Basic principle of security stating that unless something has explicitly been granted access, it should be denied access. 

Cross-platform command tool for testing IP packet transmission.

One of the default Windows group accounts. Its use is deprecated, but it is still included with Windows to support legacy applications.

Windows firewall configuration that makes a host visible to network browsers. 

Windows feature for indicating that network data transfer is billable and for setting warnings and caps to avoid unexpected charges from the provider.

Basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

Windows utility for measuring latency and packet loss across an internetwork. 

Windows feature designed to mitigate abuse of administrative accounts by requiring explicit consent to use privileges. 

Windows firewall configuration that opens the network ports required to operate as a file/print server.

USB storage key or smart card with cryptographic module that can hold authenticating encryption keys securely.

User account that can be authenticated again and allocated permissions for the computer that hosts the account only.

Cross-platform command tool for querying DNS resource records.

Authentication scheme that requires the uses to present at least two different factors as credentials.

Windows mechanism for navigating shared network folders by assigning them with drive letters.

Which command produces the output shown in this screenshot? 

Access control feature that allows permissions to be allocated to multiple users more efficiently.

Diagnostic utilities that trace the route taken by a packet as it "hops" to the destination host on a remote network. Tracert is the Windows implementation, while traceroute runs on Linux.

Authentication mechanism that uses a separate channel to authorize a sign-on attempt or to transmit an additional credential. This can use a registered email account or a contact phone number for an SMS or voice call. 

ACL that mediates local and network access to a file system object under Windows when the volume is formatted with NTFS.

Privileged user account that has been granted memberships of the Administrators security group. There is also an account named Administrator, but this is usually disabled by default.

A DHCP server has been reconfigured to use a new network address scheme following a network problem. What command is used to refresh the IP configuration on Windows client workstations?

Either an additional code to use for 2-step verification, such as a one-time password, or authorization data that can be presented as evidence of authentication in an SSO system.

File system access-control-concept where child objects are automatically assigned the same permissions as their parent object.

Default local or network folder for users to save data files to.