to enroll up to 1,000 devices and prepare them before they are given out to end users.

Digital license Purchasing Method

A digital license is used when Windows is obtained in one of the following ways: Upgrade to Windows 10 from an eligible device running a genuine copy of Windows 7 or Windows 8.1. Buy a Windows 10 Pro upgrade from the Microsoft Store app and successful activation of Windows 10. Upgrade as a Windows Insider to the newest Windows 10 Insider Preview build on an eligible device that was running an activated earlier version of Windows and Windows 10 Preview. Buy a genuine Windows 10 from the Microsoft Store app.

Common Directory Database

A directory database contains user accounts and security information for the domain. This directory database is known as the directory and is the database portion of Active Directory

Domain Controller

A domain controller is a Windows server that holds a copy of the Active Directory database.

Domain Controller

A domain controller is a server that contains a copy of the Active Directory Database.

Domain Controller

A domain controller is a server that holds a copy of the Active Directory database.

Domain

A domain is an administratively-defined collection of network resources that share a common directory database and security policies. The domain is the basic administrative unit of an Active Directory structure.

Dynamic Deployment Method

A dynamic deployment might utilize mobile device management, or MDM, to join the system to Azure Active Directory, or Azure AD.

Microsoft Defender Advanced Threat Protection

A enterprise security product that helps organizations detect and respond to security threats.

Dynamic Access Control(DAC)

A feature of Windows server systems that allows the system administrator to centralize control of access to files and folders based on file and folder attributes in combination with the attributes of the user.

Microsoft Deployment Toolkit(MDT)

A free tool from Microsoft, that automates the deployment of Windows and Windows Server operating systems.

Hardware ID

A hardware ID is a vendor-defined identification string that Windows uses to identify a device.

Central access policies

A list of central access rules that define the level of access a user has to data managed by DAC.

Access Control List(ACL)

A list of permissions granted to users and groups that are associated with an NTFS file or folder.

Input-output memory management unit (IOMMU)

A memory management unit (MMU) that connects a direct-memory-access-capable (DMA-capable) I/O bus to the main memory.

Domain

A network domain is an administrative grouping of multiple private computer networks or hosts within the same infrastructure. Domains can be identified using a domain name; domains which need to be accessible from the public Internet can be assigned a globally unique name within the Domain Name System.

swap file

A page (swap) file is used to move inactive data from RAM to the hard disk, thereby making more physical RAM available for active applications or data. A page file is also referred to as a swap file, pagefile, or paging file.

Page file

A page file is used to move inactive data from RAM to the hard disk, thereby making more physical RAM available for active applications or data. A page file is also referred to as a swap file, pagefile, or paging file.

Exploit Guard

A part of Windows Defender Security Center. It provides a defense against common attacks of known vulnerabilities. Exploit protection uses Windows Defender Antivirus (or whichever antivirus software is installed) to help mitigate exploit techniques used against your organization's apps.

Policy

A policy is a restriction or setting applied to the user or computer. Polices are configured using Group Policy on the local computer or in the domain.

Group Policy

A policy is a set of configuration settings applied to users or computers. Group policies allow the administrator to apply multiple settings to multiple objects within the Active Directory domain at one time.

Policy

A policy is a set of configuration settings that can be used to control the working environment of user accounts and computer accounts.

Config Manager

A powerful on-premises management tool designed for complex enterprise security, update, and compliance tasks as well as application deployment, management, and update. Formerly known as System Center Configuration Manager (SCCM).

Encryption

A process of translating data into an unreadable format or code to prevent unauthorized access to the data.

Product key Purchasing Method

A product key is used when Windows is obtained in one of the following ways: Buy a copy of Windows 10 from an authorized retailer. Have a Volume Licensing Agreement for Windows 10 or MSDN subscription. Buy a new or refurbished device running Windows 10. Buy Windows 10 from the Microsoft Store online. Windows 10 purchased from a retailer cannot be activated using volume licensing methods.

Provisioning package

A provisioning package (. ppkg) is a container for a collection of configuration settings.

Recovery key

A randomly generated key that can be used to recover a BitLocker encrypted volume.

VPN trigger

A rule that when configured will automatically enable the VPN connection.

Secure Desktop

A security mode in Windows 10 that prevents any tasks from being performed on the system until the user responds to the UAC prompt for consent. The secure desktop component is also important. Secure desktop makes the desktop unavailable whenever a UAC prompt is triggered to ensure that malicious software can't alter the display of the UAC prompt or automatically respond to the prompt to consent to privilege elevation for you.

Windows Defender Application Guard

A security tool built into Microsoft Edge that isolates browser sessions from the desktop in a virtual machine to prevent any malicious activity from reaching the desktop.

Windows Server Update Services

A server role available in Windows Server that provides a single source for updates within an organization.

Windows Deployment Services(WDS)

A server role that enables the deployment of Windows operating systems remotely.

Side-by-side migration

A side-by-side migration uses two computers to migrate user data from the source computer to a new computer. You install windows on one computer and copy the data from the old one onto the new.

Trusted Platform Module chip

A specialized chip built on the motherboard. This chip generates and stores encryption keys to protect boot files.

Data Recovery Agent(DRA)

A specialized user account that is created to decrypt any encrypted volume.

Unified Extensible Firmware Interface(UEFI)

A specification that defines a software interface between an operating system and platform firmware. UEFI replaces the legacy BIOS. Most UEFI firmware implementations provide support for legacy BIOS services.

Microsoft Deployment Toolkit (MDT)

A standalone program developed to make the processes of upgrading, creating, and deploying reference images more streamlined and flexible.

Subnet Mask

A subnet mask specifies where the network address ends and where the host address begins. In a single network if the host portion is in the last octet of an IP address, the subnet mask would be 255.255.255.0 If the packet were being sent to 192.168.2.1 on another network within your organization, your router would send the packet out to network 192.168.0.0, which has a subnet mask of 255.255.0.0. Anywhere there are 1s in the subnet mask, the corresponding bit in the IP address is a part of the network address. The 0s indicate the corresponding host address. In this case, there are twenty-four 1s in the subnet mask, meaning that the first 24 bits are used for the network address, and the last eight bits are used for the host.

Requirements for Windows Autopilot: Software and device requirements

A supported version of Windows 10 semi-annual channel is required. Windows 10 Enterprise 2019 long-term servicing channel (LTSC) is also supported. The following Windows editions are supported: Windows 10 Pro Windows 10 Pro Education Windows 10 Pro for Workstations Windows 10 Enterprise Windows 10 Education Windows 10 Enterprise 2019 LTSC

Which of the following describes a system image backup?

A system image backup consists of an entire volume backed up to .vhd files. It contains everything on the system volume, including the operating system, installed programs, drivers, and user data files.

User self-provisioning

A term that refers to end users who are able to install applications to their own devices.

Classification rules

A text string or regular expression used to scan files for matches.

Event Subscription

A tool that allows you to see events across multiple Windows systems.

Windows Performance Toolkit

A tool that analyzes a wide range of performance issues.

Windows Event Forwarding (WEF)

A tool that gathers events from other computers and forwards them to a single computer.

Windows Performance Analyzer(WPA)

A tool that reviews various aspects of performance on Windows.

Tree

A tree is a group of related domains that share the same contiguous DNS namespace.

Driver Store

A trusted collection of inbox and third-party driver packages.

Access Token

A unique security key that contains credentials that are used by the system to determine the privilege level of the user.

User Profile Elements 1

A user profile consists of two elements. The first element is the user's profile folder.This folder is used for things like storing applications and other system component settings specific to each user. [Windows XP, the user's profile folder is in a subfolder of the C:\Documents and Settings folder. After XP, Microsoft moved the user profile folder to C:\Users, so you have something like C:\Users\Ethan.]

Readiness Toolkit

A utility that helps you determine compatibility of your devices with Office 365.

Credential Guard

A virtualization-based isolation technology for LSASS that prevents attackers from stealing credentials.

Which of the following is a characteristic of a virus?

A virus cannot run by itself. It must be attached to a legitimate program or file. When the user opens the file or executes the program, the virus runs.

Untrusted site

A website that is not approved or has a certificate from an unknown issuer.

Wipe-and-load migration

A wipe-and-load migration backs up the user data to an external destination. After reinstalling Windows on the source computer, it restores the data from the external destination.

Devices on a wireless network include:

A wireless network interface card (NIC) for sending and receiving signals. A wireless access point (WAP) that is the equivalent of an Ethernet hub. The wireless NICs connect to the WAP. The WAP manages network communications between wireless hosts. A wireless bridge connects two WAPs into a single network or connects a WAP to a wired network.

Worm

A worm is a self-replicating program. A worm has the following characteristics: A worm does not require a host file to propagate. It automatically replicates itself without an activation mechanism. It does not rely on a user to activate it. Typically, a worm infects one system and then spreads itself to other systems on the network.

How to downgrade Windows version from Windows 10, i.e. 10 to 8.1

Access Settings, Update and Security, then choose Recovery. Here you will see the option to go back to the previous version. this downgrade option is only available for 10 days though. You may also have to reinstall some of your apps after the downgrade.

To make a computer a member of a workgroup:

Access the System Configuration App. Right-click Start, then select System. From the right pane, select System info. Under Computer name > domain, and workgroup settings, select Change settings. From the Computer Name tab, click Change and enter the name of the desired workgroup.`

Which of the following are commonly used advanced auditing categories?

Account Lockout, Removable Storage, and Certification Services are all advanced auditing categories.Some other common advanced auditing categories are: Credential Validation Account Lockout Certification Services Windows Filtering Platform Removable Storage

Where do you go on Windows Server to configure Dynamic Access Control?

Active Directory Administrative Center

Active Directory

Active Directory is a centralized database that contains user account and security information.

You must continue using Internet Explorer 11 if web apps use any of the following:

ActiveX controls X-UA-Compatible headers <meta> tags with an http-equivalent value of X-UA-Compatible header Enterprise Mode or compatibility view to address compatibility issues Legacy document modes Browser helper objects Visual basic scripts

Each app in Intune goes through a life cycle. Intune provides a full range of tools to help manage apps during each of the following phases:

Add Deploy Configure Protect Retire

The following are the four methods for allowing users to enroll their Windows 10 devices:

Add a work or school account. Enroll in MDM only. Perform an Azure AD join during OOBE (Out of Box Experience). Use Windows Autopilot.

Desktop users access an in-house application that is hosted on your intranet web server. When users click a specific option in the application, they receive an error message that the pop-up was blocked. How do you configure the security settings so that users can see the pop-up without compromising overall security?

Add the URL of the website to the Local intranet zone. Add the URL of the intranet website to the Local intranet zone. This gives the website a higher security clearance. By default, the Local intranet zone turns the pop-up blocker off. This allows pop-ups for all sites in the zone. When you change the filter level in pop-up blocker to Medium or High, it still blocks pop-ups. If you disable the Pop-up blocker, all pop-ups are displayed.

You would like to configure Event Subscriptions on your Windows system to forward events to a network server. You need to configure your computer as a source computer for a collector-initiated subscription. Which of the following will be part of your configuration?

Add the collector computer to the Event Log Readers group. Run the winrm qc command.

There are registry-based settings that can be configured within a GPO to control the computer and the overall user experience, such as: Use of Windows features such as BitLocker, Offline Files, and Parental Controls Customize the Start menu, taskbar, or desktop environment Control notification. Restrict access to Control Panel features Configure Internet Explorer features and options What are these settings known as?

Administrative Templates

Administrative Templates

Administrative templates are registry-based settings that you can configure within a Group Policy object. They're very useful. You can forgo editing the registry or making configuration changes in Control Panel or the Settings app individually on every single computer in your network. Instead, just use the settings under administrative templates within Group Policy to control the computer configuration and centrally manage the user experience.

AD Centralized Administration

Administrator can manage and secure their network resources and security objects from a single point.

Administrator User

Administrators have complete control of the system and as such can perform tasks such as: Change global settings Create/delete users Install applications Run applications in an elevated state Access all files on the system

Select option that best describes network fencing.

Admins can keep devices outside their corporate network from accessing enterprise resources.

Adware

Adware monitors actions to identify personal preferences. Then it sends pop-ups or other types of advertisements that align with those preferences. Adware has the following characteristics:It is usually passive in nature.It invades the user's privacy without their permission.Spyware may be installed when a user visits a malicious website, installs an infected application, or opens an infected email attachment. Typically, spyware is less destructive than other types of malware. It is typically more annoying than harmful.

Requirements and License To use Desktop Analytics, your environment must meet the following prerequisites [User devices]

All devices must be running Windows 7, Windows 8.1, or Windows 10. All devices should have: The latest service packs and updates installed. Configuration Manager client, version 1902 with update rollup (4500571) or later installed. Network connectivity from the devices to the Microsoft public cloud.

Objects

All network resources in Active Directory are stored as objects, such as a user, group, computer, and printer.

LoadState f:\UserA_Profile /i:migapp.xml i:miguser.xml /ui:UserA /ue:* /lac /lae what happens if you don't specify a password after /lac?

All of UserA's information is migrated, and UserA's account is disabled. If the password is not specified using the LoadState command when the account is created, the information is migrated, and the account is disabled.

Attack surface

All points in a software environment where an attacker can try to enter data into or extract data from an environment.

Operating System-Directed Configuration(OSPM)

All power configuration settings are controlled by the operating system using ACPI.

You have installed a new Windows 10 system, and you have not changed the default configuration of the Windows Firewall. How will the Windows Firewall handle inbound traffic that was initiated from an external server that a hacker is using to spread a worm?

All such traffic is blocked by default.

Upgrade Windows 10 edition using a product key

All you have to do is apply a new product key in settings and you'll be able to upgrade immediately because everything is already installed. The new key just unlocks it.

MDM

Allows IT administration to remotely manage a mobile device. Generally allows for tracking devices, pushing apps and updates, managing security settings, and remotely wiping the device.

Windows Defender Application Control

Allows you to control your Windows 10 devices by creating policies that define whether a specific driver or application can be executed.

IPv4 Addressing

An IPv4 address is a 32-bit binary number represented as four octets (four 8-bit numbers). Each octet is separated by a period. IPv4 addresses can be represented in decimal notation (e.g., 131.107.2.200, where each octet must be between 0 and 255) or binary notation (e.g., 10000011.01101011.00000010.11001000, where each octet is an 8-character number).

Access tokens

An access token is created for each user in Windows. It includes the user's SID as well as the SID for each security group of which the user is a member (these indicate their rights within the system). User rights are privileges that the user has that are defined through either local or domain Group Policy settings. Any time a user tries to access an object, the system checks the user's access token with all its SIDs against its own access control list (ACL). The ACL contains a list of SIDs that are allowed to access the file or folder object as well as the level of access that each SID has been granted.

Requirements and License To use Desktop Analytics, your environment must meet the following prerequisites [Subscription]

An active global Azure subscription, with Global Admin permissions. Microsoft Accounts aren't supported.

Ad-hoc

An ad-hoc network is a temporary network that works in peer-to-peer mode.

Dynamic Lock

An added security feature that can be configured in the sign-in settings. It requires a smartphone that can be connected through Bluetooth to the workstation. It works by automatically locking the computer when the user walks away with the smartphone.

User State Migration Tool

An advanced tool used to migrate user profiles and data from one computer to another. USMT is good for large-scale migrations and also works for small-scale migrations.

UEM

An all-in-one device management solution. Allows a system administrator to manage local and mobile devices, including Internet of Things devices.

Repair Feature

An application management option available for some applications that searches for corrupted or missing files in the application and replaces them. You can access the Repair feature in Programs and Features within the Control Panel.

Asymmetric key

An encryption method that uses a public key to encrypt data, but a private key to decrypt the data.

Symmetric key

An encryption method that uses the same key to encrypt and decrypt data.

Advanced Configuration and Power Interface(ACPI)

An industry specification used by Windows to communicate with the hardware components to configure, monitor, and manage the power used.

Infrastructure

An infrastructure mode wireless network employs an access point that functions like a hub on an Ethernet network.

Object

An object is a statistic group which often corresponds to a specific type of hardware device or software process.

File System Policies

Another set of Group Policies affect the file system. You can use File System Policies to configure file and folder permissions that apply to multiple computers.

What does Exploit protection use to help mitigate exploit techniques?

Antivirus software Exploit protection is a component of Exploit Guard that uses Windows Defender Antivirus (or whichever antivirus software is installed) to help mitigate exploit techniques used against your organization's apps.

Feature Updates

Are similar to getting a new OS Are released about every 6 months Provide significant changes Visual improvements New features Are identified by a version number such as 1903, which is the year/month it was released.

You've decided to use a subnet mask of 255.255.192.0 with your 172.17.0.0 network to create four separate subnets. The network ID for one of the subnets is 172.17.0.0. You are installing the first host (a server) on this subnet, and you want to assign the lowest numbered IP address possible to this system. What should you do?

Assign the system an IP address of 172.17.0.1. Using a subnet mask of 255.255.192.0 on the 172.17.0.0 network creates the four following subnets: 172.17.0.0 172.17.64.0 172.17.128.0 172.17.192.0 172.17.0.1 is the first available IP address on the 172.17.0.0 subnet. 172.17.64.1 is the first available IP address on the 172.17.64.0 subnet. 172.17.128.1 is the first available IP address on the 172.17.128.0 subnet. 172.17.192.1 is the first available IP address on the 172.17.192.0 subnet.

To enable Enterprise Mode for a computer, complete the following steps:

At the computer, open the Local Group Policy Editor. To launch the Local Group Policy Editor, press the Windows key + R.Type gpedit.msc in the Run dialog and press Enter. From the left pane, expand and select Computer Configuration > Administrative Templates > Windows Components > Internet Explorer. From the right pane, double-click Let users turn on and use Enterprise Mode from the Tools menu and then select Enable. Click OK.

Which capability of Windows Defender Advanced Threat Protection provides the first line of defense in the stack by ensuring that configuration settings are properly set and exploit mitigation techniques are applied?

Attack Surface Reduction

What are the vectors that an attacker can use to enter or extract data from an environment called?

Attack surface

Attack surface reduction rules

Attack surface reduction rules uses rules to help prevent attack vectors implemented by scripts, emails, and office-based malware. This is based on Windows Defender Antivirus.

What is the name of the process of submitting and checking credentials to validate or prove user identity?

Authorization

DHCP Server

Automates the process of assigning IP addresses, subnet masks, and default gateway addresses to network hosts. Delivers DNS server addresses and other configuration information to hosts.

Azure Active Directory Join

Azure Active Directory (AD) join is intended for organizations that want to be cloud-first or cloud-only. In other words, joined only to Azure AD. Azure AD join is primarily intended for organizations that do not have an on-premises Windows Server Active Directory infrastructure. The goal of Azure AD join is to simplify: Windows deployments of work-owned devices. Access to organizational apps and resources from any Windows device. Cloud-based management of work-owned devices. User sign in to devices with Azure AD or synced Active Directory work or school accounts. For example, with Azure AD join, an organization member needs to provide only the work or school user ID and password. The device can then be automatically joined to Azure AD and enrolled in a mobile device management (MDM) solution with no additional user interaction. From that point, the MDM solution can finish configuring the device settings when needed.

Azure Active Directory

Azure Active Directory (Azure AD) is Microsoft's enterprise cloud-based identity and access management (IAM) solution. Azure AD is the backbone of the Office 365 system, and it can sync with on-premise Active Directory and provide authentication to other cloud-based systems via OAuth.

Bluetooth vs Wifi Direct

Bluetooth 4.0 moves data at 25 Mbps whereas Wi-Fi Direct moves data at 250 Mbps.

The vendor of your accounting software recently released an update that you downloaded and installed on your Windows system. Unfortunately, now your accounting software crashes when launched. Which action can you take to get your system running properly as quickly as possible without losing your accounting files? (Select two. Each answer is a possible solution.)

Boot the system from a recovery drive and click Troubleshoot > Advanced Options > System Restore. In Control Panel, go to System and Security > System > System Protection > System Restore.

To upgrade from Media,

Boot to Windows, open the installation media file and run setup.exe

IPv6 Facts Built-in Quality of Service(QoS)

Built-in QoS support enables bandwidth reservations to make guaranteed data transfer rates possible.

By default, when does Windows Security check for new updates?

By default, Windows Security checks for new updates every time a system scan takes place.

How to calculate your subnet mask

Calculate the number of 1's in an IP

You have configured a folder so that only users that have the Manager property listed in Active Directory can access it. What component of Dynamic Access Control is being implemented?

Central Access Rules Because you have configured a rule for access based on a specific condition, this is a Central Access Rule. Central Access Rules are rules that include a condition that must be matched for permission assignments to be made.

Central Access Rules

Central Access Rules are rules that include a condition that must be matched for permission assignments to be made.

Where should the network administrator go to manage certificates for all users on the system?

Certificate Manager Console

Security Moves for your network

Change the administrator account name and password Change the SSID from the default value Update the firmware (Frequently update the firmware on the access point to prevent your system from being exposed to known bugs and security holes. Most access point manufacturers provide firmware updates on their web sites.) Enable the firewall on the access point (Most wireless access points come with a built-in firewall in between the wireless and wired networks.) Disable DHCP (DHCP servers dynamically assign IP addresses, gateway addresses, subnet masks, and DNS addresses whenever a computer on the network starts up, regardless of whether the host is authorized to use the network or not. Disabling DHCP on the wireless access points makes it more difficult for unauthorized hosts to connect to other hosts on the network because an attacker must manually determine the valid static IP addressing parameters.) Enable MAC address filtering (Every network interface has a unique address assigned to it called a MAC address. By specifying the MAC addresses that are allowed to connect to your network, you can prevent unauthorized MAC addresses from connecting to the access point. Be aware that initially implementing MAC address filtering is very time consuming and can be difficult to maintain as authorized systems are added to and removed from your network. Note that attackers can still use tools to capture packets and retrieve valid MAC addresses. An attacker could then spoof the MAC address to bypass this filter.) Limit the Signal Range

Code integrity

Checks drivers and system files on your device for signs of corruption or malicious software.

When you initially set up your Windows 10 system, you configured it to create regular backups. You have also kept an up-to-date system image. Recently, your system has been experiencing serious issues. At first, the system would boot and let you log on, but then it would crash within a couple minutes. You tried booting from the installation DVD, clicking the Repair your computer option, and running Startup Repair and System Restore to resolve the issue. Both of these options failed to recover your system. You want to avoid losing installed applications and data. You have again booted from the installation disc.

Click Repair your computer. Click Troubleshoot. Run the System Image Recovery option.

To install Windows Defender Application Guard using PowerShell:

Click the search icon in the Windows 10 taskbar and type PowerShell Right-click Windows PowerShell and then click Run as administrator Enter the Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard command Restart the device

Windows Azure Active Directory

Cloud based domain controlling service that can replace a physical domain controller in your network or even work in conjunction with an local active directory in your system.

These are executed at a PowerShell prompt to perform system management tasks.

Cmdlets

About USMT

Comes with Windows ADK The programs included with USMT are command-line-based tools, so you must run them from an administrator command prompt or from PowerShell. It's also important to note that there are different versions of the programs to migrate data based on the type of platform being used, 32-bit or 64-bit. You click on either the 32 or 64-bit folder depending on what system you have. for 32 use the 86 folder

This is text-based and uses a simple command syntax.

Command line interface

Traditionally, Windows has provided user profiles so users can save settings, files, and registry settings. Profiles fall into five types: Type 4

Compulsory or Super-Mandatory profiles- Compulsory profiles are much like mandatory profiles except the user is required to get the assigned locked-down profile. If unable to access it, the user will not be able to log in. Users will not get a temporary profile; they won't be able to log in.

Computer Configuration Policies

Computer Configuration policies (also called Machine policies) are enforced for the entire computer and are applied when the computer boots. Computer Configuration policies include: Software that should be installed on a specific computer Scripts that should run at startup or shutdown Password restrictions that must be met for all user accounts Network communication security settings Registry settings that apply to the computer (the HKEY_LOCAL_MACHINE subtree) Computer Configuration policies are initially applied as the computer boots and are enforced before any user logs on.

Computer Objects

Computer objects are used to uniquely identify and manage Windows-based domain clients within Active Directory. They are used to specify computer names, locations, properties and access rights

Conditional access

Conditional access polices look at device compliance to rules. The device is allowed or blocked from access to company resources based on compliance to rules.

Requirements and License To use Desktop Analytics, your environment must meet the following prerequisites [Configuration Manager]

Configuration Manage version 1902 with update rollup (4500571) or later. Requires the Full Administrator role in Configuration Manager.

In order to implement co-management in your environment, you will need the following:

Configuration Manager version 1710 or later Windows 10 v1709 or later Azure Active Directory Access to Intune in the Microsoft Cloud Licensing Permissions and roles in Azure

Before Windows Autopilot can be used, configuration is required to support the common Autopilot scenarios. What do you have to do to begin?

Configure Azure Active Directory automatic enrollment. Configure Azure Active Directory custom branding. In order to display an organization-specific logon page during the Autopilot process. Enable Windows Subscription Activation to automatically step up from Windows 10 Pro to Windows 10 Enterprise.

You would like to configure your Windows desktop system so that an event is recorded any time a user successfully or unsuccessfully logs on. How can you configure settings so you do not also record logoff events?

Configure advanced Audit Policies in the Local Security Policy.

Set up Defender ATP with Intune as follows:

Connect the Intune and Defender ATP systems. Devices in Intune are then configured to communicate with Defender ATP. Configure the security policies in Defender ATP and Intune. Any devices that do not comply with the security policy are blocked.

Controlled folder access

Controlled folder access helps protect against ransomware and malware by preventing changes to files in protected folders if the app attempting to make changes is malicious or exhibits suspicious behavior. This also requires Windows Defender Antivirus.

Your company has started the transition to IPv6. You need to configure records on the DNS server so that clients can submit a hostname query and receive back an IPv6 address for the specified host. What should you do?

Create AAAA records. An AAAA record maps a DNS hostname to a 128-bit IPv6 address.

Your company has started the transition to IPv6. You need to configure records on the DNS server so that clients can submit an IPv6 address and receive the hostname for that computer. What should you do?

Create PTR records A PTR record maps an IP address to a hostname. These records are often called reverse lookup records because they enable IP address to host name resolution (instead of host name to IP address resolution). A PTR record can be used for either IPv4 or IPv6 (IPv6 records are created in a different location on the DNS server).

You are concerned about system performance while running the application. You would like to be able to view the current statistics for the processor, memory, and disk reads and writes. You only want to see these statistics and no others, and you want to be able to easily save the configuration so that the same statistics are shown each time. What should you do?

Create a Data Collector Set in Performance Monitor. Use Data Collector Sets to define statistics to gather over time. These statistics are saved to a file. You open the file to analyze the statistics. You cannot view current statistics from a defined Data Collector Set.

Essential Upgrade Steps with MDT

Create a deployment share the DS is a shared folder or depository for the OS images, language packs, applications, device drivers, and other software that will be used during the upgrade process. Import Windows operating systems they need to be imported from the ISO or dvd. Whatever OS's you add will be the ones available during the device upgrades. Create task sequences You can create task sequences by clicking one of the several templates provided by the tool. You'll always use the Standard Client Upgrade Task Sequence for in place upgrades. This is used to install the OS using a predetermined script.

Using USMT over a network share

Create a network share to hold the transfer files. After downloading the Windows Assessment and Deployment Kit (Windows ADK), run the installer and install the User State Migration Tool (USMT) feature. Copy the USMT files to the network share.These files can be found in C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\User State Migration Tool. You must run the 32-bit version of USMT (located in the x86 folder) on 32-bit clients and the 64-bit version of USMT (located in the amd64 folder) on 64-bit clients. Decide what you want to migrate from the source computer to the destination computer.Use the /GenMigXML option with ScanState to see which files will be included in the migration.When used with ScanState, a simulated capture is run and the results are exported to an .xml file. Viewing the exported file can help you determine whether any modifications to the other .xml files are necessary to capture what needs to be migrated.Example: ScanState /GenMigXML:C:\test.xmlIf necessary, customize the MigApp.xml, MigUser.xml, MigDocs.xml, and Config.xml files to configure what you want included in the migration. A best practice is to make changes to copied versions of these files. On the source computer, complete the following tasks:Close all running applications and files.Open Command Prompt as the administrator, run ScanState.exe, and save the migration data to the network share.The following is an example of the command format if your network share was mapped to the F: drive:ScanState f:\Cathys_Profile /i:migapp.xml /i:miguser.xml /ui:cathy /ue:*In this example:Cathys_Profile is the folder that will be created and contain the migrated information./i:migapp.xml /i:miguser.xml are the two .xml files that are used to determine what will be collected./ui tells ScanState what user to migrate. In this case, the user is named Cathy./ue tells ScanState to ignore all other users. On the target computer, complete the following tasks:Install the desired operating system.Install all applications that were installed on the source system. The application versions on the source and destination systems must match.Shut down any running applications and close all files.Open a Command Prompt window as the administrator and run LoadState.exe using the path to the network share.Example: LoadState f:\Cathys_Profile /i:migapp.xml /i:miguser.xml /ui:cathy /ue:* /lac:P@ssw0rd /laeIn this example:/lac:P@ssw0rd indicates that a local account will be created and then assigned a password of P@ssw0rd./lae indicates that the local account should be enabled.Log in as a migrated user and verify that all profile data was migrated correctly.

Desktop Analytics with Configuration Manager can be used to:

Create an inventory of apps running on the organization's devices. Assess the compatibility of apps with the latest Windows 10 feature updates. Identify compatibility issues, based on cloud-enabled data insights, and receive mitigation suggestions. Create pilot groups that represent the entire application and driver inventory across a minimal set of devices.

Crimeware

Crimeware is designed to facilitate identity theft by gaining access to a user's online financial accounts, such as banks or online retailers. Crimeware can: Use keystroke loggers, which capture keystrokes, mouse operations, or screenshots and transmits those actions back to the attacker to obtain passwords. Redirects users to fake sites designed to steal private user data. Steal cached passwords. Crimeware typically conducts transactions in the background after login.

DNS (Domain Name Server) resolution

DNS (Domain Name Server) resolution is the process of translating IP addresses to domain names. When a profile is configured to look up all numeric IP addresses, Webtrends makes a call to the network's DNS server to resolve DNS entries. Each computer has its own IP address. ... Note: Not all IP addresses can be resolved.

Which GPO contains a policy you can enable to guard all computers in the domain against this security breach?

Default Domain Policy The Default Domain Policy GPO contains a policy you can enable for all computers in a domain that prevents anyone from trying multiple passwords to see if they can guess login information. Group Domain Policy, Group Security Policy, and Domain Security Policy do not contain a policy to guard all computers in the domain against this security breach.

netsh wlan delete profile name=[profile name]

Deletes a wireless profile

Deployment profiles

Deployment profiles are a group of settings that specify the exact behavior of that device when it deployed.

Which Windows feature can you use to protect your network from malware threats that might be on your users' mobile devices?

Device Health Attestation Device Health Attestation (DHA) evaluates the health of the device based on guidelines configured in security policies. The settings that can be checked are: Require code integrity Require Secure Boot Require BitLocker encryption

Which Windows feature can you use to protect your network from malware threats that might be on your users' mobile devices?

Device Health Attestation (DHA) evaluates the health of the device based on guidelines configured in security policies.

IPv6 Facts Multiple IP addresses per device

Devices can have multiple IPv6 addresses, each with its own purpose. Each address can be on a different subnet and have a different subnet ID. This is referred to as multinetting or secondary addressing.

Windows 10 Subscription Activation

Devices running Windows 10, version 1703 or later, can take advantage of online subscription services which allow a device to step-up to a higher version of Windows. The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, and later standing up on-prem key management services such as Key Management Service (KMS) or Multiple Activation Key (MAK), entering Generic Volumne License Keys (GVLKs), and subsequently rebooting client devices. Examples: Devices with a current Windows 10 Pro license can be seamlessly upgraded to Windows 10 Enterprise if they are subscribed to Windows 10 Enterprise E3 or E5. Product key-based Windows 10 Enterprise software licenses can be transitioned to Windows 10 Enterprise subscriptions

The following constitutes a built-in Intune policy. Each device enrolled in Intune has the built-in policy applied.

Devices with no compliancy policy are marked as compliant or not compliant (recommended). Enhanced jailbreak detection is enabled or disabled. Compliance status validity period in days; 30 days is the default.

What should you do before you install a third-party anti-malware program?

Disable Windows Security.

Local Group Policy

Done computer to computer, used for small networks

Driver Staging

Driver staging is the process of manually downloading and importing the drivers into the driver store or other authorized locations.

Activation Process for Product Keys 2 Steps

During the installation of Windows, two identifiers are created that uniquely identify the system:A unique product ID (PID) is created using the product key entered during the installation process.Based on the system hardware, a unique hardware ID (HWID) is created. Every hardware component in the system has a unique serial number assigned to it. During installation, Windows runs a mathematical formula against each device's serial number to create a one-way hash for each component. Then four to ten bits (depending on the type of component) are extracted from each device's hash to generate an eight-bit HWID that uniquely identifies the system. When the activation process is initiated:The system sends a handshake request containing:The system's PID.The system's HWID.The version number of the activation software running on the system.A unique request ID number that is associated with the specific system.Microsoft verifies that the license associated with the PID allows the system to be activated.If activated, Microsoft associates the PID with the system's HWID. This prevents the same product key from being reused to activate Windows on a different system.A confirmation is sent back to the system in the form of a digital certificate signed by Microsoft, indicating the system has been successfully activated. Thereafter, the system's HWID is recalculated every time the system is booted. The recalculated HWID is compared against the HWID used to originally activate the system. If the HWID hasn't changed substantially, then the system remains activated. However if the HWID has changed substantially, the system deactivates and must be reactivated. This ensures that the activated copy of Windows is still running on the same physical hardware. Any change to the system hardware will cause its HWID to change. For example, if you were to remove the system's DVD drive and replace it with a Blu-ray drive, the HWID will change. Fortunately, the hardware in the system must change significantly before the system is deactivated. Some system hardware is weighted more heavily when calculating the HWID. For example, the network card is weighted heavier than any other component. As long as the same NIC remains in the system, six other hardware components can change before reactivation is required. However, if you install a new NIC in the system, then you can change only two other hardware devices in the system without reactivating. If you change a third device, reactivation is required. Because replacing the motherboard and CPU actually replaces several major components in the system (including the network card), the HWID of the system has changed significantly, and Windows must be reactivated. The system's PID will not change unless a new product activation key has been installed. The HWID has changed significantly because several new hardware components have been added to the system. Windows needs to be reactivated because the original hardware used to calculate the HWID has been removed.

Encrypting File System

EFS encrypts individual files and folders. It is included in the NTFS file system.

How are Enterprise State Roaming (ESR) profiles different from other traditional user profiles?

ESR keeps corporate and personal data separate. In this manner, corporate data is always protected. ESR syncs user and app settings on their Windows 10 devices to the cloud.

How many Windows Defender Application Control (WDAC) policies can a computer system have defined for it?

Each Windows 10 device can only have a single Windows Defender Application Control policy defined for it.

Workgroup Model facts

Each computer must be configured manually. You don't need special hardware to get it working, so it's easy and inexpensive to set up. It's not easy to manage because there's no centralized control. You can share resources in the system through the LAN connection, which is how the machines communicate. It's hard to back up data because there's no central host where everyone makes saves. You'll have to decide what data to save, and probably back up each host individually. To save or access data on another host, you will need to duplicate the other host's user account with the same login information on your own host in order to access their files, and vice versa. All authentication happens locally. All security settings are also managed locally. You need to configure a workgroup name.

You work on a Windows desktop system that is shared by three other users. You notice that some of your documents have been modified. You decide to use auditing to track any changes to your documents. In the Audit Policy in the Local Security Policy, you enable auditing of successful object access events. To test auditing, you make changes to some files. But when you examine the computer's Security log, no auditing events are listed. How can you make sure an event is listed in the Security log whenever one of your documents is modified?

Edit the Advanced Security properties of the folder containing your documents.

You work on a Windows desktop system that is shared by three other users. You notice that some of your documents have been modified. You decide to use auditing to track any changes to your documents. In the Audit Policy in the Local Security Policy, you enable auditing of successful object access events. To test auditing, you make changes to some files. But when you examine the computer's Security log, no auditing events are listed. How can you make sure an event is listed in the Security log whenever one of your documents is modified?

Edit the Advanced Security properties of the folder containing your documents. Object access events occur when a user accesses any object with its own access control list (a file, folder, registry key, or printer). In addition to enabling auditing of these types of events, you must also edit the properties of the specific objects you want to audit and define what type of access is appropriate for the object you want audited.

For several months, your Windows computer acted like a server in the workgroup. It was optimized to share files and folders to the other computers. You no longer need the computer to act like a server. Now, you want the computer to focus on applications. After installing the applications, you believe the computer is not reacting quickly enough while using the applications. You know the machine has enough video memory and physical memory to handle the applications. What should you do?

Edit the Processor Scheduling settings.

The two main objectives for MDM policies are:

Empower users to be productive wherever and whenever they want. Protect the organization's valuable data and assets.

Which of the following PowerShell commands enable Application Guard in Standalone mode?

Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard

To access the PowerShell prompt on the remote system, use the

Enter-PSSession cmdlet. The syntax is: Enter-PSSession -ComputerName remote_computer_name -credential user Example: Enter-PSSession -ComputerName FS2 -credential Susan

network segment

Ethernet. According to the defining IEEE 802.3 standards for Ethernet, a network segment is an electrical connection between networked devices using a shared medium. In the original 10BASE5 and 10BASE2 Ethernet varieties, a segment would therefore correspond to a single coax cable and all devices tapped into it.

The WPR and the WPA use a trace capture and analysis model. The flow of the model is:

Event Tracing for Windows (ETW) is enabled using WPR. ETW can be enabled or disabled without restarting the system. System behavior is captured. ETW tracing stops and the data is saved to a trace file. Trace files are available for analysis using WPA.

Logs significant events on a computer such as when a process encounters an error.

Event Viewer

Event Viewer

Event Viewer is a utility used to check Windows log files.

You manage a Windows network environment. As part of your IPv6 migration strategy, you have implemented ISATAP on your network. You would like to test the communication of a client computer using ISATAP. What should you do?

Explanation IPv6 addresses used with ISATAP use a prefix of FE80::/16. The remaining prefix values are set to 0. The first two quartets of the interface ID are set to 0000:5EFE. The remaining two quartets use the IPv4 address written in either dot-decimal or hexadecimal notation.

Windows 10 Pro Exploit Guard

Exploit protection Controlled folder access

Windows 10 Enterprise E5 & Windows 10 Education E5 Exploit Guard

Exploit protection Controlled folder access Network protection Attack surface reduction rules

Windows 10 Home Exploit Guard

Exploit protection Controlled folder access

Windows 10 Enterprise E3 & Windows 10 Education E3 Exploit Guard

Exploit protection Controlled folder access Network protection

On Windows 10, backups can be created using the following tools:

File History Backup and Restore (Windows 7) Windows Backup OneDrive

The following are true regarding File History backups or restore points:

File History only works on NTFS partitions. File History is turned off by default and must be enabled to benefit from its functionality. The File History tool can be used without the involvement of IT workers. The users can easily restore their own files and folders. File History can be used to recover entire user folders, user libraries, desktop folders, and offline OneDrive files. File History backups use Volume Shadow Copy (VSS), which runs in the background and does not interfere with computer performance. When you view the history of a file, it is opened in read-only mode. You can browse through a previous version of a folder and navigate the directory structure. You can copy the previous version of the file to a new location or restore it to the same location. This overwrites the existing version.

Which Windows Server feature must be installed before Dynamic Access Control can be implemented?

File Server Resource Manager File Server Resource Manager must be installed before Dynamic Access Control (DAC) can be implemented. This is done through the Add Roles and Features function in Server Manager.

What are some security measures Microsoft has implemented to protect your system against users trying to use PowerShell for malicious purposes?

File extension, script's full path, and execution policies

Which action can you take to see disk activity performance for an application running on your Windows system?

Filter by the application in Resource Monitor.

Desktop Analytics

First of all, Desktop Analytics with Configuration Manager can be used to create an inventory of apps running in your organization. It can be used to assess app compatibility with the latest Windows 10 feature updates. It can identify compatibility issues and receive mitigation suggestions based on cloud-enabled data insights. It can also be used to create pilot groups that represent the entire application and driver estate across a minimal set of devices. You can use it to deploy Windows 10 to pilot and production-managed devices.

Windows Autopilot Process (Troubleshooting Guide)

First of all, it's important to think about the Autopilot process. This helps you find exactly where and what the problem is. The first step of the process is Windows connecting to the network and internet. Next, the Windows Autopilot Deployment Service delivers the deployment profile and configures the device. The user is then prompted to enter their Azure Active Directory credentials, or Azure AD credentials. Azure AD then verifies them and the device is join to the directory. Devices in Azure AD are auto-enrolled in the mobile device management service, or MDM service. The final thing that happens is the MDM downloads all the policies, settings, and apps. The device is ready to use with these four steps completed.

How does Upgrade Readiness work in Windows?

First, Upgrade Readiness analyzes system, application, and driver telemetry data to determine when computers are ready to upgrade This data is then sent to a secure Microsoft data center through the Microsoft data management service. The diagnostic data is analyzed by the Upgrade Readiness service after you've configured the service. This information is then pushed down to your organization's management solution. Then you can use the Upgrade Readiness solution to decide on your Windows 10 upgrades. If you're using Azure Portal or Azure Log Analytics, you can find Upgrade Readiness there. In general, Upgrade Readiness automatically recommends which devices are able to be upgraded and which ones you might have issues with.

Account Policies

First, we have Account Policies. We use Account Policies to control such things as password settings, account lock out settings, Kerberos settings, and more.

Mobile Application Management(MAM)

Focuses on managing the applications on a mobile device, not the device itself. This allows a system administrator to remotely install or remove organizational apps and also disable certain functions within the apps.

You have implemented mobile device management (MDM) as well as mobile application management (MAM) via Intune. Which will take precedence for corporate-owned devices?

For the employees with corporate-owned devices, the MDM user scope always takes precedence over the MAM user scope. The device is enrolled into Intune.

You have implemented mobile device management (MDM) as well as mobile application management (MAM) via Intune. Which will take precedence for personal devices?

For the employees with personal devices, the MAM user scope takes precedence over the MDM user scope. Windows Information Policies are applied, and the device is not enrolled into Intune.

How do you make sure that people on a work network can see your fileshares?

For your project folder to be visible to your team at work, you must turn on Network discovery and File and printer sharing in the Domain network profile.

Configuration Manager

Formerly known as System Center Configuration Manager (SCCM), Configuration Manager is a powerful on-premises management tool used to manage complex enterprise security, updates, and compliance tasks as well as deploy, manage, and update applications. Configuration Manager provides OS deployments and imaging capabilities.

Fresh Start

Fresh Start is a Windows 10 tool used to reset a Windows system. It can reinstall the Windows OS while keeping the users and the user data.

How can you generate a report that includes suggestions for ways to improve the performance of your system?

From Command Prompt, run perfmon /report. From Performance Monitor, under Data Collector Sets, run System Diagnostics.

To configure and use Controlled folder access:

From the Group Policy Management Editor (on your server), navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access. Double-click Configure Controlled folder access. Select Enabled. Using the Options drop-down, select one of the following: Disable (Default): this stops the Controlled folder access feature. Block: suspicious or malicious software cannot make changes to protected folders. Audit Mode: tracks rather than prevents changes to protected folders. Block disk modification only: prevents untrusted apps from writing to disk sectors. Audit disk modification only: audits untrusted apps that write to disk sectors.

After the prerequisites are met, you can use Group Policy to enable Windows Defender Credential Guard. This adds and enables the VBS features for you if needed. Complete the following steps:

From the Group Policy Management console, go to Computer Configuration > Administrative Templates > System > Device Guard. Double-click Turn On Virtualization Based Security. Select Enabled on the Turn On Virtualization Based Security window. Using the Select Platform Security Level drop-down, select Secure Boot or Secure Boot and DMA Protection. Using the Credential Guard Configuration drop-down, select Enabled with UEFI lock. (If you want to be able to turn off Windows Defender Credential Guard remotely, choose Enabled without lock.) Click OK. Close the Group Policy console. You can run the gpupdate /force command to enforce processing of the Group Policy.

Administrators can control which Office 365 ProPlus apps users are allowed to download. Once an administrator is logged into their global admin account, what should they do next?

From the home page select Office Software, and then select Software download settings.

Can do anything with folder and subfolders including changing permissions and ownership.

Full control

A user has complained about not being able to remove a program that is no longer needed on a computer. The Programs and Features page is not available in Control Panel. You suspect that a policy is enabled that hides this page from the user. But after opening the Local Group Policy Editor, you see that the Hide Programs and Features page is set to Not configured. You know that other users in this domain can access the Programs and Features page. To determine whether the policy is enabled, where should you look next?

GPOs linked to organizational units that contain this user's object You should look at GPOs linked to organizational units that contain this user's object to see where the Hide Programs and Features page policy might be enabled. If the policy was enabled in a GPO linked to the domain, it would be applied to all users in the domain. The next level GPOs are applied from is the level of GPOs linked to organizational units that contain the user's object.

Built-in Containers

Generic built-in containers are used to organize Active Directory objects. Built-in container objects differ from an OU, in that they are created by default and cannot be created, moved, renamed, or deleted.

The correct order to configure a compliance policy in Intune is:

Give the policy a unique name Identify an OS platform: iOS, Android, or Windows Configure one or more settings to enforce Assign the policy to one or more user groups or device groups

Which tool can you use to remotely manage a system using a graphical user interface?

Graphical Microsoft Management Console

Grayware`

Grayware is software that might offer a legitimate service but that also includes features that you aren't aware of or features that could be used for malicious purposes.Grayware is often installed with the user's permission, but without the user fully understanding what it does. Sometime permission may be implied, and the user must opt-out to avoid having the software installed.Some grayware installs automatically when another program is installed. Features included with grayware might be identified in the end user license agreement (EULA). However, the undesirable features may be undocumented or even obscured.

Windows Information Protection

Helps protect against data leakage on company-owned and personal devices without disrupting the user experience.

What windows systems is MDM available on?

Home, Pro, and Enterprise

Host-based

Host-based firewalls are implemented using software and reside on individual hosts within the network.

How does NAT work

How does NAT work? A. Basically, NAT allows a single device, such as a router, to act as an agent between the Internet (or public network) and a local network (or private network), which means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.

Default IP Classes

IPv4 addresses are divided into several default classes. Each class identifies a range of IPv4 addresses and a default subnet mask for that range. Class A addresses are 0.0.0.0 to 127.255.255.255. Class B addresses are 128.0.0.0 to 191.255.255.255. Class C addresses are 192.0.0.0 to 223.255.255.255. Class D addresses are 224.0.0.0 to 239.255.255.255. Class E addresses are 240.0.0.0 to 255.255.255.255

IPv6 Facts Built-in security features

IPv6 has built-in support for security protocols such as IPSec. This feature enhances security for internet communication.

IPv6 Facts Address space

IPv6 provides sufficient addresses for every device that needs a unique public IPv6 address. IPv6 eliminates the need for Network Address Translation (NAT), which is commonly used in IPv4 networks to conserve registered IP addresses. IPv6 allows for more flexibility in assigning IP addresses to devices. It also allows for more advanced subnetting than was available in IPv4.

Features of Desktop Analytics/ Pilot identification

Identification of the smallest set of devices that provide the widest coverage of factors. Desktop Analytics focuses on the factors that are most important to a pilot of Windows upgrades and updates. A successful pilot allows organizations to proceed quickly and confidently to broad production deployments.

The suggested procedure for remediation of an infected system is:

Identify the symptoms Quarantine the infected system Disable System Restore Update anti-malware definitions Scan for and remove malware Schedule future anti-malware scans Re-enable System Restore Educate the end user

How to change domains in a domain server model

If the domain shown is the one you want to use, enter the username and password in the applicable fields. However, if the domain listed is not correct, you can change domains by specifying the correct domain in the username field using the syntax of domain\username. For example, to sign in to the WACC domain using the Admin account, in the user name field you would type WACC\Admin. As soon as you type the backslash, the name of the domain will be shown in the Sign in to area.

Windows Autopilot Troubleshooting Guide, Step 5: Advanced Troubleshooting

If the troubleshooting steps are done and we're still having issues, we should check log files. These help identify configuration failures. We find log files for profile settings and OOBE issues in the Event Viewer log entries. They might also have been sent to the registry. Another thing we can check is the Event Tracing for Windows tool. This tool captures information about Autopilot during the start-up process. We do this with the Windows Performance Recorder tool and then view the results with the Windows Performance Analyzer tool. Autopilot generates event codes to help us fix problems. Let's look at the error codes on the Microsoft Troubleshooting Windows Autopilot webpage. You can see at the top we have event IDs, their types—such as warning, info, or error—followed by a description. Let's scroll down a bit and here you can see Event ID 171. It's an error. It's telling us that Autopilot Manager failed to see TPM Identify Confirmed. From here we can look for solutions on how to resolve this issue on the Microsoft website, frequently asked questions, or on other support information.

Using USMT: MigApp.xml file and the MigUser.xml file

If you need to customize how the user account migration process will work, you edit these two files with a text editor. For example, you can migrate certain types of files

In-place Upgrade Disadvantages

If your computer is malfunctioning or running slow, the existing issues will remain when the new OS is installed. A better option would be to back up your data and do a fresh install. You can back up your data using the USMT, the User State Migration tool, or PCmover Express.

Organizational Unit (OU)

In Active Directory, an organizational unit is a way to organize such things as users, groups, computers, and other organizational units. Also known as a container object.

You use a VPN connection on your Windows desktop system to access resources on a corporate intranet. In addition to accessing the intranet resources, you need to access the internet while the VPN connection is active. How can you prevent internet traffic from going through the VPN connection?

In Advanced TCP/IP Settings, clear the Use default gateway on remote network checkbox to disable routing of internet traffic through the VPN connection.

You have been asked to troubleshoot a Windows system that is a member of a workgroup. The director who uses the machine said he is able to install anything he wants and change system settings on demand. He has asked you to figure out why User Account Control (UAC) is not being activated when he performs a sensitive operation. You verify that the director's user account is a standard user and not a member of the local Administrators group. How do you configure UAC so the prompt is activated when he performs a sensitive operation?

In Group Policy, enable the Run all administrators in Admin Approval Mode policy.

Which Internet Explorer security feature restricts the browsing session information that can be tracked by external third-party websites and applications?

In Internet Explorer 10 and later, Tracking Protection restricts the browsing session information that can be tracked by external third-party websites and applications. The Cross-Site Scripting (XSS) filter prevents cross-site scripting attacks. Data Execution Prevention (DEP) prevents code from executing in the non-executable region of system memory. In earlier versions of Internet Explorer, Tracking Protection was named InPrivate Filtering.

You manage a Windows system. You would like to generate a report that runs several basic tests of the operating system, Security Center, hard disk, services, and hardware devices and drivers. How can you generate a report that includes suggestions for how to improve system performance?

In Performance Monitor, run the System Diagnostics Data Collector Set.

Enable

In Windows auditing, a setting in an auditing policy that turns on the logging of events in a host or network.

Disable

In Windows auditing, a setting that turns off an auditing policy.

Audit

In Windows, the ability to set policies that will provide feedback on specified events within a host or network.

(MBAM) tool

In a enterprise network environment, the Microsoft BitLocker Administration and Monitoring (MBAM) tool is often used to manage BitLocker settings. This tool allows system administrators to easily: Manage keys Automate encryption Check compliance Windows 10 version 1703 now allows system administrators to manage BitLocker through the organization's Mobile Device Management policy using Microsoft Intun

Internet Control Message Protocol (ICMP)

In addition to IP, TCP, and UDP, you also need to be familiar with the Internet Control Message Protocol (ICMP). ICMP is used to test and verify network communication between hosts. For example, if you want to verify connection between System A and System B, you can use the command line utility called ping to send a special IP packet called an ICMP echo request (ping) from System A to System B. When system B receives an ICMP echo request, it sends an ICMP echo response back to System A. When System A receives the response, it knows that a viable network connection exists to System B, and that System B is running and responding to network requests. ICMP can help you identify network issues. If you send an ICMP echo request, but never receive an ICMP echo response from the destination system, then you know there is a problem and can begin troubleshooting the connection process. It could be any number of things, such as a broken network cable, the destination system is down, or maybe the destination system has a firewall running that's ignoring all ICMP echo requests. In addition to connectivity, the ping utility also measures the amount of time it takes between the time you send the echo request and the time that you received the echo response. If an echo response is received, but takes longer than it should, you may have an overloaded destination system or a bad network connection.

Do this first to secure your network

In addition to configuring an authentication and encryption method on your wireless access point, there are a few other things you'll want to do to secure your wireless network. One of the most important things you can do is change the default administrator password on the access point. To make configuration easier, most wireless access points are preconfigured with the same username (such as admin) and the same password (such as password). These passwords are easily located online, so if you don't change it, someone could simply connect to your access point using the default password. Change your SSID, which is your network name. If you want to ensure an even higher level of anonymity, you could configure your access point to disable the SSID broadcast completely. Doing this would force a potential user to search for your specific network name to connect because it won't show in the list of available networks on their device.

Client

In computing, a client is a piece of computer hardware or software that accesses a service made available by a server as part of the client-server model of computer networks. The server is often (but not always) on another computer system, in which case the client accesses the service by way of a network.

intranet

In its simplest form, an intranet is established with the technologies for local area networks (LANs) and wide area networks (WANs). ... While an intranet is generally restricted to employees of the organization, extranets may also be accessed by customers, suppliers, or other approved parties.

TCP Transmission Control Protocol

In most situations, the information being sent between computers is too large to send in one package. This is where the second protocol, Transmission Control Protocol (TCP) comes into play. TCP, breaks up the data into smaller, more manageable packages, called packets. As the TCP protocol breaks up the data, the IP protocol labels each packet with the source address and the destination address, for example 10.0.0.1 and 10.0.0.2. Then, the TCP protocol assigns sequencing information (e.g., 1 of 5, 2 of 5, 3 of 5, 4 of 5, and 5 of 5) to each of these packets to make sure they are reassembled in the correct order. Even if the receiving system (10.0.0.2) receives the packets out of order, it can reassemble them correctly. TCP is a connection-oriented protocol, meaning that its job is to make sure that the data is reliably exchanged between the source and the destination. TCP accomplishes this by requiring acknowledgements for every packet that is sent and received. If one or more packets does not make it to the destination, the source will resend the missing packet. As you can imagine, this method of communication and continual verification requires substantial network resources. Because of this, only some of the upper layer applications use this protocol. For example, applications that require a high degree of data integrity, such as web servers, email servers, and FTP servers will use TCP.

Win 10 Upgrade Paths for Win 7 Enterprise

In place upgrade available for Windows 10 Enterprise but not Win 10 Home or Pro.

What can you do to prevent the stored passwords from being stolen from the system?

In the AutoComplete settings, deselect the Usernames and passwords on forms checkbox.

You manage a notebook system running Windows. Which task can you perform to log all packets that are dropped by the firewall on your computer?

In the Local Security Policy, configure object access policies for the Windows Filtering Platform (WFP). View audit entries in the Security log in Event Viewer.

You manage a notebook system running Windows. Which task can you perform to log all packets that are dropped by the firewall on your computer?

In the Local Security Policy, configure object access policies for the Windows Filtering Platform (WFP). View audit entries in the Security log in Event Viewer. Using the Local Security Policy, you can enable auditing of policies that record firewall events. In the Advanced Audit Policy Configuration, go to Object Access and enable logging for packet drops or connections. You can also use Audit Success Events to track allowed packets or connections, or you can use Audit Failure Events to track dropped packets or connections. Auditing tracks all packets or connections and does not filter events by profile. When using auditing for packets or connections, go to the Security log in Event Viewer to view auditing events. Notification settings in Windows Firewall control the balloon notifications you see when a program is blocked by the firewall.

Client Server Model (Windows Domain Model) again

In the client-server model, each host has a specific role in the network. Servers provide services such as file storage, user management, security configuration, and printing. Clients request services from servers. The client-server model is known as domain networking in a Windows environment. The key domain networking facts include the following. Domain networking uses the concept of security principals, which are entities such as users, computers, and resources. A Windows domain is a collection of security principals that share a central authentication database known as Active Directory. The Active Directory database is located on one or more servers in the domain.The servers running the Active Directory database are called domain controllers.Hosts must run a supported version of the Windows operating system to join a domain.The distinguished name of the domain is composed of the domain name along with the top level domain name from DNS. Domains are much more efficient and scalable than workgroups due to a centralized management structure and function.Objects represent resources, such as users, computers, and printers.Objects are used to define the security attributes, such as access, availability, and use limitations within the domain.Objects can be organized in container objects.An organizational unit (OU) is a type of container object used to logically organize network resources and simplify administration.

Enterprise State Roaming

In the cloud, Enterprise State Roaming in Azure AD allows Windows 10 users to enjoy a unified experience across all their Windows devices by synchronizing user and app settings to the cloud. Users can roam using different devices while their settings are synched to the cloud and sent to whichever device they log into. Enterprise State Roaming also separates corporate and personal data so that corporate data is always protected. It also offers enhanced security and encryption of data transmitted from the device and while the data is in the cloud.

Gateway Router Address

In the networking world, a default gateway is an IP address that traffic gets sent to when it's bound for a destination outside the current network. On most home and small business networks—where you have a single router and several connected devices—the router's private IP address is the default gateway.Jul 3, 20

Win 10 Upgrade Paths for Win 7 Professional

In-Place upgrade available for Win 10 Home, 10 Pro, and Win 10 Enterprise

Win 10 Upgrade Paths for Win 7 Ultimate

In-Place upgrade available for Win 10 Home, 10 Pro, and Win 10 Enterprise

Win 10 Upgrade Paths for Win 7 Home

In-place upgrade available for Win 10 Home, 10 Pro, But not Win 10 Enterprise

Win 10 Upgrade Paths for Win 7 Home Premium

In-place upgrade available for Win 10 Home, 10 Pro, But not Win 10 Enterprise

You have Windows 10 devices in Azure AD, and they are enrolled in Intune. What must you do in order to also co-manage the devices using Configuration Manager? (Switch from Azure AD to Co-management)

Install the Configuration Manager client on each device.

Which VPN security protocol supports the VPN Reconnect functionality?

Internet Key Exchange version 2 (IKEv2) is required to use the VPN Reconnect feature. IKEv2: Supports IPv6, smart card authentication, and certificate authentication. Supports data origin authentication, data integrity, replay protection, and data confidentiality. Uses UDP ports 500 and 4500 for IKE traffic and protocol 50 for ESP traffic. Enables the VPN connection to remain intact as a mobile client moves from one IP network to another. Is the default protocol for a new VPN connection for Windows 7.

Windows Defender Advanced Threat Protection directly integrates with various Microsoft solutions, including:

Intune Office 365 ATP Azure ATP Azure Security Center Skype for Business Microsoft Cloud App Security

Features of Desktop Analytics/ Device and software inventory

Inventory of key factors such as apps and the current versions of Windows.

To run a command on the remote system, use the Invoke-Command cmdlet. The syntax of the command is as follows:

Invoke-Command -ComputerName remote_computer_name -ScriptBlock cmdlet_name -credential user

Internet Key Exchange v2 (IKEv2)

Is a unique tunneling protocol that will reconnect a dropped connection. This protocol is often used by mobile devices because of this. We developed by Microsoft and Cisco. Is one of the fastest and most secure protocols available. Is not compatible with many operating systems.

Point-To-Point Tunneling Protocol (PPTP)

Is the oldest and most used tunneling protocol. Was developed by Microsoft for use with dial-up networks. Uses 128-bit encryption, but due to its age, is very easy to break. Is one of the faster protocols because of the low encryption standards.

What does the File and printer sharing setting do?

It allows other computers to access the shares created on the host computer.

The Windows Network Diagnostics tool analyzes a computer's network connection and verifies connectivity. When connected to a domain, what does the Network Map display?

It displays your computer, the domain, and the internet.

Windows Deployment Services (WDS)

It provides a way to install or upgrade Windows using a network based installation without requiring you to visit each computer.

Which of the following statements are true regarding Wi-Fi Direct?

It uses WPA2 security. It uses the 802.11n wireless standard.

NAT

It's easy to see that if every device in the world had its own unique IP address, there wouldn't be enough numbers for everyone. One way to get around this is to use network address translation, or NAT. NAT helps you stretch your use of public IP addresses. You'd use a NAT device to connect to the internet with a single globally-unique registered IP address. That device would then assign non-globally-unique, or private, IP addresses to each of the host machines within the network.

Hosts on a Client Server model

It's important to note that before any of these client systems can participate in the domain, they must be joined to the domain. And to do that, they must run a Professional, Ultimate, or Enterprise edition of Windows.

Downgrade Windows 10 Edition

Just enter the old product key. If you were upgraded using a subscription activation you can downgrade by default as long as you don't renew your licenses. This process takes 90 days.

KMS

Key Management Service With KMS, the Windows clients in your network request and receive Windows activation from a local KMS server. To implement a KMS server, you must: Install the Volume Activation Services role on a new or existing server. Configure KMS using the volume activation tools. Add the volume license purchased from Microsoft. Activate the licenses on the KMS server through the Microsoft site. Ensure that DNS is correctly configured to allow clients to locate the KMS server. Once KMS is configured, clients request and receive activation from the KMS server. By default, activation is valid for 180 days, but reactivation is requested every 7 days. To use KMS, one of the following thresholds must be met. Otherwise, no activation will take place: 25 or more client systems (physical or virtual) must actively require activation. 5 or more servers (physical or virtual) must actively require activation.

Digital license

Key points about digital licenses are. A digital license is a method of activation that doesn't require you to enter a product key during the installation of Windows. The license is linked to a Microsoft account and, once used, is also linked to the hardware. Since activation is linked to a Microsoft account, you can skip the product key question and continue with the installation when you install Windows. When you sign into the computer using a Microsoft account and connect to the internet, the computer is activated. Since activation using a digital license is associated with the hardware, a major change to the hardware (such as a new motherboard) may require the system to be reactivated.

Product key

Key points about product keys are: When activation uses a product key, it is linked to the hardware in the system. Since activation using a product key is associated with hardware, a major change to the hardware (such as a new motherboard) may require the system to be reactivated. Product keys are in the form of xxxxx-xxxxx-xxxxx-xxxxx-xxxxx where x is a value of the key.

Windows 10 system requirements

Latest OS: Make sure you're running the latest version—either Windows 7 SP1 or Windows 8.1 Update. ... Processor: 1 gigahertz (GHz) or faster processor or SoC. RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit. Hard disk space: 16 GB for 32-bit OS or 20 GB for 64-bit OS. Graphics card: DirectX 9 or later with WDDM 1.0 driver.

Can see files and folders, but not open any.

List folder contents

There are many group policy settings that can enhance the use of BitLocker. These policies can be found at:

Local Computer Policy --> Computer Configuration --> Administrative Templates --> Windows Components --> Bit Locker Drive Encryption

BitLocker To Go can be enhanced through Group Policy settings. These settings are found under:

Local Computer Policy --> Computer Configuration --> Administrative Templates --> Windows Components --> BitLocker Drive Encryption --> Removable Data Drives

(LSASS)

Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.

Group Policy Settings

Local policies are configured under: Computer Configuration > Windows Settings >Security Settings > Account Policies Domain policies are configured under: Computer Configuration > Policies > Windows Settings >Security Settings > Account

Traditionally, Windows has provided user profiles so users can save settings, files, and registry settings. Profiles fall into five types: Type 1

Local profiles- Are stored on only one device.

Network fencing

Location compliance, known as network fencing, allows you to keep devices outside your corporate network from accessing enterprise resources.

Which of the following can be used to verify that the TCP/IP Protocol stack has been properly installed on the host?

Loopback Explanation The local loopback address for the local host is 0:0:0:0:0:0:0:1 (also identified as ::1 or ::1/128). The local loopback address is not assigned to an interface. It can be used to verify that the TCP/IP Protocol stack has been properly installed on the host.

MAK

MAK licenses are enterprise licenses purchased by a company, but tracked by Microsoft. Unlike KMS or Active Directory activation, MAK activates systems on a one-time basis. It uses Microsoft's hosted activation services, which require connection with a Microsoft activation server. This is typically done by means of the internet. If a system using MAK activation can't use the internet, the activation can be accomplished by calling Microsoft. Once a computer is activated, no further communication with Microsoft is required. Each MAK has a predetermined number of allowed activations based on the Volume Licensing agreement. MAK licenses can be included as part of an organization's Windows 10 operating system image.

Which Microsoft tool would you download to help you migrate your group policies to MDM policies?

MMAT (MDM Migration Analysis Tool)

Microsoft Management Console(MMC)

MMC is a tool that allows you to select the computer you want to manage when loading a particular snap-in.

You manage a small office network with a single subnet. The network is connected to the internet. All client computers run Windows. A single server runs Windows Server 2016. The client computers are not joined to a domain. All hosts use IPv6 addresses on the private network. All computers on the private network are assigned host names (such as Computer1, Computer2, etc.). All hosts use the DNS server provided by the Internet Service Provider (ISP) to resolve hostnames for internet hosts. You need to implement a solution so that hosts on your private network can resolve hostnames for other hosts on the private network. You want to implement the solution with the least amount of effort. What should you do?

Make sure that LLMNR is enabled on all computers. LLMNR is a name resolution protocol that provides peer-to-peer name resolution when DNS is unavailable. LLMNR uses multicast messages (also known as multicast DNS) to resolve local hostnames. You can use LLMNR to create ad hoc networks or to find hosts on the local subnet without the use of a DNS server. LLMNR replaces the NetBIOS broadcast capabilities, but it requires LLMNR-capable hosts

Traditionally, Windows has provided user profiles so users can save settings, files, and registry settings. Profiles fall into five types: Type 3

Mandatory profiles- Can be either local or roaming, but deny the user the right to make any changes to the profile. When the user re-logs on or reboots, any changes the user made is lost.

Windows Autopilot depends on specific capabilities available in Windows 10 and Azure AD. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs. To provide needed Azure Active Directory and MDM functionality, one of the following is required:

Microsoft 365 Business subscriptions. Microsoft 365 F1 subscriptions. Microsoft 365 Academic A1, A3, or A5 subscriptions. Microsoft 365 Enterprise E3 or E5 subscriptions, which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). Enterprise Mobility + Security E3 or E5 subscriptions, which include all needed Azure AD and Intune features. Intune for Education subscriptions, which include all needed Azure AD and Intune features. Azure Active Directory Premium P1 or P2 and Microsoft Intune subscriptions, or an alternative MDM service.

In-place Upgrade tools

Microsoft Deployment Toolkit (MDT) Windows Deployment Services (WDS) Windows Assessment and Deployment Kit (Windows ADK)

Access to Microsoft Defender Advanced Threat Protection (ATP) is done through one of the following supported browsers:

Microsoft Edge Internet Explorer version 11 Google Chrome

What is Microsoft Intune?

Microsoft Intune is a Microsoft cloud-based management solution that provides for mobile device and operating system management. It aims to provide Unified Endpoint Management of both corporate and BYOD equipment in a way that protects corporate data.

Which kind of cloud computing system is Microsoft Office 365 ProPlus?

Microsoft Office 365 ProPlus is a cloud-based computing system that provides Software as a Service (SaaS). Microsoft Office is a very commonly used productivity suite. Office 365 ProPlus includes Access, Excel, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, and Word.

Client Server Model

Microsoft's implementation of this model is called domain networking Each host has a specific role, it will either provide network services or consume network services, but not both. It implements a windows domain. A Windows domain is a collection of security principles. A security principle is any entity that can be authenticated into the Active Directory domain. This can include a variety of different network resources. Client server model uses Active Directory Authentication

Miracast

Microsoft's screen casting technology.

LoadState.exe

Migrates the information contained in the migration file created by ScanState to the destination computer.

MDM Mobile Device Manager Plus

Mobile Device Manager Plus provides robust management support for Windows devices running OS 8, 8.1, and 10 versions. With this software, empower your administrators to monitor, manage, audit, and secure official data on your Windows mobile devices.

Can do anything with folder and subfolders except change permissions or ownership.

Modify

Swapping

Moving data from virtual memory to a page file or vice versa.

Domain Model Drawbacks

Much more expensive Requires specialized hardware and software This model also requires a lot more time and planning to implement. You'll have to decide where your domain controllers are going to reside in the network, how many backup domain controllers you want to use, what the Active Directory tree structure is going to look like, where to place your organizational units, where the user accounts will reside within those organizational units, and so on. The disadvantage is that you will always need an active internet connection for the system to work.

Trees and forests

Multiple domains are grouped together in the following relationship: A tree is a group of related domains that share the same contiguous DNS namespace. A forest is a collection of related domain trees. The forest establishes the relationship between trees that have different DNS name spaces.

IPv6 Facts Neighbor Discovery Protocol(NDP)

NDP in conjunction with ICMPv6 messages, replaces the Address Resolution Protocol (ARP) which discovers the addresses of other interfaces on the network. NDP can automatically generate the IPv6 address for hosts, if configured.

Shows the network status and a graphical representation of network connections.

Network and Sharing Center

Network

Network firewalls are typically implemented using hardware and are positioned at the network's perimeter.

Network protection

Network protection extends the Windows Defender SmartScreen protection in Microsoft Edge to other applications and prevents access to internet domains that may host phishing scams, exploits, and other malicious content. This requires Windows Defender Antivirus and Cloud-delivered protection to be enabled.

Windows Autopilot Troubleshooting Guide, Step 2: Initial Configuration

Next, let's look at issues with initial configuration and the Out-of-Box Experience, or OOBE, during deployment. We need to have Azure Active Directory and our MDM, such as Intune, configured. One thing to check is if MDM auto-enrollment is configured correctly. We should double check and make sure the MDM Discovery URL is right so that the device can locate the MDM service. We also want to check the Azure Active Directory custom branding. Are there any typos in the custom hardware ID configuration?

Local Policies/Audit Policy

Next, we have Local Policies/Audit Policy. You use the Audit Policy settings to configure auditing for various events—such as log on, account management, or privileged use.

Local Policies/ User Rights Assignment

Next, we have Local Policies/User Rights assignment. User Rights determine what actions a given user can perform on a given computer.

IPv6 Facts Header improvements

Non-essential and optional packet fields are moved to extension headers, that are placed after the IPv6 header. This reduces header size and decreases the amount of time required to process the packet. In addition, IPv6 provides standardized packet header size, which enables routers and devices to transfer IPv6 packets at faster rates.

Upgrade Paths

Now let's talk about Windows upgrade paths. The supported paths are currently Windows 7, Windows 8.1, and Windows 10. You must have the latest versions of these operating systems—and the latest service pack—when you upgrade Windows 7 and 8.1. Your Upgrade Readiness performs a complete inventory of the computer once you enable Windows Diagnostic Data. Then you can see the Windows version you have installed on each device.

Binary Numbers breakdown

Now, let's apply the same idea to binary numbers. Instead of ones, tens, and thousands, we're working with different place values: 128, 64, 32, 16, 8, 4, 2, and 1. Instead of 10 options for each place, we only have two options now, a 1 or a 0.

A standard user logs on and tries to install the device. They receive a prompt for administrative credentials. What should you do?

Obtain drivers that have a digital signature. If a driver does not have a digital signature, the user will be prompted for administrative credentials to continue with the installation. Drivers without a digital signature can be installed, but they require elevated credentials to complete the installation.

Attack surface reduction

Offering attackers fewer ways to perform attacks.

Office 365 ProPlus can be deployed to your enterprise. When doing so, which tool enables you to choose the language, hardware architecture, and the version of Office you want to install?

Office Deployment Too

You manage two Windows systems named Computer1 and Computer2. Both computers are members of a domain. Which steps do you need to perform so you can remotely execute commands on Computer2 from Computer1?

On Computer2, run winrm qc winrm qc enables WinRM

You manage two Windows systems named Computer1 and Computer2. Both computers are members of a domain. Windows Remote Management (WinRM) is enabled on both computers. Which steps do you need to perform so you can use Computer2 to create an additional disk volume on Computer1?

On Computer2, run winrs and then run diskpart To create an additional disk volume on a remote computer, run winrs and then run diskpart from the local computer. Windows Remote Shell (WinRS) uses the command line interface to manage a remote computer. DiskPart is a command line utility used to configure and manage disks and volumes.

You are the desktop administrator for your company. You would like to manage the computers remotely using a tool with a graphical user interface (GUI).

Open Computer Management and connect to each remote computer. Establish a Remote Desktop connection to each computer.

To access UAC setting on Windows Server 2019:

Open Server Manager and select: Tools > Group Policy Management Expand: Forest:YourForest > Domains > YourDomain > Group Policy Objects Right-click the desired group policy object and select Edit. Expand and select: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

On your Windows system, you want to prevent Edge from leaving a trail of your browsing session. What should you do?

Open a new InPrivate window to avoid retaining the following information: Browsing history Temporary internet files Form data Cookies Usernames Passwords InPrivate Filtering restricts what information about a browsing session can be tracked by external third-party websites and applications. Edge processes run in a sandbox or isolated area with no access to the rest of the system. Clearing browsing history does not prevent a browsing trail from being retained; it deletes the trail after the fact.

Open authentication

Open authentication requires all clients to provide a MAC address to connect to a wireless network.

Organizational units

Organizational units are logical containers in Active Directory that are used to hold and organize network resources.

Workgroup Model in Networking

Otherwise known as a peer to peer network. None of these hosts have a specific role on the network. They all consume and provide network services. So, with a peer-to-peer network, there's no such thing as a workstation, and there's no such thing as a server. Instead, each system functions as a server and a workstation at the same time. To configure a workgroup, you have to configure each system or host with the same workgroup name.

Inheritance

Permissions granted to files or subfolders based on the permissions assigned to a parent folder.

Access Control Entries

Permissions listed on a Access Control List (ACL) that are granted to a user. ACEs can be Allow or Deny. They can be assigned explicitly or inherited.

Piloting a deployment

Piloting a deployment consists of rolling out devices and software to a select group of users in your organization. Often the devices and software have not been previously run in your production environment. During the pilot deployment it's important to identify any issues and find solutions. IT administrators should document the feedback they receive from users and other stakeholders. When piloting a deployment, consider the following: Test deployments with small groups. Make sure that all production hardware, PC's, notebooks, and tablets meet the minimum specs for Window 10. Test all peripheral devices such as printers, scanners, and other devices. Make sure that drivers are available and are the correct ones. Check all third-party encryption tools and switch to BitLocker if needed. Test all the apps that your organization uses. Make sure your IT staff has all the skills and training that is needed to support the organization and the Windows 10 deployment.

You manage a Windows network environment. As part of your IPv6 migration strategy, you have implemented Teredo on your network. You would like to test the communication of a client computer using Teredo. What should you do?

Ping the address beginning with 2001: Teredo (also known as NAT traversal or NAT-T) establishes a tunnel between individual IPv6 hosts so they can communicate through a private or public IPv4 network. Teredo addresses have a 2001::/32 prefix followed by the IPv4 public address converted to hexadecimal. For example, the IPv4 public address of 207.142.131.202 would provide clients with a prefix of 2001:0:CF8E:83CA::/64.

You have been having trouble with your Windows notebook system crashing. The support technician wants you to send him a memory dump that occurred when the computer crashed. You find that the computer did not create the memory dump file. How can you configure the system to create a memory dump file the next time it crashes?

Place the paging file on the system drive.

cmndlets

PowerShell commands are referred to as cmndlets.

You want to connect your client computer to a wireless access point connected to your wired network at work. The network administrator tells you that the access point is configured to use WPA2-Personal with the strongest encryption method possible. SSID broadcast is turned off. Which of the following must you configure manually on the client? (Select three.)

Pre-shared key AES SSID

network discovery settings

Private - your local network at work or at home. Guest or Public - a network in a public location, such as an airport or coffee shop. Domain - available to all users logged on to the local Active Directory domain.

Process Explorer

Process Explorer helps you determine which program has a file or directory open. You are shown the information about the handles and DLLs processes that have opened or loaded. Process Explorer is part of Sysinternals and must be downloaded from Microsoft's site. Identifies the program (process) that has a particular file or directory open. Provides information about the handles and DLLs opened in or loaded to a specific process. This function helps identify the application or service responsible for activity on the hard drive, including the files and folders being accessed. Searches for data, such as the process or application that has a specific file open or a certain DLL loaded. Displays graphs for system CPU usage history, committed virtual memory usage, and I/O throughput statistics in graphical form. You can click a graph to open the System Information screen and display more detailed graphs.

Process Explorer

Process Explorer is a utility that shows the process a particular file or folder has open.

Provisioning Package Configuration

Provisioning packages are created by using the Windows Configuration Designer. They can send one or several configurations to apps and settings on a device. This method works best for small to medium-sized businesses with deployments that ranging from perhaps 10 to a few hundred computers. Provisioning packages let you: Quickly configure a new device without going through the process of installing a new image. Save time by configuring multiple devices using one provisioning package. Quickly configure employee-owned devices in an organization without a mobile device management (MDM) infrastructure. Set up a device without the device having network connectivity. Provisioning packages can be: Installed using removable media such as an SD card or USB flash drive. Attached to an email. Downloaded from a network share. Deployed in Near Field Communication (NFC) tags or barcodes.

PsExec

PsExec is a command that allows you to execute programs on the remote system.

Deep linking an application

Publishing an external link for an app from the Windows Store to managed devices such as a desktop, notebook, tablet, or phone.

Which of the following types of malware are designed to scam money from the victim?

Ransomware and scareware Ransomware and scareware are both designed to scam money from the victim. Ransomware is a form of malware that denies access to an infected computer system until the user pays a ransom. Scareware is a scam that fools users into thinking they have some form of malware on their system. The intent of the scam is to sell the user fake antivirus software to remove malware they don't actually have.

Ransomware

Ransomware is a form of malware that denies access to an infected computer system until the user pays a ransom. A common form of ransomware encrypts the hard disk on the user's system, preventing access to data. The attacker demands a ransom in return for providing the decryption key. Unfortunately, the attacker frequently does not unencrypt the hard disk even after the user complies with ransom demands.

Can open files, but not change anything.

Read

Can open files and run programs in the folder.

Read & execute

You can use the Command Prompt option in the Recovery Environment to:

Read boot logs Discover the drives Windows that can see Enable and disable services Read and write data to the hard disk drive Overwrite corrupt or incorrect files (such as repairing a corrupt registry or restoring corrupt operating system files) Format and partition drives Repair a corrupted master boot record

Logon Events

Records logon and logoff events on the local workstation only.

Persistence

Refers to an object and process characteristic that continues to exist even after the process that created it ceases or the machine it is running on is powered off.

Reliability Monitor

Reliability Monitor is a tool that tracks the overall stability of a Windows system.

IPv6 Numbering

Remember that hexadecimal numbers include only the numbers 0-9 and the letters A-F.

Remote Assistance

Remote Assistance is a support tool that allows administrators to view the screen of an end user and help troubleshoot problems.

How to get Remote Assistance to WORK

Remote Assistance uses the Remote Desktop Protocol (RDP) to access the remote target computer. Remote Assistance must be enabled on the target computer. The firewalls on both computers must be configured to allow Remote Assistance connections. By default, the requester must initiate the invitation. Invitations require a password and have an expiration date. With permission, the helper can take control of the user's computer. The helper cannot copy files from a user's computer.

Remote Desktop

Remote Desktop is a tool that allows access to the graphical desktop environment of another Windows client system over a network connection.

Somewhere you are

Requires authentication based on the user's physical location using factors such as Radio Frequency Identification (RFID) proximity readers, GPS location data, or Wi-Fi triangulation.

Resource Monitor

Resource Monitor is a utility that allows you to view real-time information about the way resources are used by the system hardware and software.

Which Dynamic Access Control component is used to tag scanned files?

Resource Properties

netsh wlan show profiles name=[profile name] key=clear

Retrieves the stored key (password) or a wireless network

Traditionally, Windows has provided user profiles so users can save settings, files, and registry settings. Profiles fall into five types: Type 2

Roaming profiles- Are stored on the network in a certain area and can be sent to any Windows device a user logs into.

IPv6 Facts Route aggregation

Route aggregation combines blocks of addresses as a single route in a routing table. This reduces the size of the routing tables on the internet and backbone operators.

Central access rules

Rules that include a condition that must be matched for permission assignments to be made.

You have a Windows 10 notebook system that is shared by three users. The computer is not a member of a domain. Each user has been using the Encryption File System (EFS) to encrypt their personal files on the laptop. You would like to add your user account as a recovery agent so you can recover any file encrypted by any user on the laptop. You would like to store the recovery keys on a smart card. What should you do first?

Run cipher /r to generate the recovery agent keys.

To add a data recovery agent to encrypted files:

Run cipher /r to generate the recovery agent keys. Add a data recovery agent to the Encrypting File System policy in the Local Security Policy. Use the certificate generated in step 1. For each user, run the cipher /u command to update encrypted files and add the DRA to each file. Running this command updates only the current user's files. Run the cipher /rekey command to change the encryption keys used on files, such as to update existing files to be encrypted using a certificate on a smart card.

More Driver Commands

Run pnputil -e to display all third-party drivers on the system. All third-party drivers have an oem##.inf published name where ## is a unique numeric value. Pnputil -a adds a driver to the Driver Store. Sigverif scans the computer and identifies any unsigned drivers. Verifier informs you that a device driver will fail if memory usage or CPU usage is above or below a certain limit.

You need to migrate specific application settings from ComputerA to ComputerB by using USMT. What should you do? (Select two. Each answer is part of the complete solution.)

Run scanstate with the /genconfig option. Edit the config.xml file. To migrate specific application settings with USMT, you should: Run scanstate with the /genconfig option to generate the config.xml file. Edit the config.xml file and specify the rules for migrating application settings. MigUser.xml gathers all files from the standard user profile folders as well as any files on the system that have the specified filename extensions. Run loadstate /ui to migrate the specified user's data. Run scanstate /p /nocompress to generate a space-estimate file called Usmtsize.txt. The migDocs.xml contains information about the location of user documents, not application settings.

You have a workstation running Windows 10 Home that you would like to upgrade to the Windows 10 Pro edition. How can you perform this upgrade with the least amount of effort and cost while maintaining applications, drivers, and user profile data?

Run the In-place Upgrade to upgrade from one edition to another within the same version. The Custom Installation option runs a clean installation of a new instance of Windows, which wipes out all data currently on the drive. The Windows 10 Upgrade Assistant scans the system to make sure it is ready for an upgrade to a new version, but it doesn't install anything. It is recommended that Windows Update be configured to automatically install updates, but this tool only keeps your version up to date; it won't upgrade Windows from one edition to another.

You have a Windows 7 system that you would like to upgrade to Windows 10. How can you make sure that everything in your current system is compatible with Windows 10?

Run the Windows 10 Upgrade Assistant.

To configure Event Subscriptions for a source-initiated subscription:

Run the winrm qc -q command on all computers. In the Local Policy or Group Policy that applies to the source computers, be sure to identify the FQDN (fully qualified domain name) of the collector computer. On the collector computer, run the wecutil qc /q command. On the collector computer, open Event Viewer and configure the subscription properties (such as the location of the forwarded events).

You would like to configure Event Subscriptions on your Windows system to forward events to a network server. You need to configure your computer as a source computer for a source-initiated subscription. Which of the following will be part of your configuration?

Run the winrm qc -q command. Configure the Local Security Policy to identify the FQDN of the collector computer.

DriverQuery.exe

Running DriverQuery.exe from Command Prompt or PowerShell lets you see a list of the signed and unsigned drivers on your system.

After creating your code integrity policy XML file, you have gone into Group Policy and enabled the Deploy Windows Defender Application Control option. You specified the path to the code integrity policy file. When that policy file is downloaded to the client, what is the code integrity policy named?

SIPolicy.p7b Once the code integrity policy file is downloaded to the client machines, it is renamed to SIPolicy.p7b regardless of the name of the file that was used on the server.

ScanState.exe

Scans and collects the user profiles, data, and settings as specified in the XML configuration files. The collected information is saved to a file (typically on a remote location) such as an external USB drive or network share.

Using USMT (User State Migration Tool) Scanstate Tool and Loadstate Tool

Scanstate backs up the user profile, Loadstate installs it on the target system

Scareware

Scareware is a scam that fools users into thinking they have some form of malware on their system. The intent of the scam is to sell the user fake antivirus software to remove malware they don't actually have.

These contain one or more PowerShell cmdlets.

Script files

Security groups

Security groups are given access to system resources through access control lists (ACLs). Each file or folder in the system has an ACL which contains its permissions. The permissions determine which users have access to it and which operations they can each perform. Each entry in this list specifies which users have which permissions. The users in the list are called security principles and can be individual users or part of a group account. Each individual user or group is assigned a unique number called a security ID (SID) that is used by the system for identification.

Sign in using a Microsoft account

Select the Start, then go to Settings > Accounts > Your info. Select Sign in with a Microsoft account instead. If you see Sign in with a local account instead, you're already using your Microsoft account. Follow the prompts to switch to your Microsoft account. If needed, you can create a Microsoft account at this time.

What should you do to achieve co-management when working with a SCCM configuration?

Set up hybrid Azure Active Directory and then enroll the Windows 10 devices into Intune.

Which PowerShell cmdlet can be used to enable and configure controlled folder access?

Set-MpPreference

Which PowerShell cmdlet can be used to configured exploit protection?

Set-ProcessMitigation

Shared key authentication

Shared key authentication requires that all clients and access points are configured with the same security key.

Which key combination can you press during the initial boot process to get to Command Prompt prior to the computer running the Out-of-Box Experience?

Shift + F10 Pressing the Shift + F10 keys during the initial bootup screen (prior to getting to the Out-of-Box Experience) opens Command Prompt. From Command Prompt, you can run PowerShell. From PowerShell, you can then run the following cmdlets to extract the hardware device IDs: Set-Location c:\HWlD Set-ExecutionPolicy Unrestricted Install-Script -Name Get-WindowsAutoPilotlnfo Get-WindowsAutoPilotlnfo.ps1 -OutputFile DevicelD.csv

A user keeps attempting to open a text file. All that happens is a Command Prompt window flashes on screen and then disappears. Which of the following actions will help you determine the cause of this issue?

Show full file extensions. If the file is appearing as a text file but is opening a Command Prompt window when run, more than likely, the file is malware that is taking advantage of a double file extension. By showing full file extensions, you should see that the file is a .exe file or some other type of file.

Netsh WLAN show wirelesscapabilities

Shows all supported capabilities of the wireless adapter

Configuration score

Shows the collective security configuration state of your machines across application, operating system, network, accounts, and security controls.

netsh wlan show profiles

Shows the list of wireless profiles

Definition Files

Signature files (also called definition files) identify specific known threats.

Which of the following includes the benefit of free upgrades when the next version of Windows is released and Microsoft Desktop Optimization Pack (MDOP)?

Software Assurance

Spam

Spam is unwanted and unsolicited email sent in bulk to multiple recipients. Spam:May be benign emails trying to sell products.May be malicious emails containing phishing scams or malware-infected attachments. Spam wastes bandwidth and consumes system resources.

Windows Autopilot Troubleshooting Guide, Step 4: Troubleshooting Mobile Device Management Issues

Specifically, where the device is enrolled in the MDM. Many issues are rooted here. We should check that our license is valid and check our device number limit one more time. Finally, like all troubleshooting steps, rebooting the device might fix things. This seems simple, but it's often overlooked.

Change permissions

Specifies whether a user can change permissions on a file or folder.

Write attributes

Specifies whether a user can change the attributes of a file or folder.

Write extended attributes

Specifies whether a user can change the extended attributes of a file or folder.

Delete

Specifies whether a user can delete a file or folder.

Delete subfolders and files

Specifies whether a user can delete a subfolder or file. This is possible even if the Delete permission has not been granted on that subfolder or file. (This option is only available when adding the right to a folder.)

Take ownership

Specifies whether a user can take ownership of a file or folder.

Read permissions

Specifies whether a user can view the NTFS permissions assigned to the file or folder.

Read attributes

Specifies whether a user can view the attributes of a file or folder (such as read-only and hidden).

Read extended attributes

Specifies whether a user can view the extended attributes of a file or folder.

Enable split tunneling

Split tunneling is the ability of one device to connect to two networks at the same time. Set-VpnConnection -Name %Name of VPN% -SplitTunneling $True

Spyware

Spyware is malware designed to intercept or take partial control of the user's interaction with the computer. Spyware has the following characteristics: It is usually installed when the user visits a malicious website, installs an infected application, or opens an infected email attachment. Spyware typically collects personal information about the user, such as internet surfing habits, usernames, and passwords. It usually sends the information it captures back to an attacker, who may use it for personal gain or sell it to others. Some spyware uses tracking cookies to collect information about a user's internet activities. Some spyware may interfere with the user's ability to control the computer. For example, it may install unwanted software, change computer settings, or redirect web browser activity.`

Standard User

Standard users have limited permission. For example standard users: Can use applications but cannot install them Can change some settings that apply only to them Cannot run applications in an elevated state

What tool can be used to automatically fix common startup problems?

Startup Repair

netsh wlan set profileparameter name=[profile name] connectionmode=manual

Stops the device from automatically connecting to a network

Traditionally, Windows has provided user profiles so users can save settings, files, and registry settings. Profiles fall into five types: Type 5

Temporary profiles- A user will get a temporary user profile if the local, roaming, or mandatory profile is unavailable. This profile is based on the default profile and will probably lack app settings, files, and registry settings.

You have an IPv4 network that has two IPv6-only hosts that need to be able to communicate with each other. You want to implement a solution that only requires you to configure the two IPv6 hosts. You also want it to work through NAT. Which tunneling method should you use?

Teredo tunneling Teredo tunneling establishes a tunnel between individual IPv6 hosts so they can communicate through a private or public IPv4 network. It is configured between individual hosts and works through NAT.

Action Center

The Action Center is a central location for managing system messages and resolving issues within a Windows system.

To protect your system and the data on your Windows 10 computer, you use the Backup and Restore console to create a system image backup. While working with a file, you accidentally delete some of the data. You need to restore the older version of the file, but you cannot find any previous versions of the file. What should you do?

The Backup and Restore console creates system images in the .vhd format. To recover files from the .vhd file: Attach (mount) the .vhd file so that it displays as a disk and can have a drive letter assignment. Browse to and then copy the files you need.

Boot Configuration Data(BCD)

The Boot Configuration Data store is a database that identifies possible operating systems and their locations on a disk. BCD enables administrators to assign rights for managing boot options. The BCDEdit tool can be used to troubleshoot this database.

Which special permission specifies whether a user can make changes to the end of the file but not change, delete, or overwrite existing data?

The Create folders / append data special permission specifies whether a user can make changes to the end of the file. It does not, however, allow him or her to change, delete, or overwrite existing data.

Dynamic Host Configuration Protocol(DHCP)

The DHCP service assigns IP addresses and other configuration information to IP hosts on the network. A DHCP server automates the process of assigning IP addresses to network hosts. A host uses broadcast messages to locate a DHCP server when it boots. The DHCP server assigns IP address and subnet values, called an address lease, to the host. A DHCP server can also be configured to deliver the default gateway address, DNS server address, and other configuration information to hosts.

You are using a web browser on your Windows notebook to access the http://www.westsim.com website. Your notebook has been configured to use a DNS server that has an IP address of 137.65.1.254 for name resolution. Your notebook sends a name resolution request for www.westsim.com to this DNS server. However, this server isn't authoritative for this domain and doesn't have a record that can be used to resolve this domain name to an IP address. What will happen next?

The DNS server sends a request to a DNS root server for the IP address of a DNS server that is authoritative for the westsim.com domain. If the DNS server doesn't have a record for the domain name requested, it sends a request to a DNS root server for the IP address of a DNS server that is authoritative for the domain where the record resides. After going through this process, most DNS servers cache the record for the domain name. In this manner, the next time the domain name is requested, it can respond directly without having to contact a root-level DNS server and the authoritative DNS server for the domain. The DNS server must first identify the IP address of the DNS server that is authoritative for the requested domain name. The DNS server, not the client system, is responsible for contacting a root-level DNS server. An error message will be displayed in the browser only if the DNS server that is authoritative for the domain requested doesn't have a record for the specified domain name.

How to view external devices

The Devices and Printers page in Control Panel displays information about external devices connected to the computer. The status of the device will be shown. You can open the device to perform certain actions. To troubleshoot problems, you will need administrative credentials.

DNS definition

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Device driver commands

The File Signature Verification tool (sigverif.exe) scans the computer and identifies any drivers that are not digitally signed. The Driver Verifier tool (verifier.exe) monitors drivers and detects issues and actions that might cause problems. PnPUtil (pnputil.exe) adds and removes drivers from the Driver Store. The DirectX Diagnostic Tool (dxdiag.exe) checks only the video driver for a digital signature.

When the SIM card is inserted in a Windows 10 machine, the following steps happen:

The International Mobile Subscriber Identity (IMSI) is read. The Integrated Circuit Card ID is read. The service provider's ID and name are read. Windows uses this information to determine which mobile carrier the SIM card belongs to. Windows automatically downloads and installs the modem and appropriate apps. Once all drivers and apps are installed, Windows can initialize the modem and begin connecting to the network.

IPv6 Facts Geographic assignment of addresses

The Internet Corporation for Assigned Names and Numbers (ICANN) assigns IPv6 addresses based on major geographic region and the regional ISP.

IP Internet Protocol

The Internet Protocol (IP) is the primary networking protocol used by organizations across the internet. IP is responsible for taking information from the sending system, formatting it, and sending it to the receiving system. IP is a connectionless protocol. In other words, it is concerned about how data gets from one system to another. In order to get data from one device on the network to another device on the network, IP uses an address system. An example of an IP version 4 (IPv4) address is 10.0.0.2.

You access the WidgetProject share on a server at your organization's headquarters over a WAN link using the following UNC path: \\FS3\WidgetProject. Click the zone this site belongs to by default in Internet options.

The Local intranet zone includes everything on your local area network and is configured with medium-low security by default. This zone includes every site you access using a UNC path, including sites available through a proxy. The Restricted sites zone has the highest security settings and can be used for protection against potentially malicious sites. You must explicitly add sites to this zone. The Trusted sites zone also contains only sites that you explicitly add and is configured with medium security by default. The Internet zone includes all sites that are not in other zones. It is configured with medium-high security by default.

Microsoft BitLocker Administration and Monitoring(MBAM) tool

The MBAM tool provides a simplified interface for managing BitLocker on the network. MBAM is a tool that is provided as part of the Microsoft Desktop Optimization Pack which is included with the Software Assurance Program.

Services console

The Services console is an MMC snap-in that provides detailed information about each of the services on the service tab.

Exploit Protection CMDlets

The Set-ProcessMitigation PowerShell cmdlet is used to configure exploit protection. The Set-MpPreference PowerShell cmdlet is used to enable Controlled folder access. The Set-ExploitProtection PowerShell cmdlet is not a properly formatted PowerShell cmdlet. The Set-ConvertFrom-CIPolicy PowerShell cmdlet is not a properly formatted PowerShell cmdlet.

Using Group Policy, you have accessed Windows Defender Application Guard's Network Isolation policy. Which of the following settings associated with this policy turns off Network Isolation's automatic discovery of private network hosts in the domain-corporate environment?

The Subnet definitions are authoritative setting turns off Network Isolation's automatic discovery of private network hosts in the domain-corporate environment. The Proxy definitions are authoritative setting turns off Network Isolation's automatic proxy discovery in the domain-corporate environment. The Intranet proxy servers for apps setting defines a semicolon-separated list of intranet proxy server IP addresses. The Domains categorized as both work and personal setting defines a comma-separated list of domain names that can be used as both work and personal resources.

What is Windows API?

The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems. ... On the Windows NT line of operating systems, a small number (such as programs started early in the Windows startup process) use the Native API.

Which driver must be enabled for Windows Defender Advanced Threat Protection (ATP) to run?

The Windows Defender Antivirus Early Launch Antimalware (ELAM) driver must be enabled for Windows Defender Advanced Threat Protection (ATP) to run.

Windows Memory Diagnostics (WMD)

The Windows Memory Diagnostics app works with the Microsoft online crash analysis system to monitor your Windows system for defective memory issues.

Windows Network Diagnostics

The Windows Network Diagnostics tool lets users monitor network traffic, traffic statistics, connections, ports, network adapters, etc.

Windows Performance Analyzer(WPA)

The Windows Performance Analyzer (WPA) allows you to open, review, and analyze the trace files created by the WPR. The WPA presents trace content in the form of interactive graphs and summary tables.

Windows Performance Recorder(WPR)

The Windows Performance Recorder (WPR) captures resource usage in addition to detailed system and application behavior. The WPR generates Event Trace Log (ETL) files for analysis.

Common symptoms of malware on your system include:

The browser home page or default search page has changed. Excessive pop-ups or strange messages are displayed. Firewall alerts about programs trying to access the internet are displayed. System errors about corrupt or missing files are displayed. File extension associations have changed to open files with a different program. Files disappear, are renamed, or are corrupt. New icons appear on the desktop or taskbar, or new toolbars are displayed in the browser. The firewall or antivirus software is turned off, or you can't run antivirus scans. The system won't boot. The system runs very slowly. Unusual applications or services are running.

Mutual-authentication

The client authenticates to the server and then, before data is exchanged, the server authenticates back to the client.

One-way authentication

The client authenticates to the server before the server will send data back to the client.

You are trying to set up and configure Microsoft Defender Advanced Threat Protection on your network. One of the client machines is not reporting properly. You need to verify that the diagnostic data service is enabled. Which command can you run to check this?

The command to check the status of the diagnostic data service is the sc qc diagtrack command.

Owner

The creator of a file or folder who, by default, has full access.

Active Directory Domain Controllers for Client Server Model

The domain authentication database is maintained on one or more Active Directory servers, which we call domain controllers. User accounts are managed by the server, so when I log in it will authenticate through the server rather than looking for a local user account. All user accounts are stored on the domain controller. You'll need to have multiple domain controllers with redundant user account control data to provide backup servers in the case that a server goes down. Windows Domain is much easier to manage in general, settings can be changed on the server and then they are automatically applied to all hosts in the system.

IPv6 Prefix

The first 64-bits of an IPv6 address are known as the prefix. The prefix identifies the network and is the equivalent of an IPv4 subnet mask.

Which networking models can be used with the Windows operating system?

The following networking models can be used with the Windows operating system: Workgroup: computers that are physically connected to a wired or wireless network can be set up as a simple peer-to-peer network, which Microsoft refers to as a workgroup. Computers that are part of a workgroup are both workstations and servers. A workgroup is easy to set up, but can become very difficult to manage if the number of computers exceeds 10 to 15. Client-server: in a client-server network, which Microsoft refers to as a domain, computers are joined to a network domain that uses an Active Directory database to contain user accounts and network security policies.

How to assign permissions between DAC and NTFS

The general practice is to open access to files and folders by assigning all users the NTFS permissions to read, modify, read and execute, and list folder contents, and then using DAC to implement restrictive access controls. This way, there'll be no confusion about which access controls will be applied. We'll always know that DAC will be more restrictive.

Public key

The generally accessible key in a cryptographic system. It is used to encrypt data and is stored within a certificate. It cannot be used to decrypt the data.

Which of the following are true regarding Remote Assistance?

The helper cannot copy files from a user's computer. Invitations require a password and have an expiration date.

Private key

The key that is used to decrypt data in a cryptographic system. It is stored in a private certificate store and should be protected and not shared.

IPv6 Interface ID

The last 64-bits of an IPv6 address are known as the Interface ID and identify the host.

Authorization

The level of permissions that have been granted to a user who has been authenticated to a system.

Enterprise Mode

The main purpose of Enterprise Mode is to give users the ability to access older websites in a supported, safe, and secure way. Be aware that Enterprise Mode is implemented and functions slightly differently on each of Microsoft's browsers. To allow backward compatibility with older versions of IE, Windows 10 and Internet Explorer 11 include Enterprise Mode. Using Enterprise mode, websites can render page information using a modified browser configuration designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8.

What is the original version of Windows 10?

The original version of Windows is 10.0. The OS build number of the original version of Windows is 10240.

You have a Windows 10 system with several standard users. You want all standard users to be able to install devices and necessary drivers. Which of the following actions gives this permission?

The pnputil -i -a command is used to pre-stage drivers in the Driver Store. Once loaded into the Driver Store, any user can install the device without additional permissions. The Allow non-administrators to install drivers for these device setup classes group policy setting allows standard users to install drivers for the specified device classes. By default, only members of the Administrators group can install devices. In Windows 10, the Power Users group does not have additional permissions. It is used for compatibility with previous versions of Windows. Changing the User Account Control (UAC) level does not grant standard users rights to install device drivers.

Bring Your Own Device(BYOD)

The practice of having employees use their own personal mobile devices for business related tasks.

psexec \\WS1 cmd

The psexec \\WS1 cmd command can be used to open an interactive Command Prompt on the remote WS1 workstation. PsExec is a remote management application that is part of the PsTools tool component of the Windows Sysinternals Suite from Microsoft. PsExec is similar to WinRS in that you can execute programs on remote systems. It provides full interactivity for console applications. This makes the applications appear to be running locally.

You are using USMT to migrate the user profiles and the default date files from ComputerA to ComputerB. The user works with graphics, so you must also include .jpg files. Which actions should you take to specify that the migration includes all .jpg files?

The recommended solution is to create a custom XML file and use <include> statements to specify the file types to be included in the migration. USMT uses the following XML-formatted configuration files to control which data is migrated from the source computer to the destination computer: MigUser.xml contains rules for user profiles and user data based on file name extensions. MigApp.xml contains rules for migrating application settings. MigDocs.xml contains information on the location of user documents. Config.xml contains configuration information on which migration features should be excluded.

User Profile Elements 2

The second element of a user profile is a user's registry hive. The user's registry hive maintains the user's registry-based preferences and configuration. This information is stored in a file named NTUSER.DAT. It's located in the user's profile folder, but it's a hidden operating system file, so you won't see it unless you choose to show these types of files. You can find these settings in the registry in the HKEY_CURRENT_USER registry key.

Features of Desktop Analytics/ Configuration Manager integration

The service cloud-enables your existing on-premises infrastructure. Organizations can use this data and analysis to deploy and manage Windows on the organization's devices.

OneDrive Icon Meanings

The solid white cloud shows you that OneDrive is running without problems and the sync is up to date. The solid gray cloud shows you that either you're not signed in or OneDrive setup hasn't completed. The cloud icon with arrows forming a circle signifies that a sync is in progress. This includes uploading files or when OneDrive is syncing new files from the cloud to your device. The OneDrive icon with a solid red circle containing a white X indicates that a file or folder cannot be synced. The OneDrive icon with a gray circle containing two vertical lines shows you that syncing has been paused. Your files are not currently syncing. The solid blue cloud indicates that a OneDrive for business account is configured, is running without problems, and the sync is up to date. The OneDrive icon with a red no entry icon shows that your account is blocked. The OneDrive icon with a yellow triangle containing an explanation mark indicates that your account needs attention. Select the icon to see the warning message displayed in the Activity Center.

Subnet Mask

The subnet mask is a 32-bit number associated with each IPv4 address. A subnet mask identifies the network portion and, by default, the host portion of the address. This means that when the network portion of the address is identified, the remaining portion of the address identifies the host.

Traditional Deployment Method

The traditional deployment method involves the end user receiving a new device. With a new device, a user has to migrate files—or maybe even install Windows—to their brand-new system with a custom image.

transmission frequency range 802.11

The transmission frequency range specifies the upper and lower bounds of the frequency.

transmission speeds 802.11

The transmission speeds identify the maximum data rate.

OneDrive Folder Icon Meanings

The white cloud with blue borders indicates that the file or folder is only available online when you're connected to the internet--in other words, when it has not been downloaded to the local computer. Opening the file will cause the file to be downloaded to the local machine. The white cloud with blue borders and a people icon indicates that the file or folder has been shared with other people. A white circle with a green border and a green checkmark indicates that the file has been download to your local computer. A solid green circle with a white checkmark signifies files that you marked as Always keep on this device. The Padlock indicates that the file or folder has settings that prevent it from syncing. A solid red circle with a white X indicates a file or folder cannot be synced.

Windows Autopilot basic requirements

There are a few requirements for you to use Windows Autopilot. Windows Autopilot depends on certain Windows 10 capabilities, like Azure AD and Intune. In order to use Autopilot, you need to have Windows 10 Pro or Windows 10 Enterprise. Windows 10 Pro can include the Windows Pro Education edition or the Windows 10 Pro for Workstations edition. Windows 10 Enterprise can include the Windows Enterprise Education or the Enterprise Long-Term Servicing Channel edition, or LTSC edition.

UDP User Datagram Protocol

There are some upper layer applications that do not require the high level of reliability that the TCP protocol provides. These applications use the User Datagram Protocol (UDP). UDP does basically the same job as TCP. It works in conjunction with the IP protocol. Data is broken into smaller packets. Packets are labeled with the source address and the destination address. However, UDP does not insert sequence numbers. The packets are just expected to arrive in the order they were sent. UDP does not acknowledge the receipt of the packets so lost packets are not retransmitted. This has some advantages and disadvantages. The main advantage is that UDP is much faster than TCP. The main disadvantage is that packets can get lost along the way. In some cases the advantage outweighs the disadvantage. For example, if you are watching a streaming video or listening to a podcast, one or two packets lost in transmission may result in a slight glitch in the playback, but it's not significant to the overall quality.

two ways to block inherited permissions if you don't want the permissions from a parent to flow down.

There are two ways to block inherited permissions if you don't want the permissions from a parent to flow down. The first way is to make an explicit permission assignment on the file or folder for the specified user or group account. If you explicitly assign permissions to a file or folder, it'll override any inherited permissions for that same user or group. The second way to block inherited permissions is through the Advanced Security Settings. Using the Disable Inheritance button, you have two options. You can completely remove the permissions from the folder, or you can replace them with equivalent explicit permissions. These options can affect hundreds or thousands of permissions, so be careful with both of them. Deny Permissions 7:51-8:31 All the permissions we've discussed so far have been Allow permissions, meaning that they specify what the user is allowed to do with a file or folder. There's a second category of permissions called the Deny permissions. As the name implies, a Deny permission restricts access to the file or folder. A key thing to know about the Deny permission is that it'll always override an Allow permission if both have been assigned for the same folder or file for a given user. The only exception to this rule is when the Deny permission is an inherited permission from a parent folder and the Allow permission has been explicitly assigned, since explicit permissions always take precedence over inherited permission.

Standalone Model in Networking

There is no direct connection between hosts in a domain, they have to communicate over a public network like the internet.

You are helping a user who has been running Windows 10 for over a year. You notice that some features do not look the same as they do on your Windows 10 system. For example, the title bars on windows are plain white, and the Start menu is not as polished. You wonder if this user's computer has received the latest update. The user is sure that updates have been happening, but you are not sure. You open the Settings app and click System. On the About tab, you see the information shown below. How do you know this computer has not been receiving updates? (Select two.)

There is no entry for an OS Build number. There is no entry for a Windows 10 Version number.

Providers

These let you access data stores, such as the registry and certificate store, in a way similar to accessing the file system.

Quality Updates

They are mandatory They're released monthly They include bug fixes and patching.

Set the idle disconnection time

This cmdlet sets the idle disconnection time so the VPN will automatically disconnect after the app closes. Set-VpnConnection -Name $vpn -IdleDisconnectSeconds 5

Simplified Files and Print Resources

This is done by allowing files and print resources to be published on the network. Once done, a user can search the Active Directory database for the desired resource and then securely access it.

Windows Assessment and Deployment Kit (Windows ADK)

This is used for large deployments. It's used in conjunction with the Microsoft Deployment Toolkit (MDT)

Enable Boot Logging Advanced Startup Options

This mode creates a log file named Ntbtlog.txt that records each driver loaded during the boot process. If the system does not complete a regular boot, view this file to see the last driver loaded before the failure occurred. On Windows 10, every event that occurs during the boot process is logged.

Windows Fresh Start

This option also includes the Fresh Start feature, which helps you refresh your device by reinstalling and updating Windows 10. Fresh Start can be useful if your device has performance issues, if the memory is full, or if you have too many unused apps.

Startup Repair tool

This tool fixes certain system problems that might prevent Windows from starting. It can be accessed from the recovery environment or recovery drive.

Match each capability of Windows Defender Advanced Threat Protection with its description. Each capability is only used once.

Threat & Vulnerability Management uses a game-changing, risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. Microsoft Threat Experts provides proactive hunting, prioritization, and additional context and insights. Centralized Configuration and Administration lets you integrate Microsoft Defender Advanced Threat Protection into your existing workflows. Next Generation Protection further reinforces the security perimeter of your network. Configuration Score shows the collective security configuration state of your machines across application, operating system, network, accounts, and security controls.

Methods to Access Shares

To access a shared folder on the network, you can use the following options: Map a network drive in File Explorer using the UNC path to the shared folder. The syntax is \\computer_name\share_name. Browse for computers hosting shared folders by selecting Network in File Explorer's navigation pane. Use the net use command to map a drive letter to the shared folder.net use lists the current connected shared folders and drive letters.net use drive_letter UNC_path maps the specified drive letter to a shared folder. For example, net use F: \\Wrk1\share2.net use * UNC_path maps the next available drive letter to the shared folder. For example, net use * \\Wrk1\share2./persistent:yes reconnects the connection at each subsequent logon; /persistent:no makes the mapping temporary. For example,net use F: \\Wrk1\share2 >persistent:yes.net use /? or net use ? displays the help screen for the net use command.

How can you configure the laptop to start without requiring a PIN or a USB device?

To allow the computer to boot without a PIN or a startup key on a USB drive, you must use a Trusted Platform Module (TPM). If the system does not have a TPM, you must use a startup key on a USB drive.

To authenticate to a computer not in the Active Directory domain...

To authenticate to a computer not in the Active Directory domain, run the winrm set winrm/config/client @{TrustedHosts="computername"} command to add the name of the remote computer to the TrustedHosts table on the local computer.

You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and is configured to use WPA2-Personal security. SSID broadcast has been disabled. Which type of authentication method and encryption combination should you use for the strongest security possible?

To connect to the wireless network using WPA2-Personal, you need to use a pre-shared key for authentication. AES encryption is supported by WPA2 and is the strongest encryption method.

How to recover encrypted files on a different computer using one dra key

To recover a file using the data recovery agent (DRA), the DRA keys must be accessible to the local computer. You can export and import the keys or place them on a smart card to allow you to move from computer to computer to recover files. You will not be able to copy the file without having the keys of the original user or the DRA.

What are two ways you can run PowerShell cmdlets remotely?

To run PowerShell cmdlets on a remoter computer, you can do it directly from a Command Prompt by using the computername parameter in a cmdlet. You can also use invoke-command followed by the name of the remote computer you want to run the cmdlet on. Then use the PowerShell cmdlet itself within brackets. Use invoke-command followed by the name of the remote computer and then the PowerShell cmdlet within brackets. Directly from the command, use the computername parameter.

You are using the Office 365 Admin center to deploy Microsoft Office 365 to your end users. You purchased the Office 365 Business plan, which includes the following versions of Office: Office 2016 Office 2013 Office 2011 You want to limit users to just the Office 2016 version of the product. Click on the option in the Office 365 Admin center that you would use to do thi

To specify the version(s) of a software package that can be deployed to end-user devices, select Service Settings in the Office 365 Admin center and then select User Software.

Process Tracking

Tracks actions taken by applications.

Account Management

Tracks changes to user objects. These include: Created events Renamed events Disabled events Deleted events Events where the password changed

System Events

Tracks system shutdowns, starts, restarts, or events that affect security or the Security log.

Policy Change

Tracks user rights assignments, trust relationships, and audit policies.

Privilege Use

Tracks when a user utilizes an assigned privilege.

Account Logon Events

Tracks when user accounts authenticate to the system. Local accounts are authenticated on the local system and domain accounts on the domain controller.

Object Access

Tracks who accessed a file, folder, or printer Audits actions taken by certificate authority or changes to Registry settings Tracks use of advanced settings

When troubleshooting network issues, use the following steps:

Try to identify the scope of the problem. For example, find out if the problem is isolated to a single workstation or if it is impacting the entire network. Determine and verify that your network IP addresses are configured correctly. Examine your network hardware. Verify that the hardware and drivers are configured correctly. Perform communication tests to determine the source of the problem. Always work your way from the local machine out to the network. This way you are able to fix the more localized problems more quickly and efficiently.

Unique local IPV6 addresses

Unique local IPV6 addresses always starts with FC00

How to transfer certificates to another computer`

Use Cipher.exe to transfer the encryption certificates from the computer where the EFS-encrypted files originated to the computer where the EFS-encrypted files were copied.

You need to implement a solution for the sales reps who complain that they are unable to establish VPN connections when they travel because the hotel or airport firewalls block the necessary VPN ports. Which VPN security protocol can you use to resolve this issue?

Use Secure Socket Tunneling Protocol (SSTP) for the VPN protocol. SSTP uses SSL, which uses port 443. Because SSL is used by many websites for secure transactions, this port is already opened in most firewalls.`

You need to monitor the processor utilization on your Windows system. You want to get an email notification every time the processor utilization exceeds 90%, so you create a new Data Collector Set in Performance Monitor. Which type of Data Collector should you create?

Use a performance counter alert to be notified when a counter is above or below a threshold amount.

What is the first line of defense in protecting your system against applications like these from being copied or downloaded to your system?

Use anti-malware software that provides real-time protection.

Your Windows system has devices that are Personal Identity Verification (PIV) compliant. What can you do to implement a form of authentication that takes advantage of PIV?

Use smart card authentication. Smart card authentication uses the Personal Identity Verification (PIV) standard. PIV allows the use of smart cards without requiring specific vendor software. By supporting PIV, Windows obtains drivers for smart cards from Windows Update or built-in PIV-compliant minidrivers.

Driver Staging Adding and Deleting

Use the PnPUtil (PnPUtil.exe) command line utility to add or remove drivers from the driver store. Use the -e option with PnPUtil.exe to view a list of third-party drivers already in the driver store. Use the -i and -a options with PnPUtil.exe to add a driver to the driver store. Before installing a driver, Windows will confirm that the driver is not already in the driver store. If the driver is not in the driver store, Windows can search Windows Update for the driver. If the driver is not in Windows Update, Windows will send a message requesting the location of the driver. Use the -d option with PnPUtil.exe to remove drivers from the driver store.

Windows Configuration Designer (WCD)

Use the Windows Configuration Designer App to simplify deployment of Windows devices at your organization. WCD allows configuration of many aspects of Windows devices including - Active Directory or Azure Active Directory domain join, Device name, Connect to Wi-Fi, enroll into Management, and install applications.

Confirm auto-trigger settings

Use the following cmdlet to confirm auto-trigger settings. Get-VpnConnectionTrigger -Name $vpn

Setup the app trigger

Use the following cmdlet to set up the app trigger. Anything between two % signs is a variable to identify the VPN and the path to the application. Add-VpnConnectionTriggerApplication -Name %Name of VPN% -ApplicationID %Path to Application%

Remove auto-trigger from a VPN connection

Use the following command to remove an auto-trigger. Remove-VpnConnectionTriggerApplication -Name $vpn -ApplicationID $app

You updated a driver from the manufacturer's website, and now it is making you system unstable. You have decided to restore your system to a restore point. Which two options allow you access the restore points on your system

Use your installation media and run a repair. Go to System Properties and then System Protection. You can access your system restore points in two different way. If the system is stable enough, you can access the restore points through System Properties dialog and then System Protection. The second option is to use your installation media and run a repair

USMTUtils.exe

Used to verify a compressed migration file. It can also be used to recover files from a compressed USMT migration file.

Enter the name of the tool that generates an alert when a task or operation requires administrative privileges.

User Account Control

Users must use a USB security token that contains their user information and access levels to gain access to the file server. What type of Dynamic Access Control implementation component is being used?

User Claims The user access in this scenario is based on the attributes embedded in the security token. So this is a User Claims access control. User Claims are based on user attributes provided within a user security token. They include information like Department or Title.

User Configuration Policy

User Configuration Policies, on the other hand, are applied to a specific user. This means that a user's polices will still be applied regardless of which computer they use to log on to the domain.

User Configuration Settings

User Configuration policies are enforced for specific users. User Configuration policy settings include: Software that should be installed for a specific user Scripts that should run at logon or logoff Internet Explorer user settings (such as favorites and security settings) Registry settings that apply to the current user (the HKEY_CURRENT_USER subtree) User Configuration policies are initially applied as the user logs on and often customize Windows-based user preferences.

Benefits of user profiles

User profiles provide several benefits to the users. For example, when a user logs on to a computer, their profile lets them use the same settings that were in use the last time they logged off. This includes things like the display and application settings and their network connections. This also means that if a computer is shared with other users, each user can have their own customized desktop and settings.

Requirements and License To use Desktop Analytics, your environment must meet the following prerequisites [Licensing]

Users of the device need one of the following licenses: Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F1, E3, or E5) Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5) Windows Virtual Desktop Access E3 or E5

Manage Documents permission

Users with Manage Documents permission can perform all Print tasks, control job settings for all documents, and pause, resume, restart, and cancel the printing of any document.

Code signing

Uses the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed.

How are provisioning packages distributed?

Using a USB flash drive. Provisioning packages can be installed in the following ways: Using removable media such as an SD card or USB flash drive. Attached to an email and then run on the destination computer. Downloaded from a network share and then run on the destination computer. Deployed in Near Field Communication (NFC) tags or barcodes. Provisioning packages cannot be install using the following methods: Azure Active Directory Intune for Education subscriptions Microsoft 365 Business subscriptions

Features of Desktop Analytics/ Issue identification

Using aggregated market data along with data from an organization's environment, the service will predict potential issues to getting and staying current with Windows. Desktop Analytics will then suggest potential mitigations.

Wireless Authentication Methods- Shared Key

Using shared key authentication, all clients and access points are configured with the same security key (called a secret or passphrase.) Only devices with the correct shared key can connect to the wireless network. With shared key authentication, all access points and all clients use the same authentication key. Shared key authentication is commonly implemented on small wireless networks such as home or small office networks. Shared key authentication is less secure than 802.1x authentication. The key must be widely disseminated because all hosts use it. As such, there is a risk that the key could be knowingly or unknowingly be disclosed to an unauthorized user.

How do you configure your Windows 10 system to require all removable data drives to mount as read-only unless the device is protected with BitLocker To Go?

Using the Local Group Policy Editor, enable the Deny write access to removable drives not protected by BitLocker policy in Group Policy to allow write access only to removable drives that use BitLocker. This is found at: Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Bit Locker Drive Encryption > Removable Data Drives

The process for installing desktop applications in Windows 10 has four basic steps:

Verify compatibility Scan for malware Create restore points Install application

You manage a Windows system connected to a business network that uses switches and multiple subnets. One day you find that the computer is unable to connect to the internet, but it can communicate with a few other computers on the local subnet. You enter ipconfig /all in Command Prompt and see the following output:

Verify that the DHCP server is up and functional.

In-Place Preparatory Steps

Verify that your hardware is compatible Install the latest updates. If you don't, windows might stop the upgrade to prompt you to update to the latest version. You should also back up your data. It's also good to make a system image too. You should also check to see that your current apps will work on Windows 10. You should also make sure you have the installation media and licenses for all your applications. Lastly you'll need to pickup the OS installation media like a usb or a cd.

The Windows 10 Pro and Enterprise editions let you manage your printers using the Printer Management app. From the Print Management console, you can complete print management tasks (for both local and remoter printers), such as:

View all printers and print servers Add or delete printers Add or remove print servers Add, delete, and manage print drivers View and manage printer queues View and modify the status of your printers Migrate printers Deploy printers using Group Policy

Virtual Secure Mode (VSM)

Virtual Secure Mode (VSM) A Hyper-V container that isolates the lsass.exe process from the running Windows 10 machine.

Which of the following can tag processes running on the local system as belonging to a VM running within Hyper-V?

Virtual Secure Mode (VSM) is a feature in Hyper-V that provides added security to any data stored in physical RAM. VSM is able to tag processes running on the system as belonging to a virtual machine (VM) running within Hyper-V. Credential Guard uses this functionally to reallocate the LSA process and its associated data in RAM to a minimal virtual machine space that resides away from the host Windows operating system.

VBS

Virtualization-based security (VBS) is used to harden, or protect, the Local Security Authority (LSA) process running on the local workstation.

Which technology does Credential Guard use to block access to the tickets stored within the LSA?

Virtualization-based security (VBS) is used to harden, or protect, the Local Security Authority (LSA) process running on the local workstation.

WEP Wireless Standards

WEP is rarely used anymore because the shared key can be hacked with a simple hacking tool that can be downloaded from the internet. It has a weak implementation of RC4 encryption. The method requires that a short key value be manually configured on the device. This key doesn't change and can be easily captured or broken.

WPA Wireless Standards

WPA - was designed as a replacement for WEP. It uses rotating keys; a different encryption key is used for every packet sent. WPA is much stronger than WEP, although it does have some security weaknesses. WPA has two versions: WPA Personal is designed for small businesses or home networks. This standard uses Service Set Identifiers (SSID) and password authentication to create encryption keys for connected devices. WPA Enterprise is for large networks and uses an authentication server.

WPA2 Wireless Standards

WPA2 should be your standard of choice. It uses advanced encryption and is far more secure than the other options. WPA2 is the implementation name for wireless security that adheres to the 802.11i specifications and was deployed in 2005. The implementation is built upon the idea of Robust Secure Networks (RSN). WPA2: Uses Cipher Block Chaining Message Authentication Code (CBC-MAC) for data integrity applied to both the data and the header. Uses Counter Mode with CBC-MAC Protocol (CCMP). Uses Advanced Encryption Standard (AES) with a 128-bit key and a 48-bit initialization vector for encryption. It is more secure than TKIP. Supports both pre-shared key and 802.1x authentication.

Layer 2 Tunneling Protocol with Internet Protocol Security (L2TP/IPSec)

Was developed by Microsoft and Cisco in the 1990's.Is not secure by itself (L2TP), but is often paired with IPSec to make it one of the more secure VPN methods. Is slower than PPTP due to the higher encryption standards.

Secure Socket Tunneling Protocol (SSTP)

Was developed by Microsoft with the release of Windows Vista. Comes loaded and configured in all Windows version since. Is usually paired with the Advanced Encryption Standard (AES).Is only used by Windows, so is not compatible with other operating systems. SSTP uses SSL, which uses port 443. Because SSL is used by many websites for secure transactions, this port is already opened in most firewalls.

OpenVPN

Was released in 2001.Is an pen-source protocol that is extremely configurable. OpenVPN can be setup to use many different ports and encryption methods. Is used by many 3rd party VPN providers. Is extremely secure and about as fast as L2TP/IPSec when configured properly.

Local Policies/Security Policies

We also have Local Policies/Security Policies. Security Policies are used to control such things as allowing a user to install an unsigned driver or requiring control-alt-delete to be pressed in order to log on. Local Security policies pertain to security-related features such as account, password, and user rights settings.

Software Restriction Policies

We also have Software Restriction Policies. You can use Software Restriction Policies to define what software can run on any computer that's joined to the domain. These Software Restriction Policies can be applied to a specific user—or they can be applied globally to all users.

Windows Autopilot Troubleshooting Guide, Step 3: Troubleshooting Azure Steps

We also want to go through all the Azure AD setup steps to make sure that nothing was misconfigured. During setup, we see the Azure AD logon. We enter our credentials to authenticate ourselves and the device is joined. After that, the device auto-enrolls in the MDM. If problems occur during this step, we check the credentials. We might also have reached the device number limit. If we aren't using Microsoft Intune, we need to make sure the MDM is authorized in Azure AD. The final stage that we need to explore is mobile device management.

How to calculate available hosts from an IP address

We calculate the available hosts by adding the value of the places that have a 0 in them (in this case, 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1). Then we subtract 1 because of the broadcast address, which equals 254. Now, let's start adding 1s to the last octet from left to right and see what happens. add up all the 0's and subtract 1 for the broadcast address.

Registry Policies

We can also configure Registry Policies. You can use Registry Policies to configure specific registry keys and values. They can also specify whether you can read or even change a specific registry value.

Windows Autopilot Troubleshooting Guide, Step 1: Check network requirements

We'll start with the networking step. Be aware that Autopilot is a cloud-based service. You have to have network and internet access for it to work. We first check the same things we would check when troubleshooting any other network issue. Are the cables plugged in? Is Wi-Fi available? Is our default gateway reachable by other devices? Are all required ports open on the firewall? We need ports 80, 443, and 123 to be open. Can our organization reach the required Domain Name System servers, or DNS servers? We should check the latest required domain names list that Autopilot uses and make sure they're reachable. One thing to be aware of is that we must have Windows version 1703 or newer to use Autopilot. These are some simple steps that an IT technician might look at first.

Presentation mode

When Presentation mode is enabled, the computer will stay awake and turn off system notifications. The user can also specify the following options to apply: Turn off the screensaver Set the volume to a specific level Set a specific image to be the background

You have created a new folder and added the Authenticated Users group. Which basic permissions will be applied by default? (Select three.)

When a new group is added to a folder's security, the Read, Read & execute, and List folder contents permissions are enabled by default.

Active Directory based Activation (ADBA)

When available, Active Directory-based Activation (ADBA) is the preferred method of implementing volume activation services.When using ADBA activation, Windows systems connected to the domain are activated automatically during system startup. By default, an activated system remains activated for up to 180 days since the last contact with the domain. Like KMS, an activated system periodically attempts to reactivate before the 180 days has elapsed to ensure the activation doesn't expire. By default, this occurs every 7 days. 1. Any Domain Controller that is part of the forest can be used to activate a client. 2. There is no minimum threshold required. 3. When a system that was activated using ADBA is removed from the domain, it is deactivated immediately. ADBA can only activate Windows Server 2012, Windows 8.1, and newer operating systems. 4. ADBA can be used in conjunction with KMS to provide activation services for older operating systems. 5. When KMS and ADBA are used on the same network, clients try to obtain activation through ADBA first, and then try KMS second.

While deploying Windows updates, when would you use the critical update ring?

When deploying updates to machines (only after the update has been vetted).

How to share encryption permissions between computers in a homegroup

When sharing EFS-encrypted resources, each user must export their EFS keys to other computers in the HomeGroup. The local computer must have a copy of the certificate and private key that corresponds to the user account that encrypted the file. In a HomeGroup for non-domain computers, user accounts are created on each computer. Even if the user account has the same name, the accounts will be different and require the private key of the user account on the source computer to be able to read the encrypted files. You could copy the private key from Comp2 to Comp1 and then add that user as an authorized user to the file on Comp1.

Disk thrashing

When the CPU spends most of its time swapping data between the system RAM and the page file on disk.

Create files / write data

When used with folders, specifies whether a user can create files within the folder. When used with files, specifies whether a user can change files or overwrite data.

Create folders / append data

When used with folders, specifies whether a user can create folders within the folder. When used with files, specifies whether a user can make changes to the end of the file. This does not include the ability to change, delete, or overwrite existing data.

Traverse folder / execute file

When used with folders, specifies whether a user can move through folders to reach other files or folders. When used with files, specifies whether a user can run an executable.

List folder / read data

When used with folders, specifies whether a user can view file names and subfolder names within the folder. When used with files, specifies whether a user can view data in files.

Do scheduled backups make system images for every drive by default?

When you create a scheduled backup that includes a system image, only the boot and system partitions are included in the image, so the version of the file will not exist in the system image backup.

You have a Windows 10 system. You have used the Settings app to access Windows update. From this location, how long can you pause updates? business updates

When you open the Settings app and navigate to Update & Security > Windows Update, you can pause new updates for a period of 7 days.

Domain Objects

When you use the Domain Networking model, all our network resources in Active Directory are represented using the concept of objects. For example, Active Directory uses user objects, group objects, and computer objects (as well as several other types of objects that represent network resources) to define who can do what with each resource.

Configure Wi-Fi Direct

Wi-Fi Direct is fully supported by Windows 10. This standard allows Wi-Fi Direct devices to connect using 'Miracast over Infrastructure.' This means that a secure ad-hoc Wi-Fi network or a wireless access point will be used if available. This feature is ideal for phones, printers, televisions, game consoles, and cameras. It allows you to easily share information, print, or display presentations. To use this feature, you will first verify that your network adapter is compatible. To do this, you type ipconfig /all from a command prompt. If one of the network adapters includes Microsoft Wi-Fi Direct Virtual Adapter in the description, your device is compatible. If compatible, you can use the netsh.exe command-line tool to enable Wi-Fi Direct. To enable Wi-Fi Direct, type "netsh wlan set hostednetwork mode=allow ssid=Wi-Fidirect key=passphrase To start Wi-Fi Direct, type "netsh wlan start hostednetwork" To stop Wi-Fi Direct, type "netsh wlan stop hostednetwork" Once Wi-Fi Direct has been started on your computer, you can turn on the Wi-Fi Direct device. Windows 10 will detect the device and make a connection.

WPA Security

Wi-Fi Protected Access, WPA, was designed as a replacement for WEP. It uses rotating keys, where a different encryption key is used for every packet sent. This is in contrast to WEP, which uses the same key all the time. WPA is much stronger than WEP, although it still has some security weaknesses. WPA has two versions. WPA Personal is designed for small businesses or home networks. This standard uses Service Set Identifiers, SSIDs, and password authentication to create encryption keys for connected devices. WPA Enterprise is for large networks and uses an authentication server.

Windows 8.1 Pro to Windows 10 Upgrade Paths

Win 10 Home In-place upgrade possible Win 10 Pro In-place upgrade possible Win 10 Enterprise In-place upgrade possible

Windows 8.1 Basic to Windows 10 Upgrade Paths

Win 10 Home In-place upgrade possible Win 10 Pro In-place upgrade possible Win 10 Enterprise Requires clean install of Windows 10

Windows 8.1 Enterprise to Windows 10 Upgrade Paths

Win 10 Home Requires clean install of Windows 10 Win 10 Pro Requires clean install of Windows 10 Win 10 Enterprise In-place upgrade possible

WinRM quickconfig (QC)

WinRM QC is a command that loads and configures WinRM.

Windows Remote Management Service(WinRM)

WinRM is a service that allows you to execute commands on a remote computer system.

WinRS

WinRS is a command that allows you to manage and execute programs on a remote system.

Which versions of Windows must you have if you want to implement Group Policy settings for PIN complexity?

Windows 10 Education Windows 10 Enterprise

Which Windows 10 edition supports Applocker and DirectAccess?

Windows 10 Enterprise

Device users need one of the following Windows licenses to use Desktop Analytics:

Windows 10 Enterprise E3 or E5, which is included in Microsoft 365 F1, E3, or E5; Windows 10 Education A3 or A5, which is included in Microsoft 365 A3 or A5; or Windows Virtual Desktop E3 or E5.

Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) requires one of the following Microsoft volume licensing offers:

Windows 10 Enterprise E5 Windows 10 Education A5 Microsoft 365 E5 (M365 E5), which includes Windows 10 Enterprise E5 Microsoft 365 E5 Security Microsoft 365 A5 (M365 A5) None of the other versions of Windows support Microsoft Defender Advanced Threat Protection

Downgrade OS Windows 10

Windows 10 Home to Win 7 Pro/Ultimate [Yes,Yes] From Windows 10 Pro to Win 7 Pro/Ultimate [No,No] From Windows10 Enterprise to Win 7 Pro/Ultimate [No, No]

Windows Downgrades

Windows 10 can be downgraded if: It was upgraded within 10 days. You are downgrading specific editions of Windows 10.

Why are many organizations implementing co-management today?

Windows 10 devices are cloud-managed while previous versions are managed using Configuration Manager.

Wi-Fi Direct

Windows 10 uses Wi-Fi Direct services to connect Wi-Fi Direct compatible devices to one another. Such devices include phones, televisions, printers, Windows computers, and gaming devices. This method of connection is similar to Bluetooth but has a few notable differences as described below:Bluetooth 4.0 moves data at 25 Mbps whereas Wi-Fi Direct moves data at 250 Mbps.For the best performance, Wi-Fi Direct requires the use of a wireless access point. However, similar to Bluetooth, it can also operate within an ad-hoc network if needed.Wi-Fi Direct supports the WPA2 wireless security standards. It uses a key-based encryption and authentication method.Wi-Fi Direct devices can reach each other over a much longer distance than Bluetooth devices. Depending on your surroundings, Wi-Fi Direct devices can communicate more than 600 feet.

In order to implement Enterprise State Roaming, the following requirements must be satisfied:

Windows 10 version 1511 or later. Devices must be Azure AD-joined or hybrid Azure AD-joined. Enterprise State Roaming enabled in Azure AD. Azure AD Premium license or EMS license. Device restart after enabling Enterprise State Roaming. Users must sign in using an Azure AD identity.

What tools or services rely on Security Center to be active and running to function well?

Windows Action Center relies upon the Security Center service being active and running. Other networking services, such as Network Access Protection, also rely on the Security Center service being active.

Which cloud-based Microsoft tool would you use to reset, repurpose, and recover devices?

Windows Autopilot

Windows Autopilot network requirements

Windows Autopilot depends on a variety of internet-based services to function. At bare minimum, you need to make sure that the devices can resolve internet Domain Name System names, or DNS names. You also need to make sure that each host can communicate on their respective port. That's on Port 80 for HyperText Transfer Protocol, or http; on Port 443 for HyperText Transfer Protocol Secure, or https; and on Port 123 for User Datagram Protocol, or UDP, and Network Time Protocol, or NTP. You need to configure several services to allow Windows Autopilot to contact internet resources for organizations that have very restrictive access policies. A few of these are the Windows Autopilot Deployment service, Windows Activation services, Azure Active Directory, Intune, and Windows Update. These are just a few of the requirements you need to know. Be sure to refer to the latest Microsoft documentation for any additional questions you have.

Requirements for Windows Autopilot: Network requirements

Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following: Using DNS name resolution for internet DNS names Allowing access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)

Windows Autopilot device registration

Windows Autopilot device registration can be done within your organization by manually collecting the hardware identity of devices (hardware hashes) and uploading this information in a comma-separated-value (CSV) file. Capturing the hardware hash for manual registration requires booting the device into Windows 10

Windows Autopilot

Windows Autopilot is a desktop provisioning tool that is part of Windows 10 that allows IT professionals to automate image deployment of new desktops with preset configurations.

Windows Autopilot

Windows Autopilot is a technology designed to make Windows 10 device deployment easier for organizations. It allows IT professionals to configure the OOBE for Windows 10 and then provide the end user with a fully configured device with minimal effort. Autopilot has no image deployment, no driver injection, and very little infrastructure to manage. Users can go through the deployment process without any IT department intervention. The goal of Autopilot is to make the process a simple one for the device's whole lifetime. The IT department saves a lot of time this way.

You are an administrator with 550 devices to enroll into Intune. You choose to bulk enroll them. Which other software will you need to build the package necessary to bulk enroll the devices via USB or network location?

Windows Configuration Designer (WCD)

You are very concerned that employees or their applications will download sensitive data from your company's SharePoint site, network shares, and intranets using their mobile devices. Which cloud-based technology would you implement in order to encrypt that data?

Windows Information Protection (WIP)

Attempts to diagnose connection problems and present possible solutions.

Windows Network Diagnostics

PowerShell

Windows PowerShell is a command line shell scripting language you can use to manage the system.

Which remote management solution does not require additional firewall ports opened?

Windows Remote Shell (WinRS) sets up HTTP listeners on ports 80 or 443. These ports are allowed by most firewalls.

Default Domain Policy

Windows Server 2008 creates a Default Domain Policy GPO for every domain in the forest. This domain is the primary method used to set some security-related policies such as password expiration and account lockout. ... You can use account lockout to prevent successful brute force password guessing.

Local accounts can be created using:

Windows Settings App (Settings>Accounts) or Computer Management (Computer Management> [expand and use] Local Users and Groups)

Windows Update for Business

Windows Update for Business allows you to keep Windows 10 devices in your organization current with the latest security upgrades and features.

Print Permissions

Windows has three levels of permission for printers: Print, Manage Documents, and Manage this Printer. Users with Print permission can print documents, pause, resume, restart, and cancel their own documents and connect to a printer

Which of the following offers the weakest form of encryption for an 802.11 wireless network?

Wired Equivalent Privacy (WEP) has the weakest encryption for 802.11 wireless networks. WEP uses a shared key for the encryption key. This key is easily captured and broken. The only encryption worse than WEP is no encryption at all.

Encryption for 802.11 wireless networks

Wired Equivalent Privacy (WEP) has the weakest encryption for 802.11 wireless networks. WEP uses a shared key for the encryption key. This key is easily captured and broken. The only encryption worse than WEP is no encryption at all. WPA2 uses AES for encryption and offers the strongest encryption. WPA uses TKIP for encryption. WAP is an acronym for wireless access point. WAP also stands for Wireless Application Protocol, which is used with mobile devices such as PDAs and smart phones.

Modern Deployment Method

With a modern deployment method, you could use an in-place upgrade or Windows Autopilot to customize the end user's Out-of-Box Experience, or OOBE. In this lesson, we'll focus on using Autopilot.

Computer Management User Control Facts

With computer management you can: Force users to change their password at the next sign-in Restrict the user from changing their password Allow the password to never expire Disable or enable an account

Wireless Authentication Methods- Open

With open authentication, clients are required to provide a MAC address in order to connect to the wireless network. You can implement MAC address filtering to restrict access to the access point to known (or allowed) MAC addresses. Because MAC addresses are easily spoofed, this provides little practical security.

Using Computer Management to create Local Users

With this tool you are not required to use security questions. This method also gives you the ability to: Force users to change the password at the next sign in Restrict the user from changing the password Allow the password to never expire Disable/enable an account

Controller Objects (Organizational Units)

Within the Active Directory tree, users and resources can be organized using container objects. A container object does exactly what its name implies: it holds other objects. In other words, containers let you organize and hold other objects like user and computer objects, which represent a specific person or computer. In Active Directory, container objects are called organizational units, or OUs. An organizational unit subdivides and organizes network resources within the domain.

The standard six ACPI power states ranked from highest power consumption to lowest are:

Working State Modern Standby Sleep Hibernate Soft off Mechanical off

Requirements and License To use Desktop Analytics, your environment must meet the following prerequisites [Workspace and roles]

Workspace owner permissions to set up your workspace and the following roles: Desktop Analytics Administrator role. Log Analytics Contributor and User Access Administrator on the resource group to use an existing workspace or create a new workspace in an existing resource group. Owner, or Contributor and User Access Administrator permissions on the subscription to create a workspace in a new resource group.

Can create new files and folders and change existing files.

Write

In-place Upgrade and Advantages

You are upgrading to a new OS But you keep your existing accounts, data, and settings.

Windows Defender Exploit Protection settings

You can configure or verify these setting using the Windows Security app by navigating to: App & browser control > Exploit protection > Exploit protection settings > System Settings. Control flow guard (CFG) must be set to Use Off by default. If set to On by default, Windows Defender Application Guard will not launch. Randomize memory allocations (Bottom-up ASLR) must be set to Use Off by default. If set to On by default, the Vmmem process will have high CPU utilization while a Windows Defender Application Guard window is open.

Upgrading to Windows 10

You can download the upgrade tool or You can use the tool to create an installation media.

Manage File Encryption Certificate Tool

You can use it to create an EFS encryption certificate, back up your existing certificate, or set up EFS to use a smart card to add another later of security. It's more user friendly.

You need to enable Remote Registry on your Windows desktop system. Click the Task Manager option you would use to do this.

You can use the Services tab in Task Manager to start, stop, or restart system services. In this example, you would go the Services tab, right-click the Remote Registry service, and click Start.

How are IP addresses assigned?

You can't have a 0 as the last number in a host's IP address. 0 is used to identify the network. Similarly, the last octet of an IP address can't end in a 255. 255 is reserved for sending broadcast messages to all the host machines in that network segment. Every host must have a unique IP address

What do you need to have to run Windows Autopilot?

You need Windows 10, Azure Active Directory, and Microsoft Intune to use Windows Autopilot.

Windows Autopilot licensing

You need Windows 10, Azure Active Directory, and Microsoft Intune to use Windows Autopilot. If you have Windows 10 Pro version or the Windows 10 Enterprise versions, then you already have a license to use Windows Autopilot for Windows 10. You'll need a license for an MDM solution like Intune or Microsoft 365 Device Management. You'll also need a license for Azure Active Directory, either P1 or P2. You could also consider purchasing a service like Azure or Office 365, which includes Azure AD.

When piloting a deployment, which actions should you consider taking? (Select two.)

You should check all third-party encryption tools and switch to BitLocker if needed. You should test deployments with small groups. Piloting a deployment consists of rolling out devices and software to a select group of users in your organization. Often, the devices and software have not been previously run in your production environment. When piloting a deployment, consider doing the following: Testing deployments within small groups. Making sure that all production hardware, PCs, notebooks, and tablets meet the minimum specifications for Window 10. Testing all peripheral devices, such as printers and scanners. Make sure that drivers are available and are appropriately matched as well. Checking all third-party encryption tools and switching to BitLocker if needed. Testing all the different apps that your organization uses. Making sure your IT staff has all the skills and training that they need to support the organization and the Windows 10 deployment.

You install the drivers to connect your new music player to your Windows 10 computer. Immediately following the device installation, you get a bluescreen error. You reboot the computer, but it displays the same bluescreen and stops the boot process. What should you try first to get the computer to boot successfully?

You should choose Startup Repair first to fix problems that keep Windows from loading.

If you need to customize the files gathered from the standard user profile folders to be migrated, it is recommended that you edit which of the following files?

You should use the Config.xml file if you want to customize the information included in the migration. Using this strategy, you make all of your changes to the Config.xml file and leave the other migration XML files at their default values. MigApp.xml contains rules for migration application settings. MigUser.xml contains rules for user profiles and user data based on file name extensions. MigDocs.xml contains information about the location of user documents.

You are an administrator with 550 devices to enroll into Intune. You choose to bulk enroll them. Which other software will you need to build the package necessary to bulk enroll the devices via USB or network location?

You would choose Windows Configuration Designer (WCD)

Your office computer (from which you perform your day-to-day tasks) is a Windows system. You are currently signing into this computer using the account named Mary. However, this computer is also a member of the company's domain. Using the least amount of effort possible, you want to ensure that every time you connect to a shared folder on Server1, you authenticate by using an account named Admin. What should you do to accomplish this?

You would use Credential Manager to accomplish this. You can get there directly from Control Panel or from User Accounts > Manage your credentials. Use Credential Manager to save the admin credentials for the network share. Credential Manager stores account credentials for network resources such as file servers and websites. Once saved, Credential Manager uses the same credentials every time the user tries to access the network resource. Note that this may be a security risk and some company policies may not let you do this.

MDT Requirements

You'll need to install MDT, ADK, and the Windows Preinstallment Environment (WinPE) addons. These will be installed on a management system like a server or another remote computer accessible to the windows clients that will Use MDT to install their upgrades.

Media in place upgrades MDT part 2

You'll start by booting the Windows computer to its existing Windows operating system. Then you click win-r and run the LiteTouch.vbs script. This is located in the deployment share's Scripts folder. You'll be required to input the desired task sequence and the login credentials that will be used to log in to the deployment share throughout the upgrade process. Once the wizard is finished you'll see that all your users, apps, and data will still be there.

To implement Credential Guard on a Windows system, you need to make sure your hardware and software meet the following prerequisites and requirements:

Your CPU must include virtualization extensions:VT-x for Intel CPUs or AMD-V for AMD CPUsSecond Layer Address Translation (SLAT) must be enabled Support for virtualization-based security UEFI 2.3.1 or greater Secure Boot (to ensure the integrity of firmware and software running on a platform) TPM 2.0 (either discrete or firmware) Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise An Intel VT-d or an AMD-Vi input-output memory management unit (IOMMU)

Virus's have:

a replication mechanism an objective an activation method that will cause the virus to activate.

slmgr.vbs /ato

activates Windows

CIDR

count how many 1's in an IP and add it at the end. If we changed to a subnet mask of 255.255.255.128, there would be 1s in 25 places now, making the CIDR notation 192.168.1.1/25. And if we changed to a subnet mask of 255.255.255.192, there would be ones in 26 places now, making the CIDR notation 192.168.1.1/26. Classless Inter-domain Routing Notation Subnet masks are sometimes noted using a shorthand called Classless inter-domain routing, CIDR, notation. This is done by adding a backslash at the end of the IP address, followed by the number of bits used in the subnet mask. In each of the following examples, the zeros are the only bits in the IP address that can be used for the host number. The /number is the prefix size the rest of the code is used for the host

slmgr.vbs /dlv

displays detailed license information

slmgr.vbs /xpr

displays license expiration date

slmgr.vbs /dli

displays summary license information

How to run MDT

go to Start, MDT, Deployment Workbench

IP addresses

have to consist of numbers between 0 and 255 this is because each number is an 8 bit binary number.

USMT Migration Facts

https://docs.google.com/document/d/1AzpBwyNpLY5Yuhthi0nUIPPmResMg7L-G4-drzOv0Ys/edit

slmgr.vbs /ipk product_key

installs a product key

Displays all current TCP/IP network configuration values and refreshes the DHCP and DNS settings.

ipconfig

USMTUtils.exe

is used to verify a compressed migration file.

Windows Software Licensing Management utility (slmgr.vbs)

manage activation from the command line.

What are some of the resources you can look at first when troubleshooting startup issues with your PC?

msconfig Task Manager

Displays TCP/IP information for both IPv4 and IPv6 addresses.

netsh

How to run Scanstate tool

open cmd as administrator type in the the drive letter that the tool is installed on run >cd amd64 run amd64>scanstate (insert location of where you want to back up the profile, a removable drive, l, or a network share) l:\rm_profile /i:(which means include) migapp.xml /i:miguser.xml (these are the custom configuration settings.) /o (this is to override and replace the same profile that has already been migrated with the more current data.) /ui: (/ui: means user include, to specify which profile you want to migrate) "Rachel McGaffey" ue:/* (you have to put which user you want to include with ui, and which ones you want to exclude with ue. users exclude) ... run amd64>scanstate l:\rm_profile /i: migapp.xml /i:miguser.xml /ui:"Rachel McGaffey" ue:/* ... (finished product) click enter take the usb to the target computer, open cmd, and run Loadstate. c:\USMT\amd64>loadstate c:\usmt\rm_profile /i:migapp.xml /i:miguser.xml /ui:"Rachel McGaffey" /ue:* /lac:P@ssw0rd /lae ( /lac: ) is used to create the user account. after that you input the password, which is required: P@ssw0rd ( /lae: ) is used to enable this user account.

Verifies IP connectivity between two nodes in a network by sending ICMP packets and measuring response time in milliseconds.

ping

ScanState.exe

scans and collects the user profiles, data, and settings as specified in the XML configuration files.

Tests connectivity between two devices and displays the path between them.

tracert

The PowerShell command line interface (CLI) uses simple command construction. What is the typical form of a PowerShell command?

verb-noun -adverb

To enable remote management on a Windows workstation, you can use one of the following commands:

winrm quickconfig Set-WSManQuickConfig (PowerShell cmdlet) Enable-PSRemoting (PowerShell cmdlet)