You work as an IT Security analyst in a Microsoft - based company. Your boss wan

Question

You work as an IT Security analyst in a Microsoft - based company. Your boss wants you to manage the network and system security by diagnosing the Windows systems and applications of the company. This is critical for ensuring all networks and systems have adequate security to prevent unauthorized access. By using Sysinternals utility, you can do the following: Gather key information about the local or remote Windows Determine who is logged in to the system (and remote access users, if applicable) List current and recent connections Determine open ports List applications associated with open ports Enumerate Windows File and Folder access Validate System access Validate System Files Improve Performance and Identify Malware Manage, Monitor, and Kill Windows Processes Document all the command lines use to conduct each steps (1 - 10) stated above. Record and capture all outputs.

Explanation / Answer

1. Just copy PsInfo onto your executable path, and type "psinfo". 2. NET SESSION | FIND /C "\" Remotely, with the help of SysInternals' PSTools: PSEXEC \servername NET SESSION | FIND /C "\" 3. netstat 4. netstat -an |find /i "listening" > c:'openports.txt 5. netstat -anobv 6. You can use Powershell and the get-acl command PS C:> Get-Acl Directory: Path Owner Access ---- ----- ------ C: NT SERVICETrustedInstaller Everyone Allow FullControl Use it in conjunction with get-childitem (aliased with dir) to get the permissions for the files. PS C:> Get-ChildItem | Get-Acl Or, using the alias: PS C:> Dir | Get-Ac 7. At the command prompt, type ipconfig /all and press Enter. 8. sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x] 9.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.