Windows & Endpoints
What Windows command shows IP address, subnet mask, and gateway?
ipconfig /all
What’s the impact of enabling security defaults in Azure AD, and when should you not use them?
Forces MFA and disables legacy auth; not ideal in environments with conditional access policies already defined.
Why might a VPN-connected device resolve internal hostnames but fail to access them?
Likely a routing or split-tunnel misconfiguration; DNS resolves, but traffic doesn’t route back to internal network.
What’s the best first step after detecting malware on a user’s machine?
Isolate the system from the network
A client says their shared mailbox isn’t receiving emails. What’s your first check?
Check if the mailbox is full or if forwarding/rules are misconfigured
A user says their PC is running slow. Name the tool to check resources utilization
Task Manager
Which M365 feature helps enforce sign-in from trusted devices only?
Conditional Access
A user has a valid IP but no internet. DNS works for some sites but not others. What’s your next step?
Flush DNS cache or test with nslookup
Why is allowing legacy authentication (IMAP, POP3, SMTP) considered a security risk in Microsoft 365?
These protocols bypass MFA and are often exploited in credential-stuffing attacks
A remote user can connect to VPN but can’t access internal apps. What’s likely wrong?
Split tunneling or missing internal DNS routes
What log would you check in Event Viewer for application crashes?
Application Log
What’s the difference between Exchange Online Plan 1 and Plan 2?
Plan 2 includes eDiscovery and mailboxes up to 100 GB
What does SFTP stand for and what port does it use?
TCP 22
What tool helps enforce secure password policies on AD-joined machines?
GPO
Your antivirus alerts on a legitimate file. What’s the best next step?
Submit to the vendor for reclassification or create an exception (if policy allows)
What Windows tool helps isolate startup services and drivers for troubleshooting?
msconfig or System Configuration
What Microsoft service provides auditing of file and login events?
Microsoft Purview / Audit Log Search
What’s the quickest way to test for open ports between two machines? Or a machine and a hosted service?
Use telnet or Test-NetConnection
Which security setting helps protect users from phishing and malicious downloads in Edge or Chrome?
SmartScreen or Safe Browsing
A onprem user’s account is locked out every day around 10 AM. What’s your investigation plan?
Check AD logs and cached credentials on other devices/services (e.g., old phone syncing)
Why might disabling SMBv1 on legacy systems break access to network shares?
Older systems or devices (e.g., scanners, NAS units) may still use SMBv1 and don’t support newer SMB versions.
A client wants automatic retention on Teams messages. What service handles that?
Microsoft 365 Compliance Center – Retention Policies
A client’s site-to-site VPN drops every few hours. What logs or metrics would you review first?
Check firewall VPN logs for Phase 1/2 negotiation timeouts, WAN IP changes, or upstream ISP stability.
What’s one major benefit of Defender for Endpoint P2 over P1?
Threat & vulnerability management and automated investigation as well as "Timeline"
A client server was hit with ransomware over the weekend. Files are encrypted, and a ransom note was found. What do you do?
Disconnect affected systems from the network, assess scope, check backups, notify client stakeholders, and begin incident response steps